In this interview from RSAC 2026, Nico Waisman, chief information and security officer of XBOW, joins theCUBE's Dave Vellante and John Oltsik to discuss how autonomous AI pen testing is closing the widening gap between vulnerability discovery and exploitation. Waisman explains how XBOW deploys swarms of AI agents to autonomously attack web applications, using a validator architecture that dramatically reduces false positives. The company proved its approach by reaching number one on the HackerOne leaderboard, outperforming human security researchers at finding zero-day vulnerabilities in production environments. With vibe coding accelerating code output faster than teams can secure it, Waisman argues that only AI-driven offensive testing can match the pace of modern software delivery.
The conversation also explores XBOW's model-agnostic architecture, which allows the platform to swap foundation models on a per-task basis — using different models for discovery, attack and safety validation. Waisman details the company's roadmap toward continuous testing integrated directly into CI/CD pipelines by mid-2026, enabling penetration tests on every code delta rather than periodic assessments. A recently announced partnership with Microsoft connects XBOW's offensive findings to attack surface management and SOC workflows, creating a closed-loop system where discovered vulnerabilities automatically trigger incident detection. Founded by Oege de Moor, the creator of GitHub Copilot, XBOW has spent two years building enterprise-grade capabilities while foundation models have rapidly matured around it. From the expanding trust risks introduced by MCP and autonomous agents to the governance frameworks CISOs need as every company becomes an engineering company, Waisman provides a practical roadmap for staying ahead of adversaries operating at machine speed.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for RSAC 2026 Conference
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC 2026 Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to RSAC 2026 Conference
Please sign in with LinkedIn to continue to RSAC 2026 Conference. Signing in with LinkedIn ensures a professional environment.
In this interview from RSAC 2026, Nico Waisman, chief information and security officer of XBOW, joins theCUBE's Dave Vellante and John Oltsik to discuss how autonomous AI pen testing is closing the widening gap between vulnerability discovery and exploitation. Waisman explains how XBOW deploys swarms of AI agents to autonomously attack web applications, using a validator architecture that dramatically reduces false positives. The company proved its approach by reaching number one on the HackerOne leaderboard, outperforming human security researchers at findin...Read more
exploreKeep Exploring
What is XBOW and how does it work as an automated, autonomous penetration-testing tool?add
How far along are you with the product, and how close are you to achieving product–market fit?add
Is the autonomous (AI) penetration testing process transparent and auditable—i.e., is it a “black box,” or can I review the LLM’s actions, reasoning, and generated network/activity logs?add
How do customers budget for this (the incremental/continuous penetration-testing service)—does the cost come from pen-testing, red-team, product, or other budgets?add
Does your organization develop its own AI model, or do you primarily rely on and switch among existing foundation models?add
How does your solution (e.g., XBOW) integrate offensive testing with defensive workflows—such as Microsoft Attack Surface Management and the SOC—to turn discovered vulnerabilities into detections, incidents, and remediation actions?add
>> Hi everybody. Welcome back to San Francisco. We're here at Moscone West on Media Row Broadcast Alley. We're at the end. You're watching theCUBE and I'm here with Dave Vellante. I'm here with John Oltsik, who is my co-host for this segment. And we're excited to have Nico Waisman here. He's the CISO of XBOW. Good to see you. Thanks for coming here.
Nico Waisman
>> Thanks for having me. Yeah.
Dave Vellante
>> So XBOW, I had to look it up. I'll be honest with you. You're an AI hacker that autonomously finds and exploits vulnerabilities in web apps. You're currently, at the time of this, written as number one on the HackerOne leaderboard.
Nico Waisman
>> That's it. That's what we are.
Dave Vellante
>> So very cool. Okay. So automated pen testing and beyond?
Nico Waisman
>> Completely autonomous. So you just set up, this is what I want to attack. You give them the information about how you want to attack it. And then the AI will just do the rest. And then at the end of it, after a couple of hours, you get the results and they get all the findings and all the vulnerabilities.
Dave Vellante
>> You guys have been around for, what, two years now? Is that right, two years?
Nico Waisman
>> Two years now. It feels like 20, but it's been two years.
Dave Vellante
>> Feels like 20. Okay. So you've been building product and now you're ready to tell the story?
Nico Waisman
>> Yeah, absolutely.
Dave Vellante
>> You feel like you've got ... You give birth to this product, you test it, you feel like you're getting close to getting product market fit. Where are you at your ...
Nico Waisman
>> No, no, we already have a lot of customers behind our leap. We started around mid last year to serve our customers. As you say, one of the big challenges for us was to show the market that we were able to use AI to actually find vulnerabilities. Because in the past, penetration testing has been a very technical area of application security. And a good way to show the market that we were able to do it was like, let's go where the hackers are. And that was where we started releasing XBOW into the HackerOne. HackerOne is this platform where all the hackers are playing around, finding real vulnerability in real production environments. So we thought, why don't we let XBOW lose and see what happened? And in a couple of months, we were number one in the US. Around June and July of last year, we were like number one in the world. So we were beating all the other different security researchers at finding vulnerabilities.
Jon Oltsik
>> Are you learning from those human hackers? Is your system learning from them?
Nico Waisman
>> We have a team of security hackers within XBOW that is basically teaching AI how to better find vulnerabilities.
Jon Oltsik
>> Okay.
Dave Vellante
>> How does that work? So is that ... They talk about reinforced learning, human feedback. Is it like that? Or is it more-
Nico Waisman
>> It's more like fine-tuning the way that XBOW works with the different models and finding a way to validate the finding. So the real trick with LLMs is that you know that they're very constantly trying to please you, trying to bring you like really nice results. And that, in security, means that it's going to bring you a lot of false positives. So a lot of the work that my team is doing is basically like prompting it in the right direction, coordinating the way that the methodology, the penetration test is going, but most important, validating the vulnerabilities at the end of it. So we build this concept of like validators. So the idea is that the agent will go and perform an attack on some section of your website. And when they believe they find a vulnerability, the agent will say, "I think I got something." And we have these validators that we built on top of it that are basically a second pair of eyes. They will look at the vulnerability that they found and say, "Okay, this is a real vulnerability. This is not a false positive." But if it's a false positive, it could go back to the agent and say like, "Hey, you're wrong. This is a false positive. Go back and find me one. Bye." And that's like the interaction between like a way to validate them and a way to attack them. And what that bring us is XBOW is able to find a lot of vulnerabilities and reduce the number of false positives to like a really small amount.
Dave Vellante
>> Your philosophy is the best defense is a good offense.
Nico Waisman
>> 100%.
Dave Vellante
>> Okay. And so describe that offensive architecture. How do you use LLMs? What proprietary value do you bring?
Nico Waisman
>> Absolutely. So let me tell you for like why offense is better than defense. Or no, or like why offense is the way to defense. And the main reason for that is like, we are living in a world with too much noise. We have so many different tools that are providing a lot of signals about like vulnerabilities, about supply chain and all that. But at the end of the day, it's really hard to understand what is the real impact? And I think the best way to say like something has a real impact or not is can an attacker actually use that vulnerability to exploit into my environment? It's not about like a potential vulnerability. It's about like, this is what a hacker can do and I will show you how. And if you don't believe me, just follow these two, three steps and you will confirm it yourself. So we provide that information. Now, the real trick here is like, you can use different type of models, whether it's the foundation model or you can train your own model. But the real trick is like how you do that at scale. And what we have built is basically a tool that has like many different sections, but more important, it's a tool that manage the coordination of a penetration test. It's a tool that send a swarm of agents against your environment and make sure that the agents are not like stepping into each other's toes. They're running in a safety way. They're like not attacking your database and basically dropping your tables and they're actually finding, as I mentioned before, the needle in the haystack, the real vulnerabilities from the false positives.
Jon Oltsik
>> Is there a black box element to this? So I understand what you're saying, but I want to be able to understand your testing so that I know what you're doing and then I can respond to it. So is that auditable? Can I read that?
Nico Waisman
>> That's a fantastic question because I think this is one of the biggest breakthroughs that's coming from our product is that you have full availability of everything that the LLM did. So when you used to do a penetration test with a human, you basically, at the end of like three weeks that you have done the penetration test, the only thing you get is a report that shows all the vulnerabilities and maybe a description that says like, "Oh, we look at this feature, this other feature." With an AI autonomous penetration test, what you're getting is like full visibility of like every network package that we send your way and every action that the LLM performed. So that means like, what was the LLM thinking, what was the action that was performed and that was the output of that action. So you can see everything that happened.
Jon Oltsik
>> Okay.
Dave Vellante
>> So in this industry there used to be, I forget the exact joke, but it used to be like Patch Tuesday meant Breach Wednesday, but now the time is compressing, right? So can you describe that compression between vulnerability, discovery and exploitation? How long is that today and how do you address that?
Nico Waisman
>> Yeah. I started in security almost 20 years ago and back in those days, it's exactly what you said. At the beginning, it was easier to find vulnerabilities and exploit them. There was like no protection operating systems. It would take you a couple of days to just, from finding a vulnerability to writing an exploit. But then what happened is like systems got more complex, there was like more mitigations in place. People start building more tools to like secure code. And so finding vulnerabilities became like a little bit harder. On top of that, from the moment you find a bug to actually being able to exploit it has became like longer. Also, there's too much vulnerabilities going on. If you look at CBEs from year to year, it always go up and now with vibe coding, that's going to even go farther than what we are. The benefit and the problem of AI is now they can do all of that at scale. So we're seeing now a reduction between the moment that the vulnerability is found to the moment that's being exploited. And that, to us, is a huge concern. Obviously this is our business, but also from like an industry point of view, I think that we are going to a chaos phase where like offensive, especially on the bad actor side, is going to get faster, it's going to get more accurate and we are not ready.
Jon Oltsik
>> Are you finding zero days?
Nico Waisman
>> Of course. Yeah, that's what we do. That's our business.
Jon Oltsik
>> You're not selling zero days, though?
Nico Waisman
>> No, we're not.
Jon Oltsik
>> Okay.
Nico Waisman
>> I mean, we are working with customers and we find one of the zero days on their own environments and we report it. Obviously they get that information.
Jon Oltsik
>> Okay.
Dave Vellante
>> That could be lucrative, selling zero days.
Jon Oltsik
>> Small customer base, but it could be.
Dave Vellante
>> Okay. So let's talk about the business case. I mean, pen testing, red teaming, a lot of manual, a lot of human intervention. So is that the business case? You're going to look at how much you can say, but there's also a risk element, you're reducing the expected loss. Take us through the business case. How do you ...
Nico Waisman
>> Yeah, so the business case is, for us it's quite simple, is that we are focusing on web application security. And what we're seeing is that, and we're fortunately because we didn't see it when we started, but with vibe coding, we've seen like a huge increment of like code base, like applications are getting bigger and there's way, way more applications. And we are not able to catch up at the speed of like what engineers are delivering nowadays. And so the only way to catch up with that is like you need to be able to match that speed with an LLM and be able to be very precise because we cannot afford false positive anymore. And so this is why we build this product, to be able to like augment how much penetration test you can do into our customers and be more precise about the result.
Jon Oltsik
>> Is it continuous?
Nico Waisman
>> Right now, it's not. We just released an incremental continuous but we are expecting, between Q2 and Q3, being able to be on the customer's PR. So basically shifting left to the CI/CD and in every new addition of code, XBOW can find the difference, like the delta between the new release and the old release and only perform a penetration test on that delta.
Jon Oltsik
>> Right. So your customers have to budget for this. Are they budgeting out of their testing budget, their red teaming budget, both? How does that work?
Nico Waisman
>> Yeah, it depends on the company. Sometimes it's coming out from the pen testing budget, but nowadays we're seeing the budget coming out of from the product side. So whether it's like DAST or whatever -
Jon Oltsik
>> That's what I was thinking.
Nico Waisman
>> DAST and SAST. We're seeing some of the customers like pulling some of that budget into our product.
Jon Oltsik
>> Yeah. It's a little bit of belts and suspenders. You want both. But I have to ask you, so years ago I covered the breach and attack simulation market and that was supposed to be automated pen testing or automated red teaming and that market really never developed. So what's changed that's ... Is it just the amount of code? Is it the vulnerabilities? What is it?
Nico Waisman
>> I think that it's the effectiveness of the LLMs. It's clearly, when you see the output that the LLMs had, the actions are performing, it's just behave like a human pen tester, at the same skill level. And it's not pretending to do things. It's actually finding zero days in our customer application. So the results is very clear to our customers.
Dave Vellante
>> Okay. So you started a couple years ago. The state of the art of the LLMs at that point was request and retrieve at a RAG-based chatbot and then we saw reasoning come into fore. Now you're entering agentic. Was it luck that you timed it? Did you see that coming? Because the LLMs have just been exploding in capability.
Nico Waisman
>> Yeah. I have to say we have some insight. So our founder, Oege de Moor, is actually the founder of Copilot. So he's seen it coming even when OpenAI was like a small company with a small team. And he built, I think he built the very first product coming out of AI, which was Copilot. And when he left GitHub, this is where he contact me and is like, "Let's connect AI with cybersecurity, let's go offensive." And this is where we started building XBOW. I always made the joke, he built the problem so we can go and fix it with XBOW, but that's a joke. It's not realistic, but this is like the direction with products like Copilot, with Claude Code, Codex and all these applications that are building a lot of code, basically they are opening a huge market for us to go and help people that are building it that fast.
Dave Vellante
>> Since you're so close to the individual who developed Copilot, I have to ask you, you remember when Benioff and Nadella were trolling each other and Satya said, "Well, the future of SaaS is agents talking to a CRUD database." Remember that? It turns out he was actually, in a way, right, but his own personal productivity software was somewhat vulnerable because you think about how he was pricing Copilot, embedding it into the personal productivity. And then Anthropic comes out, to the point about how fast LLMs have evolved and now all of a sudden Microsoft has responded. So it's actually thinking platform as opposed to injecting the Copilot into the individual, personal productivity. I don't know if there's a question in there, but I guess the question is, in thinking about the speed at which these LLMs are advancing, you say you obviously got insight to it, but Satya missed it, right? So it's hard to predict. How do you see the model evolving, your pricing model? How do you see interacting with that customer engagement?
Nico Waisman
>> Yeah. So first of all, we have been collecting data from the model since like two years ago, back when it was ChatGPT 3.5. And we collect data specifically from offensive capabilities and started a little bit shy at the beginning. When we started a company, we were like, okay, we are one year ahead of something, something decent to see the face of a customer. But then three months later when we found the company, we're like, wow, now it's resolving CTF, it's behaving clear to the path of like matching the human's skills. And in a matter of like a year, we were there. We were matching that speed and we have been collecting that data, like Opus 4.6 is amazing and we're seeing like new things coming out of OpenAI from Anthropic, from Grok, from xAI, from Gemini, everyone is like matching each other, even in terms of offensive capabilities. So to be honest, I think that, as a company, we have a responsibility to be able to help customers because we know that the speed is going to be there and it's almost like we're going to get into like a phase where things are going to be a little bit scary.
Jon Oltsik
>> Do you create your own model?
Nico Waisman
>> Not right now. We experiment a lot of there, but to be quite honest, right now the foundation models are getting better and better. So we're waiting until a time where things are like stabilized to start on that direction. We have been collecting a lot of data as we have done a lot of work on open source with Bug Bounty programs and so on. So we have all the data there that can be used to improve models, just waiting for the right time.
Dave Vellante
>> So you heavily leveraged the foundation model. So are you like all of us, you jump around or you have a favorite? I mean, how do you adjudicate between-
Nico Waisman
>> Benchmark. We benchmark and we build the capabilities to be able to like switch in a second. So we build the product on purpose to be able to like switch between model to model, but not only that, we make it modelarized. So for example, for certain attack classes, we can use this model, which is better. For safety, we use other models. Or for like discovery, you can use different models. So that's a way that we, it's almost like plug and play. And that actually give us a lot of advantage because like the models are getting better and better and we can switch around to which was the best.
Dave Vellante
>> We saw, we were at GTC last week and we obviously saw the innovation coming out of Nvidia. The pace just seems to be accelerating. What does that mean for your business as the cost per token continues to go down? What does that mean for you?
Nico Waisman
>> I think that for us, it's actually where we want to go because we want to democratize as much as possible our offerings. We want you to be able to offer to small companies and even to offer to our customers to run it as much as possible. Like run all the procedures you can, secure yourself as much as possible. So the reduction in inference, for us, is an opportunity to help more and more of our customers.
Dave Vellante
>> So there's always the conversation about AI, attacking AI. How do you make sure that the bad guys don't take your technology and use it.
Jon Oltsik
>> I was just waiting to ask that question, Dave.
Nico Waisman
>> That's a very good question. We have an AIT that's specifically working on like reducing that attack. And obviously we have a strong security team in our company that is constantly testing our own product for any , like LLM injection. This year is where we're going to be moving into attacking LLMs too. Right now we have been focused 100% on web application. Clearly everyone is using LLMs, bringing their own agents, is running their own MCPs, like it's time for us to go and serve that market too.
Jon Oltsik
>> And are you integrated into the DevSec, like DevSecOps and those kinds of tools, so that we can do the CI/CD pipeline?
Nico Waisman
>> Yeah, that's what we want. Between Q2 and Q3, that's what we're going to be releasing soon.
Jon Oltsik
>> That makes sense. Yeah.
Dave Vellante
>> Yeah. So thinking a couple years ahead, do you see this as a fundamental capability? The TAM is, in theory, anybody who does pen testing, right? Do you see this as this ... Not there yet, but do you see that continuous testing as a fundamental staple of a CISO's arsenal?
Nico Waisman
>> I think it is. I think the direction that every company is going is every company now is an engineering company and is an AI company. And if you're not there, you are slowly getting behind. So it's clear the direction is like continuous testing as fast as possible because everyone is going to be continuous delivery. So you have to match the speed and we need to do it now because all the companies are now building that.
Jon Oltsik
>> I would imagine that we'll see PCI go into that direction. We'll see the cyber insurance vendors demanding this and it's not happening yet, but it will with tools like yours.
Nico Waisman
>> Yeah. We believe that's the direction that everything is taking, both on compliance, on PCI, SOC 2, everything else is taking that direction.
Jon Oltsik
>> Makes sense.
Nico Waisman
>> But I think it's go beyond compliance, to be honest, because people are going to be exposed and they need to go and figure it out how to fix that.
Jon Oltsik
>> Well, compliance is a motivator, that's good, but yes, you should be thinking about your exposures.
Nico Waisman
>> Exactly.
Dave Vellante
>> So you have machines attacking machines, you have machines defending against machines. What's the human? What's left for the human to do?
Nico Waisman
>> Well, the human is strategy, I think. I think that's the direction. I think that humans has to figure out the strategy behind offensive and direct the penetration test into what's next. On top of that, I think that there's still an aspect of like human hacker creativity that the LLMs cannot fully take. There's still a lot of things that LM cannot do that humans can do. So I think that the role of humans is more about like, let all the low hanging fruits for the LLMs, let's focus on like the things that matter the most for you and focus there.
Jon Oltsik
>> And are the LLMs teaching you about the tactics, techniques and procedures that the bad guys are using so you can catch up and learn?
Nico Waisman
>> Exactly.
Jon Oltsik
>> Okay. That makes sense.
Nico Waisman
>> Exactly, exactly. And we recently closed a partnership with Microsoft, where we are bringing offenses to defense. So like right now, you can, with some of our Microsoft customers can actually use XBOW to run it with Microsoft attack surface management tool and then bring those findings back to their CM and figure it out if like an incident happened on the vulnerability that was found. So imagine that flow where like you have a web application that is suddenly exposed online, you go and attack it and find out all the vulnerabilities, you bring those vulnerabilities back to your SOC and automatically say like, okay, this vulnerability was actually used by an attacker here because now you have the information about the that you didn't know about it before. And you can ultimately go and be like, okay, now I need to create an incident because I know where I was attacked.
Jon Oltsik
>> Yeah. There's a closed loop angle here where you find the vulnerabilities. I immediately put up some detection rules, I change my controls and I alert the developers on what they did wrong.
Nico Waisman
>> Exactly, exactly.
Dave Vellante
>> When you security pros hear something like OpenClaw, do you like have a big party? So what do you think about OpenClaw? We saw last week, Nvidia announced NemoClaw to make OpenClaw more secure. I was reading a Substack this morning. Why I'm dumping my OpenClaw because Anthropic is 30% of the way there and they'll eventually get there. What are your thoughts there? I mean, obviously vulnerabilities, galore.
Nico Waisman
>> Yeah. I'm generally worried because like suddenly you see a lot of people that might not be technical, just coming up and set up their own environment and the old environment has a lot of access, like access that we have never seen before. And that trust relationship, to me, is like a problem coming. So like every time I see, and OpenCloud is one of them, like tomorrow we're going to have something else because like every week there's a new release of something that is new and everyone is excited about and it's all the hype about that. My concern is the direction that I'm going to take and who's going to use it and what's going to be the consequence of that. So I'm more worried than excited. I think like bad actors are more excited than I am, to be honest.
Dave Vellante
>> Is the industry prepared?
Nico Waisman
>> We need to. I mean, I think that everyone has a responsibility as a CISO to be prepared for what's coming. AI is already here. You need to be thinking about like that speed and that scale and you need to start preparing for that.
Dave Vellante
>> So you're a CISO in a tech company. So obviously, your role is different than if you're a banker or an insurance company or a manufacturer. How has the CISO's role changed in the last couple of years? And what's your advice to the CISO that's like, "Look, I'm trying to keep the lights on here. I've now got all these new attacks. I'm trying to innovate as well." How do you recommend balancing all that?
Nico Waisman
>> Yeah. That's a very question. I think that like every CISO now needs to understand that the organization is an engineer-led organization because everyone from like sales to marketing is using Claude Code or Codex to write code. So they need to be aware that now they're running an engineer-based company. And to be honest, it's not different from like what they used to be doing. Inventory is extremely important. Security, by default, is going to be like a demand for like everyone. You need to make sure that you build the right security guardrails for people to innovate fast, but doesn't go outside of those guardrails. And then testing, testing, testing, and engineer speed.
Jon Oltsik
>> -
Dave Vellante
>> Do you have another question? Please.
Jon Oltsik
>> Oh no. So I was just going to ask, so it starts with the governance model, but buy-in from the business people, standardize on that, put the policies together. So it's back to really just strong governance has got to lead this thing.
Nico Waisman
>> Yeah. I've always been about like strong governance, to be honest. There's this old phrase, but it says like, "Whoever know the network is the owner of that." And that means like, is the vendors the owner of the network or is the attacker is the owner of the network?
Jon Oltsik
>> Yes.
Nico Waisman
>> And I mean, I'm saying network. Network is like an old concept. Nowadays, everything is like ... There's no concept of a network or like -
Jon Oltsik
>> Attack surface.
Nico Waisman
>> Attack surface.
Jon Oltsik
>> Yeah, I understand.
Nico Waisman
>> And that's like the idea. It's like you need to make sure that you have full ownership, full governance of how you're deploying software and such a way like you understand the structure there and you're able to like protect it.
Dave Vellante
>> My last question, give us a plug for the company. How novel is this? What are your differentiators? What's the competitive environment like? Give us the plug. How do we engage with XBOW?
Nico Waisman
>> Well, XBOW.com, this is where we are. I think that the company is, right now, the number one company in terms of AI autonomous pen testers. We have the more mature product out there when we go to our customers. And you asked me like, what is the competition? Basically our customers right now are putting us against humans. They make us go and test this application. We run XBOW and they all intend to have like a human pen tester doing the same thing at the same time and then they compare the results. And then based on that, they find them things. There's a lot of like newcomers. I don't know if you heard the news. There's a lot of like new companies that are being created in this area. We have been there, it sounds like two years is small period of time, but for AI, it's a huge amount of time. So like if we have been here around, we are enterprise ready, which is another thing that is complex to build upon it. We have worked with a lot of like financial industry customers, manufacturer and all sort of customers. So we are there. We are ready for any like customers and we can make it happen.
Dave Vellante
>> AI versus humans, it's not fair. It's like chess and playing chess against the machine.
Jon Oltsik
>> And the machines won, what, 20 years ago.
Dave Vellante
>> Going to win, right. And so I would imagine you're going to get some new entrants into this space because it's a big market. Nico, thanks so much for coming on theCUBE.
Nico Waisman
>> It's a pleasure.
Dave Vellante
>> It's a great story. Appreciate it. Best of luck to you.
Nico Waisman
>> Thank you.
Jon Oltsik
>> Thank you.
Dave Vellante
>> Okay. And thank you for watching. This is Dave Vellante for John Oltsik and theCUBE at RSAC 2026 from Moscone West. Stop by and see us. We'll be right back right after this short break.
Dave Vellante
Jon Oltsik