RSA Conference 2024 | Peter McKay & Danny Allan | Snyk

Clips
News
More from RSA Conference 2024

Peter McKay

CEO

Snyk

Danny Allan

CTO

Snyk

Three insights you might have missed from theCUBE’s coverage of the RSA Conference

In the 12 months since security practitioners gathered in San Francisco for the 2023 annual RSA Conference, the view of artificial intelligence has expanded. Where AI was once either bad for business or good for improving protection, it has now become a whole new challenge that will require a novel approach.This was one of the key themes to emerge from four days of coverage as theCUBE, SiliconANGLE Media’s livestreaming studio, interviewed industry executives, government officials and analysts to hear the most recent insights into the future direction of cybersecurity

RSA Conference 2024 goes beyond AI-powered security to securing AI itself

The past week’s RSA Conference 2024 was crowded, buzzy, vibrant and chaotic, underscoring the very nature of the cybersecurity industry.This market has a kind of self-propelling energy with a dynamic that blends tons of money, an ever-present and capable adversary, technical innovation, public policy, geopolitics and a smashing together of the digital and physical worlds. Despite a logical need to consolidate tooling and simplify, organizations find themselves constantly searching for answers to new problems that they face every day, week, month and year

Dissecting the AI-driven tectonic shift in modern cybersecurity

Enterprise cybersecurity is a game of constant learning, correction and improvement — there is no final level. Artificial intelligence has added a new layer to the cybersecurity conundrum, as attackers lean on it to advance new tactics at scale.How is AI changing the game from the developer and security team standpoints?“I think 95% of developers are using gen AI, whether it Copilot or Gemini or whatever generative AI solution is out there,” said Peter McKay (pictured, left), chief executive officer of Snyk Ltd. “I think developers are using it more than ever. When you think about how our business evolved over the years, it was this incredible productivity by developers

play_circle_outline Importance of embedding security into the software development lifecycle.

play_circle_outline Overview of Snyk's M&A activities and acquisitions.

play_circle_outline Discussion on the importance of posture management and addressing security issues.

play_circle_outline Balancing LLM Futures: Exploring Commoditization, Innovation, and Impact on AI Company Valuations

Info

Peter McKay & Danny Allan | Snyk

Peter McKay

CEO Snyk

Danny Allan

CTO Snyk

search

>> Welcome back to Moscone West. I'm Dave Vellante and you're watching theCUBE's continuous coverage of RSA 2024. We're here at Broadcast Alley. We're excited that Peter McKay back in theCUBE, CEO of Snyk and Danny Allan, newly minted CTO. Wow. It's not like we haven't seen you in theCUBE before, but welcome back in this new role. Congratulations on a great hire and good to see you guys.

Peter McKay

>> It's good to be here, Dave, and it's always good to be partnering with Danny again. It just took me a little while to get him, but it's good to have him.

>> So it's good to be in this space. It's like the gift that keeps on giving. It seems like no matter how much we spend on cyber, the bad guys just get better and better, and better. But RSA is the place to be, isn't it?

Peter McKay

>> It is.

>> I mean, wow. What

Peter McKay

>> an event.It always keeps... Every year it levels up, again. Now it's all about AI, generative AI, and so it's never dull around RSA.

>> I think we're probably back to where we were at pre-COVID levels, maybe even above that. Of course, you know a little bit about security because data protection used to be this adjacency, and now they become a fundamental part of it. So you learned that. What informed you to make you decide, other than the fact that this guy was one of your guys?

Peter McKay

>> Calling him every week.

>> But what was it about Snyk and the opportunity that lured you back to this world?

Danny Allan

>> Two things. I actually started in application security. I don't know if you knew that.

>> Right. I didn't know that. I spent a decade doing application security and it was super interesting. But what has lured me back is beyond the leadership team, which is absolutely fantastic, is artificial intelligence. We're actually at a place now where we can use AI and ML techniques to address security in ways that it's never been addressed before in the past.So you've been using AI before ChatGPT. So what's changed since the AI heard around the world?

Peter McKay

>> Well, I think a lot of companies have been leveraging. I mean, there's like 95% of developers are using GenAI, whether it Copilot or Gemini or whatever generative AI solution is out there. So I think developers are using it more than ever. When you think about how our business evolved over the years, it was this incredible productivity by developers. And now they're even more productive with using generative AI tools. We're just making sure that the security teams can keep up. So I think that's what's happening. It's a huge development boost to developers and developer productivity. You just need to make sure it's secure.

>> Well, the thing is, the cloud became the first line of defense. Okay. Now you've got infrastructure as code. Now you say, "Okay, developer, we want you to deploy the infrastructure greatest, nice and easy. But we also want you to secure it."Yes.

>> And

Danny Allan

>> now we throw AI into the mix, or new AI into the mix. Now you got to worry about that. That's not really what they want to do. They want to write code and deliver business value. Now all of a, they're being asked to do all this other stuff, which is not necessarily in their wheelhouse. So was that the founding premise of Snyk? Actually, it probably wasn't the founding premise, but the market just sort of came to you.

Peter McKay

>> Well, we started with... I mean, as Danny said, a lot of us came from application security where it was security tools for security people. And I think the reality is that the only way to truly solve application security is by shifting it left or moving it earlier in that software development life cycle. And so you don't want developers to slow down and you don't expect developers to be security experts. So you need to embed security in behind the scenes, allowing developers to continue to develop fast. Don't slow them down, but build security in or decentralize it into the workflows from the IDE all the way through to make sure that developers can continue to develop code as quickly as they can, but they got to do it in a secure way. And the risks have never been greater to do that.

>> So you know a little bit about M&A. So you, guys, let's talk about what Snyk has done in M&A. You guys have made a number of moves there. As an outsider, how did you evaluate that? And then now let's talk about where are you guys going from here?

Danny Allan

>> Well, they've made incredible acquisitions over... Since 2019, I believe, nine different acquisitions that have occurred.

>> And some that stood out, Helios.

Peter McKay

>> Enso.Enso, DeepCode.

Danny Allan

>> DeepCode is probably one of the most significant ones. DeepCode was interesting because it brought them into the SaaS static application security testing in a very meaningful way. We're talking about AI at this conference. They were actually doing AI before AI was a thing. If you look at the way they do static application security testing, they're using symbolic regression testing to find the vulnerabilities within the code. And we continue to iterate on that. But if you look at some of those other acquisitions that we've made, it's all about acquiring talent to help us build in very specific areas. Helios was all about understanding the runtime. Enso was all about understanding prioritization. And so it's really helped us to accelerate the development at Snyk.

>> What is symbolic regression testing? How is it different from regression testing?

Danny Allan

>> It's essentially looking at the signals, many, many different data sets on top of one another to find out what are the symbols that represent a change in the code. And you can actually tell just simply by looking at that, whether there's a vulnerability in the code itself.

>> A human could do that, but now you're doing it at scale.

Danny Allan

>> Yes.

>> What about, you guys got news, AppRisk

Peter McKay

>> Pro?Apprisk Pro.

>> What is that all about?

Peter McKay

>> That's the newest product. It was a combination of, as Danny said, Helios acquisition, Enso pieces. So it's a build and integrating into some of these acquisitions that allow us to take a... It's kind of been the holy grail of application security is a holistic view of all the data that goes into an application. So you can take a 360 degree view of the application. All the feeds from all the things that we do, open source code, runtime information, observability information, and get a complete view of that application all the way down to what developers built, what, what did they do, how it all came together, prioritize those issues, and then auto-remediate those issues. So it's really the culmination of all the things that we've been doing for nine years, but bringing it all together in a more of a developer-first application, security, posture management, which is what the market has been asking for, for a long time.

>> So help me understand this, because you guys have been at this a while. Posture management has been around, but it was really the customer's responsibility to do posture management. It really wasn't like the industry had a lot of solutions, and all of a sudden posture management has become this category that's exploded, not just because Gartner kind of...

Peter McKay

>> No, not just because of Gartner.

>> They created an acronym. What has transpired to enable that is to solutionize, softwareize that business?

Danny Allan

>> Well, there's lots of different types of posture management, whether it be data or SaaS or network. All of cloud security, posture management. But I actually think it perpetuates a problem, which is now you know about the issue. You've identified the issue and you know about the issue, but what do you actually do about it? So our focus at Snyk is actually great. We understand the application, we know where all the issues are, but we want to take you back to actually addressing the issue. So it's not enough to know about the configuration and that you have vulnerabilities. It's how do I actually solve that particular issue? Because knowledge is great, but even better than that is solving the problem.

Peter McKay

>> And that's been the bane of application security. I have thousands of issues. How can I fix all of these? And so the prioritization in the auto remediation is a critical part. How do you allow developers to continue to develop fast, but build into those security automation to the actual fixing of the issues? And that's what we focus on.

>> What are you seeing? Not to bring up super cloud, but I'll bring up super cloud, multi-cloud? It's clearly in our surveys that we do. It's showing that that's a big area of contention, concern, focus for organizations. What's your play there? What are you seeing in terms of folks adopting cloud, multi cloud? How is AI, gen AI changing that and what role do you guys play?

Danny Allan

>> Well, we're agnostic, right? So whether you have some things in one cloud, some in another cloud, some on premises, every organization has dozens of languages. They have multiple repositories for their code. They have many, many different practices. And what Snyk brings, of course, is the ability to bring that all together so that you can prioritize across the full solution set.

>> And you got expanded relationship with Google that our data really interesting shows Google's distant third in adoption in cloud, but it's closing the gap with AWS in terms of AI, percentage of customers. Very rapidly, actually. I'm sure Google Cloud next was pretty impressive what they're doing. AWS is very impressive. AI as well.

Peter McKay

>> They're

>> a machine.Of course, we know the story with Microsoft. It's like an amazing judo move on the industry.

Peter McKay

>> Oh, yes.

>> But talk about the Google relationship.

Peter McKay

>> You announced it.

Danny Allan

>> Well, yeah. So there's a couple different things. So we're embedded within the IDE. So if a developer wants to know about, "Hey, what's secrets configuration and management." Well, actually there's a chatbot built into the IDE so that they can learn about it. One step further, though, we can actually analyze the code in real time as they're writing code. We can say, "Here's an issue and here's the suggested fix for that." And so we're both educating. We're fixing, we're remediating directly within the Code Assist product from Gemini.

>> It's sick. What's happening with LLMs, isn't it?

Peter McKay

>> I mean, the pace is unbelievable.

>> You play around with Llama 3. Actually, when you start editing, for instance, the images, it generates an image. You say you start to edit, tell you what you want, and as you're typing, it's like looking ahead and changing the image in real time. And you're like, "How does it do that? So how does it do that?" So I guess my question for you as a technologist is weigh in the whole LLM leapfrogging, ping ponging. Every day we turn around, there's new LLMs. You got the issue of proprietary LLMs versus open LLMs. Of course, we all love open source, but when you read the fine print on open source, some of the terms are a little bit restrictive. As a technologist, how do you think about all this?

Danny Allan

>> Well, we have deep experience with LLMs and machine learning, and we have for a very long time. In fact, people don't realize this, but the DeepCode product was based on an LLM. We created the rules within that product using machine learning techniques. When we started doing fixes, for example, we started with a T5 model. We switched to a StarCoder model. And actually when we tested our fixes now on GPT-4, which has almost 1.8 trillion parameters, we're 20% more accurate than GPT-4. Now, why is that? Because Snyk has been deep into machine learning and AI since well before it became an industry buzzword.

>> How do you feel about the open source versus proprietary people saying, "Well, ultimately open source is going to swamp them. I don't know. Sometimes those things take time. We've certainly seen the innovation on open source. Do you have any thoughts on that?"I

Peter McKay

>> think we've always been agnostic on clouds, infrastructure, software languages. We're just going to watch it and we're going to secure it, right? Because every company is going to have a mixed bag. There needs to be an agnostic security solution for all those tools that are out there, all those gen AI solutions. And that's what we're focused on, is just making sure we work with all of them because the biggest companies in the world, all the way to the smallest companies will have a mixed bag. They've always done that. And so for us, it's how do we secure all those? I mean, the more gen AI they use, the more code you produce, the more risk you're going to have. And we just need to make sure we're securing that.

>> LLM diversity is probably a good thing-

Peter McKay

>> It is....

>> at Snyk. What you guys, if you had to bet... We're all betting people. If you had a bet on the big debate is commoditization or differentiation over time. I'll let you guys answer. I'll tell you where I weigh in afterwards. What do you think?

Danny Allan

>> Commercialization of the LLMs?

>> Commoditization of the LLMs, "Oh, these things will just be a commodity." Not that they'll be one to rule them all versus the innovation engine is going to keep going.

Danny Allan

>> The innovation engine is definitely going to keep going. It's not going to slow down at all. I think you're going to see edge niche cases where you need to use a specific type of LLM for a specific type of issue. That's not going away.

>> I will weigh in. I think it's going to be a game of mass customization at scale, and that is where the differentiation is going to live across. Maybe it's a long tail, but I think there's plenty of room for innovation in this. There seems to be no shortage of CapEx going into this thing.

Danny Allan

>> No. And valuations are crazy.

>> You think so? You think they're crazy? You think Snyk is overvalued?

Peter McKay

>> No. I think the AI companies, I think we're properly valued. But a lot of the AI companies are... I mean, it's what you would expect in the industry. I mean, it's a very hot topic. I mean, every company here is talking about some way, shape or form. They're leveraging AI. It's the right time in the market for this to be compelling, just because of the gains you could internally or within your products. There's a lot you can benefit from.

>> Past is not prologue, but we've seen these waves before and there's certainly many patterns in this wave that are similar to dot com and many that are different. One of the things we put out on Twitter the other day... We did a Twitter poll. I don't know if you know Dave Ittycheria, CEO of Mongo. He and I were riffing last week. And so he gave me the idea. So you remember, Cisco was the most valuable company in the world in like 1999, 2000. So now NVIDIA, not the most valuable company in the world, but they're the poster child for high value companies. Is NVIDIA, Cisco or is NVIDIA, Google? That was the question we put out there.

Peter McKay

>> What was the result?

>> Well, the poll is leaning toward Google, but mixed. But I think the general consensus is somewhere in between. Crawford Del Prete weighed in. You know Crawford from COO of IDC, president should be called CEO. Just give the guy the promotion for crying out loud. He weighed in saying, "I think it's the combination. NVIDIA is the equivalent of the Wintel duopoly." Actually, Fury and I were riffing on the podcast the other day. I said, "What about Apple?" Because hardware and software together,.That's another analogy. I don't know. We don't know the answers to these things.

Peter McKay

>> We don't know.I

>> personally think NVIDIA has got quite a moat. I think if it's overvalued or undervalued. But I think I agree with you a long runway. But to me where the real value, and this came up at Mongo last week in talking to developers, it's really the applications that are ultimately where the value leverage gets hit. And it's the end customer that creates probably more value collectively than any one IT company or technology company.

Peter McKay

>> I think you're right.

>> Right? And so you're supporting those developers, you're supporting that sort of development.And

Peter McKay

>> whatever they choose, whatever tools they use, and just make sure you don't slow them down, but be secure at the same time.

Danny Allan

>> Yeah. We think about AI actually in two different ways. One is supporting those companies. So we actually have security tests for 30 different LLMs right now. So our customers are building LLM augmented or LLM native applications, but we also AI-generated code. So we think about that new modern application and we can secure them. But then of course we use AI within our product to help them secure their AI applications.

>> IPO in the future. What are you guys saying? What can you tell us?

Peter McKay

>> Who knows? I mean, we've always viewed ourselves as becoming a public company at some point in time. We raised some money over the past year. We still haven't spent the last two rounds that we raised. So we're pretty close to break even. We'll pick the time. It's good to see Rubrik and a couple others coming out. It looks like there's a nice backlog of building for IPOs and I think we'll pick it when it's right for us.

>> There's a lot of discussion about staying maybe private for longer versus the benefits of being a public company. You see both sides. You saw Cloudera almost waited too long. They didn't have the great business model. Do you feel like if you've got the right business model... Rubrik was interesting. Good for them getting out, but they got some work to do in terms of the numbers. But if you've got the right business model and you can pretty much predict to the best of your ability that you're going to at least maybe be beaten raised, do you feel like there are real advantages to being a public company or do you feel like it's too much of a hassle these days?

Peter McKay

>> I think it's an advantage at the right time for the right company, growing company, break even profitability. I think it's important in the mix today. You look at our customers. 60 plus percent of our customers are enterprise customers who want to know that you're a public viable company that has... In the whole IPO, the branding associated with being a public company I think is something that's important for our customers and prospects in the market around the globe. And so we do see that being an inevitability at the right time.

>> Is there a new benchmark on you got to be a billion dollar company or is it more situational? If you're a half a billion dollar revenue company, you can actually go public if you've got the right metrics.

Peter McKay

>> I think if you have a differentiated story, I mean, the metrics got to be solid, right? You've got to have the growth. You've got to have the path to profitability or profitable. You've got to have a good customer base with differentiated defensible IP. And those are all the things that we've been kind of operating that way for the past couple of years. We feel as though from the predictability of our business, we've been there. We've been operating as if we were a public company. So we're going to just wait and see. See what the market bears.

>> Excited to see that S1. Can't wait to dig in. What can you tell us about Lacework. Of course, a lot of chatter in the marketplace.

Peter McKay

>> Yeah, I mean there's a lot of rumors, right? I think in this market, there's so many companies up for sale, other companies that are trying to be bought. Nothing surprises me. It's a rumor, so you can't comment on rumors, but I think you never know in this market.

>> So we can't talk Patriots because

Peter McKay

>> we have in the past.Yes, we can't.

>> There's just nothing to talk.It's not as good.But luckily we're from Boston.

Peter McKay

>> Yes.

>> So we got Bruins.

Peter McKay

>> And Celtics.

>> They snuck through. I was going to-

Peter McKay

>> That was a Snyk through.

>> Throw something through my TV if they didn't win that game. And we got the Celtics. So what do you think? Bruins showed some weakness during that

Peter McKay

>> last series?They did. Yeah. I mean, right now you got to go with the Celtics because they've got the hot hands and they've just been dominant. And this is their year. But don't count the Bruins out. I mean, they got past a tough Toronto team. This is the big one. Florida knocked them out last year.

>> I know. We hate Florida.

Peter McKay

>> We hate Florida.

>> Now as a Canadian...

Peter McKay

>> But he's a Bostonian. You

>> can't say anything.You know a little bit about hockey, but where are your loyalties now? Who's your team?

Danny Allan

>> So I lived in Ottawa for eight years and I'm a long-suffering Ottawa Sens fan. However, I've been rooting for the Bruins. I've lived in Boston for 22

Peter McKay

>> years.Because Ottawa is a great city.It is a great city.

Danny Allan

>> They deserve to win. That drive by Pasternak at the end they deserve that goal. I

Peter McKay

>> know that set it up. But it was hustle. I mean, that is scrappy.

>> Very much so.

Peter McKay

>> That's

>> Bruins hockey.All right. Hey, there's nothing better than playoff hockey. Guys, thanks so much for coming back,

Peter McKay

>> Peter.Thanks, David. Great to see you.

>> Danny, good luck with everything.

Danny Allan

>> Thank you.

>> Can't wait to see you guys next time here. Keep it right there. We'll be back right after this short break from RSA 2024. You're watching theCUBE.

Peter McKay & Danny Allan | Snyk

search

>> Welcome back to Moscone West. I'm Dave Vellante and you're watching theCUBE's continuous coverage of RSA 2024. We're here at Broadcast Alley. We're excited that Peter McKay back in theCUBE, CEO of Snyk and Danny Allan, newly minted CTO. Wow. It's not like we haven't seen you in theCUBE before, but welcome back in this new role. Congratulations on a great hire and good to see you guys.

Peter McKay

>> It's good to be here, Dave, and it's always good to be partnering with Danny again. It just took me a little while to get him, but it's good to have him.

>> So it's good to be in this space. It's like the gift that keeps on giving. It seems like no matter how much we spend on cyber, the bad guys just get better and better, and better. But RSA is the place to be, isn't it?

Peter McKay

>> It is.

>> I mean, wow. What

Peter McKay

>> an event.It always keeps... Every year it levels up, again. Now it's all about AI, generative AI, and so it's never dull around RSA.

>> I think we're probably back to where we were at pre-COVID levels, maybe even above that. Of course, you know a little bit about security because data protection used to be this adjacency, and now they become a fundamental part of it. So you learned that. What informed you to make you decide, other than the fact that this guy was one of your guys?

Peter McKay

>> Calling him every week.

>> But what was it about Snyk and the opportunity that lured you back to this world?

Danny Allan

>> Two things. I actually started in application security. I don't know if you knew that.

>> Right. I didn't know that. I spent a decade doing application security and it was super interesting. But what has lured me back is beyond the leadership team, which is absolutely fantastic, is artificial intelligence. We're actually at a place now where we can use AI and ML techniques to address security in ways that it's never been addressed before in the past.So you've been using AI before ChatGPT. So what's changed since the AI heard around the world?

Peter McKay

>> Well, I think a lot of companies have been leveraging. I mean, there's like 95% of developers are using GenAI, whether it Copilot or Gemini or whatever generative AI solution is out there. So I think developers are using it more than ever. When you think about how our business evolved over the years, it was this incredible productivity by developers. And now they're even more productive with using generative AI tools. We're just making sure that the security teams can keep up. So I think that's what's happening. It's a huge development boost to developers and developer productivity. You just need to make sure it's secure.

>> Well, the thing is, the cloud became the first line of defense. Okay. Now you've got infrastructure as code. Now you say, "Okay, developer, we want you to deploy the infrastructure greatest, nice and easy. But we also want you to secure it."Yes.

>> And

Danny Allan

>> now we throw AI into the mix, or new AI into the mix. Now you got to worry about that. That's not really what they want to do. They want to write code and deliver business value. Now all of a, they're being asked to do all this other stuff, which is not necessarily in their wheelhouse. So was that the founding premise of Snyk? Actually, it probably wasn't the founding premise, but the market just sort of came to you.

Peter McKay

>> Well, we started with... I mean, as Danny said, a lot of us came from application security where it was security tools for security people. And I think the reality is that the only way to truly solve application security is by shifting it left or moving it earlier in that software development life cycle. And so you don't want developers to slow down and you don't expect developers to be security experts. So you need to embed security in behind the scenes, allowing developers to continue to develop fast. Don't slow them down, but build security in or decentralize it into the workflows from the IDE all the way through to make sure that developers can continue to develop code as quickly as they can, but they got to do it in a secure way. And the risks have never been greater to do that.

>> So you know a little bit about M&A. So you, guys, let's talk about what Snyk has done in M&A. You guys have made a number of moves there. As an outsider, how did you evaluate that? And then now let's talk about where are you guys going from here?

Danny Allan

>> Well, they've made incredible acquisitions over... Since 2019, I believe, nine different acquisitions that have occurred.

>> And some that stood out, Helios.

Peter McKay

>> Enso.Enso, DeepCode.

Danny Allan

>> DeepCode is probably one of the most significant ones. DeepCode was interesting because it brought them into the SaaS static application security testing in a very meaningful way. We're talking about AI at this conference. They were actually doing AI before AI was a thing. If you look at the way they do static application security testing, they're using symbolic regression testing to find the vulnerabilities within the code. And we continue to iterate on that. But if you look at some of those other acquisitions that we've made, it's all about acquiring talent to help us build in very specific areas. Helios was all about understanding the runtime. Enso was all about understanding prioritization. And so it's really helped us to accelerate the development at Snyk.

>> What is symbolic regression testing? How is it different from regression testing?

Danny Allan

>> It's essentially looking at the signals, many, many different data sets on top of one another to find out what are the symbols that represent a change in the code. And you can actually tell just simply by looking at that, whether there's a vulnerability in the code itself.

>> A human could do that, but now you're doing it at scale.

Danny Allan

>> Yes.

>> What about, you guys got news, AppRisk

Peter McKay

>> Pro?Apprisk Pro.

>> What is that all about?

Peter McKay

>> That's the newest product. It was a combination of, as Danny said, Helios acquisition, Enso pieces. So it's a build and integrating into some of these acquisitions that allow us to take a... It's kind of been the holy grail of application security is a holistic view of all the data that goes into an application. So you can take a 360 degree view of the application. All the feeds from all the things that we do, open source code, runtime information, observability information, and get a complete view of that application all the way down to what developers built, what, what did they do, how it all came together, prioritize those issues, and then auto-remediate those issues. So it's really the culmination of all the things that we've been doing for nine years, but bringing it all together in a more of a developer-first application, security, posture management, which is what the market has been asking for, for a long time.

>> So help me understand this, because you guys have been at this a while. Posture management has been around, but it was really the customer's responsibility to do posture management. It really wasn't like the industry had a lot of solutions, and all of a sudden posture management has become this category that's exploded, not just because Gartner kind of...

Peter McKay

>> No, not just because of Gartner.

>> They created an acronym. What has transpired to enable that is to solutionize, softwareize that business?

Danny Allan

>> Well, there's lots of different types of posture management, whether it be data or SaaS or network. All of cloud security, posture management. But I actually think it perpetuates a problem, which is now you know about the issue. You've identified the issue and you know about the issue, but what do you actually do about it? So our focus at Snyk is actually great. We understand the application, we know where all the issues are, but we want to take you back to actually addressing the issue. So it's not enough to know about the configuration and that you have vulnerabilities. It's how do I actually solve that particular issue? Because knowledge is great, but even better than that is solving the problem.

Peter McKay

>> And that's been the bane of application security. I have thousands of issues. How can I fix all of these? And so the prioritization in the auto remediation is a critical part. How do you allow developers to continue to develop fast, but build into those security automation to the actual fixing of the issues? And that's what we focus on.

>> What are you seeing? Not to bring up super cloud, but I'll bring up super cloud, multi-cloud? It's clearly in our surveys that we do. It's showing that that's a big area of contention, concern, focus for organizations. What's your play there? What are you seeing in terms of folks adopting cloud, multi cloud? How is AI, gen AI changing that and what role do you guys play?

Danny Allan

>> Well, we're agnostic, right? So whether you have some things in one cloud, some in another cloud, some on premises, every organization has dozens of languages. They have multiple repositories for their code. They have many, many different practices. And what Snyk brings, of course, is the ability to bring that all together so that you can prioritize across the full solution set.

>> And you got expanded relationship with Google that our data really interesting shows Google's distant third in adoption in cloud, but it's closing the gap with AWS in terms of AI, percentage of customers. Very rapidly, actually. I'm sure Google Cloud next was pretty impressive what they're doing. AWS is very impressive. AI as well.

Peter McKay

>> They're

>> a machine.Of course, we know the story with Microsoft. It's like an amazing judo move on the industry.

Peter McKay

>> Oh, yes.

>> But talk about the Google relationship.

Peter McKay

>> You announced it.

Danny Allan

>> Well, yeah. So there's a couple different things. So we're embedded within the IDE. So if a developer wants to know about, "Hey, what's secrets configuration and management." Well, actually there's a chatbot built into the IDE so that they can learn about it. One step further, though, we can actually analyze the code in real time as they're writing code. We can say, "Here's an issue and here's the suggested fix for that." And so we're both educating. We're fixing, we're remediating directly within the Code Assist product from Gemini.

>> It's sick. What's happening with LLMs, isn't it?

Peter McKay

>> I mean, the pace is unbelievable.

>> You play around with Llama 3. Actually, when you start editing, for instance, the images, it generates an image. You say you start to edit, tell you what you want, and as you're typing, it's like looking ahead and changing the image in real time. And you're like, "How does it do that? So how does it do that?" So I guess my question for you as a technologist is weigh in the whole LLM leapfrogging, ping ponging. Every day we turn around, there's new LLMs. You got the issue of proprietary LLMs versus open LLMs. Of course, we all love open source, but when you read the fine print on open source, some of the terms are a little bit restrictive. As a technologist, how do you think about all this?

Danny Allan

>> Well, we have deep experience with LLMs and machine learning, and we have for a very long time. In fact, people don't realize this, but the DeepCode product was based on an LLM. We created the rules within that product using machine learning techniques. When we started doing fixes, for example, we started with a T5 model. We switched to a StarCoder model. And actually when we tested our fixes now on GPT-4, which has almost 1.8 trillion parameters, we're 20% more accurate than GPT-4. Now, why is that? Because Snyk has been deep into machine learning and AI since well before it became an industry buzzword.

>> How do you feel about the open source versus proprietary people saying, "Well, ultimately open source is going to swamp them. I don't know. Sometimes those things take time. We've certainly seen the innovation on open source. Do you have any thoughts on that?"I

Peter McKay

>> think we've always been agnostic on clouds, infrastructure, software languages. We're just going to watch it and we're going to secure it, right? Because every company is going to have a mixed bag. There needs to be an agnostic security solution for all those tools that are out there, all those gen AI solutions. And that's what we're focused on, is just making sure we work with all of them because the biggest companies in the world, all the way to the smallest companies will have a mixed bag. They've always done that. And so for us, it's how do we secure all those? I mean, the more gen AI they use, the more code you produce, the more risk you're going to have. And we just need to make sure we're securing that.

>> LLM diversity is probably a good thing-

Peter McKay

>> It is....

>> at Snyk. What you guys, if you had to bet... We're all betting people. If you had a bet on the big debate is commoditization or differentiation over time. I'll let you guys answer. I'll tell you where I weigh in afterwards. What do you think?

Danny Allan

>> Commercialization of the LLMs?

>> Commoditization of the LLMs, "Oh, these things will just be a commodity." Not that they'll be one to rule them all versus the innovation engine is going to keep going.

Danny Allan

>> The innovation engine is definitely going to keep going. It's not going to slow down at all. I think you're going to see edge niche cases where you need to use a specific type of LLM for a specific type of issue. That's not going away.

>> I will weigh in. I think it's going to be a game of mass customization at scale, and that is where the differentiation is going to live across. Maybe it's a long tail, but I think there's plenty of room for innovation in this. There seems to be no shortage of CapEx going into this thing.

Danny Allan

>> No. And valuations are crazy.

>> You think so? You think they're crazy? You think Snyk is overvalued?

Peter McKay

>> No. I think the AI companies, I think we're properly valued. But a lot of the AI companies are... I mean, it's what you would expect in the industry. I mean, it's a very hot topic. I mean, every company here is talking about some way, shape or form. They're leveraging AI. It's the right time in the market for this to be compelling, just because of the gains you could internally or within your products. There's a lot you can benefit from.

>> Past is not prologue, but we've seen these waves before and there's certainly many patterns in this wave that are similar to dot com and many that are different. One of the things we put out on Twitter the other day... We did a Twitter poll. I don't know if you know Dave Ittycheria, CEO of Mongo. He and I were riffing last week. And so he gave me the idea. So you remember, Cisco was the most valuable company in the world in like 1999, 2000. So now NVIDIA, not the most valuable company in the world, but they're the poster child for high value companies. Is NVIDIA, Cisco or is NVIDIA, Google? That was the question we put out there.

Peter McKay

>> What was the result?

>> Well, the poll is leaning toward Google, but mixed. But I think the general consensus is somewhere in between. Crawford Del Prete weighed in. You know Crawford from COO of IDC, president should be called CEO. Just give the guy the promotion for crying out loud. He weighed in saying, "I think it's the combination. NVIDIA is the equivalent of the Wintel duopoly." Actually, Fury and I were riffing on the podcast the other day. I said, "What about Apple?" Because hardware and software together,.That's another analogy. I don't know. We don't know the answers to these things.

Peter McKay

>> We don't know.I

>> personally think NVIDIA has got quite a moat. I think if it's overvalued or undervalued. But I think I agree with you a long runway. But to me where the real value, and this came up at Mongo last week in talking to developers, it's really the applications that are ultimately where the value leverage gets hit. And it's the end customer that creates probably more value collectively than any one IT company or technology company.

Peter McKay

>> I think you're right.

>> Right? And so you're supporting those developers, you're supporting that sort of development.And

Peter McKay

>> whatever they choose, whatever tools they use, and just make sure you don't slow them down, but be secure at the same time.

Danny Allan

>> Yeah. We think about AI actually in two different ways. One is supporting those companies. So we actually have security tests for 30 different LLMs right now. So our customers are building LLM augmented or LLM native applications, but we also AI-generated code. So we think about that new modern application and we can secure them. But then of course we use AI within our product to help them secure their AI applications.

>> IPO in the future. What are you guys saying? What can you tell us?

Peter McKay

>> Who knows? I mean, we've always viewed ourselves as becoming a public company at some point in time. We raised some money over the past year. We still haven't spent the last two rounds that we raised. So we're pretty close to break even. We'll pick the time. It's good to see Rubrik and a couple others coming out. It looks like there's a nice backlog of building for IPOs and I think we'll pick it when it's right for us.

>> There's a lot of discussion about staying maybe private for longer versus the benefits of being a public company. You see both sides. You saw Cloudera almost waited too long. They didn't have the great business model. Do you feel like if you've got the right business model... Rubrik was interesting. Good for them getting out, but they got some work to do in terms of the numbers. But if you've got the right business model and you can pretty much predict to the best of your ability that you're going to at least maybe be beaten raised, do you feel like there are real advantages to being a public company or do you feel like it's too much of a hassle these days?

Peter McKay

>> I think it's an advantage at the right time for the right company, growing company, break even profitability. I think it's important in the mix today. You look at our customers. 60 plus percent of our customers are enterprise customers who want to know that you're a public viable company that has... In the whole IPO, the branding associated with being a public company I think is something that's important for our customers and prospects in the market around the globe. And so we do see that being an inevitability at the right time.

>> Is there a new benchmark on you got to be a billion dollar company or is it more situational? If you're a half a billion dollar revenue company, you can actually go public if you've got the right metrics.

Peter McKay

>> I think if you have a differentiated story, I mean, the metrics got to be solid, right? You've got to have the growth. You've got to have the path to profitability or profitable. You've got to have a good customer base with differentiated defensible IP. And those are all the things that we've been kind of operating that way for the past couple of years. We feel as though from the predictability of our business, we've been there. We've been operating as if we were a public company. So we're going to just wait and see. See what the market bears.

>> Excited to see that S1. Can't wait to dig in. What can you tell us about Lacework. Of course, a lot of chatter in the marketplace.

Peter McKay

>> Yeah, I mean there's a lot of rumors, right? I think in this market, there's so many companies up for sale, other companies that are trying to be bought. Nothing surprises me. It's a rumor, so you can't comment on rumors, but I think you never know in this market.

>> So we can't talk Patriots because

Peter McKay

>> we have in the past.Yes, we can't.

>> There's just nothing to talk.It's not as good.But luckily we're from Boston.

Peter McKay

>> Yes.

>> So we got Bruins.

Peter McKay

>> And Celtics.

>> They snuck through. I was going to-

Peter McKay

>> That was a Snyk through.

>> Throw something through my TV if they didn't win that game. And we got the Celtics. So what do you think? Bruins showed some weakness during that

Peter McKay

>> last series?They did. Yeah. I mean, right now you got to go with the Celtics because they've got the hot hands and they've just been dominant. And this is their year. But don't count the Bruins out. I mean, they got past a tough Toronto team. This is the big one. Florida knocked them out last year.

>> I know. We hate Florida.

Peter McKay

>> We hate Florida.

>> Now as a Canadian...

Peter McKay

>> But he's a Bostonian. You

>> can't say anything.You know a little bit about hockey, but where are your loyalties now? Who's your team?

Danny Allan

>> So I lived in Ottawa for eight years and I'm a long-suffering Ottawa Sens fan. However, I've been rooting for the Bruins. I've lived in Boston for 22

Peter McKay

>> years.Because Ottawa is a great city.It is a great city.

Danny Allan

>> They deserve to win. That drive by Pasternak at the end they deserve that goal. I

Peter McKay

>> know that set it up. But it was hustle. I mean, that is scrappy.

>> Very much so.

Peter McKay

>> That's

>> Bruins hockey.All right. Hey, there's nothing better than playoff hockey. Guys, thanks so much for coming back,

Peter McKay

>> Peter.Thanks, David. Great to see you.

>> Danny, good luck with everything.

Danny Allan

>> Thank you.

>> Can't wait to see you guys next time here. Keep it right there. We'll be back right after this short break from RSA 2024. You're watching theCUBE.