In this interview from RSAC 2026, Umesh Mahajan, vice president and general manager of application networking and security at Broadcom, joins Prashant Gandhi, vice president of products for the same division, to talk with theCUBE's Dave Vellante about how agentic AI is transforming both the attack surface and the defensive architecture enterprises need to survive it. Mahajan explains why AI-powered adversaries can now crawl millions of lines of open-source code to discover and exploit vulnerabilities at machine speed, making perimeter-only defenses dangerously insufficient. Gandhi details Broadcom's integrated, software-defined approach to defense in depth, emphasizing that effective security must be enforced at the hypervisor level — directly alongside the workload — rather than bolted on through a patchwork of disparate tools.
The conversation also explores how Broadcom is making zero trust operationalization practical through a prescriptive, phased deployment model designed for the roughly 75% of customers who struggle to move beyond planning. Gandhi highlights the Avi load balancer's continued evolution, including 6X SSL performance gains, post-quantum cryptographic capabilities addressing the "harvest now, decrypt later" threat, and new Model Context Protocol intelligence for discovering and securing agentic AI traffic — innovations that recently earned Avi a theCUBE award. Customers leveraging Avi analytics have reduced support tickets by up to 90%. Mahajan reveals how Broadcom's own IT organization serves as a demanding internal customer, stress-testing the security stack while protecting sensitive semiconductor IP. The discussion also addresses shadow AI as a growing risk, with Mahajan underscoring that tight governance and sandboxing are non-negotiable as enterprises rush to deploy autonomous workloads. Framing the strategy as "AI for cyber and cyber for AI," the pair provides a practical roadmap for securing the agentic era before adversaries exploit it.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for RSAC 2026 Conference
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC 2026 Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to RSAC 2026 Conference
Please sign in with LinkedIn to continue to RSAC 2026 Conference. Signing in with LinkedIn ensures a professional environment.
VP of Products, Application Networking & Security DivisionBroadcom
In this interview from RSAC 2026, Umesh Mahajan, vice president and general manager of application networking and security at Broadcom, joins Prashant Gandhi, vice president of products for the same division, to talk with theCUBE's Dave Vellante about how agentic AI is transforming both the attack surface and the defensive architecture enterprises need to survive it. Mahajan explains why AI-powered adversaries can now crawl millions of lines of open-source code to discover and exploit vulnerabilities at machine speed, making perimeter-only defenses dangerousl...Read more
exploreKeep Exploring
What are CISOs asking about agentic AI and are current security roadmaps and products aligned with those needs?add
How prepared is your current product/architecture to support and secure AI-driven, cloud-native (Kubernetes/VM) workloads—does this require a full re‑architecture or only enhancements (for example, to discover and protect MCP servers and prevent exfiltration to LLMs)?add
What is your approach to delivering security for agentic AI and traditional workloads?add
How should an organization design its network and security architecture to provide defense in depth (including lateral segmentation and layer‑7 protections), full visibility, detection of AI/agentic attacks, and prevention of proprietary data being exfiltrated to public large language models?add
How can CISOs quickly enable lateral segmentation and zero‑trust lateral security across all workloads and application assets to mitigate the expanding AI-driven attack surface?add
How do you address the challenges of using multiple, non-integrated ("bolt-on") security products—making sense of disparate alerts—do you use AI to automate detection, and do you deploy these solutions internally at Broadcom?add
>> All right. We're back in San Francisco. We're here at Moscone West on the ground floor. theCUBE's live coverage of RSAC 2026. This is Wall to Wall day two, and we're super excited to have Umesh Mahajan here. He's the vice president and general manager for the application networking and security division at Broadcom. You may have heard of them and Prashant Gandhi is the vice president of products, application networking and security division. Same division at Broadcom. Guys, welcome back to theCUBE. Good to see you both again.
Umesh Mahajan
>> Thank you for having us here.
Prashant Gandhi
>> Thank you.
Dave Vellante
>> So what's happening? What are you guys doing here? What's the narrative around what Broadcom is doing?
Umesh Mahajan
>> So as our name says application networking and security, we are very much into security. RSA is the big event. So we are here to talk to customers and see what else is happening. What is happening at this event? What is everybody saying? And are we on the right track? And are we moving along in the right direction also? So that's what we are here for. And the last two couple of years, AI has been top of mind, but this year is all about agentic AI. So we have a strong vision and roadmap in that area. So we are validating that with our customers, CISO meetings. In this event, right? The last two, three days we are meeting a lot of CISOs and customers to see, are we on the right track? Are we driving the right building blocks to meet the needs? So that's what we are up to.
Dave Vellante
>> It's interesting you're back to 2023 at RSA and I think it was called RSA then and it changed the name to RSAC, but we have this chatbot and it's going to be writing better phishing emails and we have to be alert. And then kind of last year, we started to see reasoning come into play and more sophisticated attacks. And now it's just this agentic explosion. So you have to respond to that. You're talking to customers, CISOs. I feel like the industry, think about Broadcom semiconductor division. It's like in the third inning of AI and the customers are still in the first inning. There's sort of that gap and you have to help them close that gap. So what are the CISOs asking you? Are you on the right track?
Umesh Mahajan
>> Yeah. So one is I think CISOs want to make sure that if they buy security products for a company, they architecturally they fit their vision, whether it's next year or the following year. They are not buying products. They'll have to throw away or change their mind in time. And also they want to buy products with the rest of the infrastructure where they're investing in, fit in properly. Second is they want to buy products which they can deploy easily because with this landscape changing with AI, you have to move at AI speed. You can't take one year, two year, three years deploying security like it has happened in the past. These days you pretty much have to have the architecture upfront, MCP servers, LLM, it's going to the cloud LLM, on-prem LLM. How will you have the security architecture fit in? How do you set it up? And all the policies are in place. So as the workloads are spinning up, you can deploy a security. So they are going to go with companies where that vision works for them. Otherwise, they'll have to mix and match so many security products together. It'll be a nightmare for them.
Dave Vellante
>> I've seen, I think every wave in the computer industry. I was talking to somebody today. I said, you go back to ... You know how the narrative changes in all these waves? You go back to the PC era. It was like PC networking and even PC printers was a thing. And then the internet comes in and then it's like everything is internet. Internet software and intranet was a thing. And then cloud, everything was cloud native and mobile was mobile apps. Now everything is AI, AI-defined, AI native. So we hear AI security platforms. What does that mean to you guys? What does AI defined security platform really mean?
Umesh Mahajan
>> So one is, we are lucky. We already had a software defined product. So for us, it's not a complete lift and shift kind of an approach. We were not in the appliance security business. We have a software defined product. Already it used to work with VMs and Kubernetes workloads. AI workloads are all going to be Kubernetes. So we already have the right building blocks in place. We are perfectly lined plug and play with VCF, which is our private cloud offering at Broadcom.
So we already had the right building blocks. Now we just have to enhance it. MCP servers, how do we discover them, protect them, large language models? What do we do over there as this prevent exfiltration from happening as you're talking to the LLMs outside? So having the right blocks in place, working at the right scale, we have to do enhancements versus complete rep and replace in our stack. So that puts us as a great advantage as this event is taking place.
Dave Vellante
>> So architecturally, Prashant, that's actually good news for you. As Umesh said, you don't have to rip and replace. How do you think about reshaping that infrastructure, because we're talking about infrastructure here, without making it a bolt-on. So customers want it to be seamless. That's an overused word, I know, but how do you think about that?
Prashant Gandhi
>> We kind of look at it from two vectors, right? One is that you need to deliver security in a defense in depth manner. So it's multi-layer security. Even for agentic AI, you can't just fix one leakage. You got to look at it at every entry point and make sure that you have controls in place. So having defense in depth means that you have to have multiple different technologies. And what happens is that when each technology becomes a tool, it becomes very difficult for CISOs or enterprises to be able to deploy it. And so ours is really an integrated approach that you get multi-layer defense for traditional security challenges as well as agentic AI security challenges using a single integrated stack. And that's really one, and it's fundamental to that is software defined, right? The second aspect to that is that it is platform integrated. So we have the VMware Cloud Foundation, which is the private cloud, and we are integrated right into the belly of the VCF, which is the hypervisor. And for any security to work effectively, you have to do enforcement, prevention, mitigation, not just detection. And you need to do that right next to the workload. And so Hypervisor is that best place to do that, and we are integrated there. So I think these two vectors are critical for us to extend we defend that we have for Agentic AI.
Dave Vellante
>> And that was the fundamental business model shift that Broadcom landed on when it acquired VMware. Obviously Broadcom had software assets, but the premise was rather than having separate networking, separate storage, separate compute, I remember the Carbon Black acquisition. There were all these sort of disparate functions. People don't realize, I don't think people understand the degree to which Broadcom has deep engineering routes. You guys are mostly engineers. They don't let you walk in the door if you're not an engineer. Well, that's not totally true. You have some marketing people, but generally speaking, you invest in things like integration. That, to Prashant's point, has benefits to customers. I want to ask you about the sort of threat now. The adversary has always been capable. Now they're even more capable because they can make these autonomous attacks. So I want to relate my comment about that tight integration to the escalation and the threat and how you're seeing the need for that architectural advancement in this world today.
Umesh Mahajan
>> So yeah, the attacks are increasing because all applications, all infrastructure is built with a lot of open source. And once open source is there, AI is the best at finding the vulnerabilities because earlier hackers had to read the open source code and figure out which way to attack, stack overflow, what do you do? Now AI can do all that for you. Write a couple of agents. It can crawl through million lines of open source and then it'll mercilessly attack your environment one by one because just some agent is running and it's just sweeping through it. So it's going to find a way to compromise your parameter firewall to get in. So really, you have to have this defense all the way built in the security and you have to imagine ahead where these attacks are going to come in, something likely might get compromised. So you have to do segmentation all the way. Defense in depth, different features, security features, but also stop signs all just like when you are trying to get into an airport. There are multiple places where they check your security, not one, two, three sometimes because you can get through one. So same way we have to have that. And that's where inside the data center you have to have a lot of protection points and that's where we shine with our VCF integration, lateral security, lateral segmentation is just not layer four. Layer seven, IDS, IPS, NTA, NDR, advanced threat prevention. And after that, the agentic AI kind of attacks, they're going to have some special elements. You have to be able to detect that and protect against those. But above all, you have to provide the full visibility because in security, if you don't have visibility, you could be sitting there happy, everybody's stealing your assets and you don't know. So we can provide that deep visibility sitting in the hypo. We see every single packet. So we have all the elements without putting sniffers and gigamons. We can give you that end to end security and then if any compromise is happening, it's happening here and we can tell you exactly put these security elements here. Even if two hosts get compromised, don't let your entire infrastructure get compromised. And then with all these elements happening, MCP, LLMs and all that, you have to also look at traffic headed out to the large language models if you are going to leverage them from the public cloud and not sending some information which is proprietary. How do you block that? Because developers are developers, they'll write code quickly and Anthropic, Gemini, whatever, is using to generate the code. And we see all kinds of proprietary information can be headed out. So you have to use something like DLP to prevent that. So all those elements you have to put in your security stack, seamlessly working together at the right network points. So that's what our architecture will do.
Dave Vellante
>> Your point about open source is interesting. And Prashant, closer you follow the open claw trend. It's unbelievable. I was talking to Google this morning and they told me that it was Mandiant and they said that more than 800 of the open clause skills that you could download these wonderful looking skills, more than 800 are malware. So this is what you have to protect against.
Prashant Gandhi
>> Absolutely. The attack surface with AI in the mix is just exploding, right? And so the key to this, if you really look at any AI generated attack, ultimately what happens is that the perimeters breached, the attacker gets in, lands on a weekly protected asset, then moves laterally. And that lateral propagation is where we come in because we lay the trap in the lateral world and that's where we drive zero trust. So now, the question for CISOs is, how do you enable this across all workloads very quickly, right? And so we have come up with a four step process, one, two, three, four, right? We defend one, two, three, four, and it allows customers to do lateral segmentation to drive zero trust lateral security in matter of weeks to a few months across their entire asset, application asset. And to us, it's not just about integrating, it's not just about having closed loop security, but it's not just defense in depth, but also how do you deploy it comprehensively in a very quick manner? Because that's the only way you can buy down risk. And that's we are building measured directive as to, I would like to have the product get deployed quickly by customers. It has to be consumed. The innovations have to be consumed quickly. And these are ways we are building tooling right into the product so CISOs can deploy them quickly.
Dave Vellante
>> So you mentioned zero trust a couple of times. Zero trust pre COVID was like kind of a buzzword and then post-COVID and during COVID it came to mandate and now it's sort of getting overwhelmed by AI, but AI everything, like I was saying, from PC printers to AI. And so you've got this lateral movement that you described. Zero trust is still important. It's hard to operationalize. You've got to do segmentation, micro segmentation, but you also have to do threat prevention. And again, CISOs tell me that the NIST framework and Zero Trust frameworks are great, but we have to figure out how to operationalize them. That's the hard part. How do you bring together things like threat prevention, segmentation, so that I can operationalize more easily?
Umesh Mahajan
>> So excellent question. And that's why we started at VMware, mainly with the distributed firewall 10, 12 years ago. Since the last five, six years, we have been investing heavily in advanced threat prevention, which is IDS, IPS, NTLDR, and malware prevention. So we have put these assets together, but then we figure out we have these assets, but only so many customers manage to deploy it. What is the problem? We've written all the documentation, we give talks, YouTube videos. Why are they not able to deploy it? So it's like many times what we find our customers don't know which kind of sensor to deploy, what does this mean? How do you interpret the NIST framework? What is this? What is that? There are obviously a few security folks over there who are very, very good and who know what to do and they go ahead and deploy it. But the rest, I would say almost 75% of our customers don't know that they're caught in this nation. Yes, we want to do it, but no, we can't do it as they just keep talking. So again, just like we talked about, we defend one, two, three, four, we are also rolling out, we defend advanced threat prevention, one, two, three. We're making it very, very prescriptive. If you have these kind of things, at least put this basic stuff in place, get the basic stuff deployed first, get to 50%, 60% security level, then do the advance. Don't start the opposite way. The most complicated thing, you never get to the other side because you get stuck over there. Start from the simple prescriptive way, which you tell you exactly, these are the nine sensors you deploy, not the 24. This will cover 60, 70% of the kind of attacks. Then you successively move up the chain and automate the whole thing and tell them exactly which requirements are being met by that. That's the only way we believe customers will move and get secure in the zero trust journey and this fight against these multiple attacks coming. I think you talked about Google Media and this just sent out and report that EDR alone is not sufficient. You have to do NDR. You have to detect the behavioral attacks and protect against them. If EDR is endpoint security, that doesn't prevent everything like CrowdStrike can't protect you from everything. There are other aspects in the data center that you'll have to do and X, Y, Z are the reason. And we've been saying that for some time, but I'm making it really easy for customers how they deploy it.
Dave Vellante
>> Well, because you control the whole stack, you're really talking about deeply embedding security into every aspect of your system, of your architecture versus bolting it on. We talk about that all the time, but so what does that mean? I think bolt-on is, I have an appliance or an array or whatever it is, I'm going to plug it in. Now that component might be secure in and of itself, but then there seems. So explain that.
Umesh Mahajan
>> Bolt on we also mean like you bought products from, most customers buy security products from 10 vendors. Okay, NTNDR, this vendor, firewall from one vendor, IDS, IPS. Bolton also means, first of all, those releases are not quite certified against each other and with the underlying stack. They don't plug in place. So you have to spend a lot of time redirecting traffic through one security product, then the next. And then you get these detection and signals and alerts from the different security elements. How do you make sense out of that? Oh, we'll put it in Splunk and then we'll look at it and then some security analysts will look at, okay, who has these beautiful security analysts will put sense? And these days, AI is so good, you don't need some of the security analysts. We did some experiment recently. If you're able to see the attacks quickly and have the data, it'll tell you exactly what the attack is. And that's what we are putting into a security product too. We are using AI. Is it a real attack or not? Tell me right now and we'll expose it to the customer. You don't need days of sifting through data to figure out AI and LLM machine will do that for you and spit out the result. And it is quite, quite, I don't exactly say how accurate, but well into the 18, 90% accuracy, that's what we are finding, better than humans almost sometimes.
Dave Vellante
>> So presumably you're using these techniques within your own organization. You guys eat your own dog food, some people call it drinking your own champagne, whatever, but this is something that you have practical experience implementing internally, is it not?
Umesh Mahajan
>> Yes.
Dave Vellante
>> Yeah.
Umesh Mahajan
>> Broadcom IT is leveraging our products and is deploying it for many reasons, right? To provide the security because Broadcom is a big enterprise, right? We run a lot of software workloads and ASIC workloads and we don't want ASIC IP to be stolen under any circumstances.
Dave Vellante
>> I'm sure a lot of people would love to get their hands on your Certis.
Umesh Mahajan
>> So there's heavy protection going on over there and all kinds of attacks happen there too all day long, all day long. So our products have to hold up in that environment. And for me, what the good thing is that team gives me excellent feedback. They're the best internal customer and they're very demanding too. Hey, that's to scale better if for tomorrow's environment and so on. So that we have an excellent relationship and they are saving tons of money also by using our products.
Dave Vellante
>> So I have been a judge on theCUBE awards. I was not a judge in this last round, but you guys won an award for the Avi load balancer. What's new with that? These judges, this is independent. We've got dozens and dozens of judges. They put a lot of time in, so thank you all for doing that. So it's something that we're really proud of. The community has come together. You were recognized. Why do you think you were recognized and what's new with Avi and how is innovation? What's the roadmap look like?
Prashant Gandhi
>> Yeah, I'm kind of speaking out of turn. Umesh is the co-founder of Avi. So he knows Avi inside out, but Avi has a most modern architecture. It is the only software defined load balancer today for on-prem and hybrid cloud, right? There's no other software load balancer out there, but that is a unique characteristic. It brought elasticities, brought scale out, it brought distributed capabilities, it brought Terabit performance, unique in the load balancing space. But what we have done recently, and we are very fortunate to get the award, is really take Avi to the next level. So we have increased performance for SSL, which is super important for a load balancer by 6X, by integrating with technologies like Intel QAT. Then we have brought post quantum crypto capabilities. This whole concept of record now and harvest later is very much there. A lot of banks and federal agencies are worried about SSL keys getting cracked by quantum in future. And so how do you have quantum resistant crypto? And so Avi has now that capability and we are seeing web application firewall being now for Agentic AI because if you look at MCP, model context protocol that is embedded in HTTPS. And so in order for you to have MCP intelligence, MCP discovery, MCP session persistence from load balancing perspective and from web application protection perspective, you need the load balancer and Avi is perfect for that. So I think a lot of these have been there. And finally, I would say that we have seen customers take Avi analytics to the next level. They are taking analytics and giving it to DevOps teams, application owners and say, "Hey, go look at Avi dashboard, figure out where your problem is, fix it yourself and don't come to us." And we've seen customers reduce their tickets by 90%, up to 90%. And that is the level of kind of optimization and cost savings that Avi delivers, Avi of today delivers to customers.
Dave Vellante
>> Well, congratulations on winning that award. I know how much goes into it. As I say, I've been a judge and the detail that you guys submit is greatly appreciated. I don't want to be a fearmonger, but I do want to close on a topic that is very important. It's ironic. Jon Oltsik wrote a piece before RSAC saying the theme, of course, is power of community, and yet all the talk is around agentic. Machines talking to machines, but of course there's still many humans around, but agents, agentic, it's been the talk of the month, the quarter, the day. What does that mean for the attack surface? How concerned should we be?
Umesh Mahajan
>> I think it is concerning because we are using AI in different ways within the company too, right? We are using AI to increase our productivity, to generate code. And what we've seen in the last 12 months has made a believer out of me. In the beginning, no, it'll never be able to change embedded codes. Screw it, it can't understand. It can. It's getting us code at 99% accuracy.
Dave Vellante
>> Incredible.
Umesh Mahajan
>> What more can you ask? Train it a little bit and it's almost there as good as human and better than some of the engineers I ... Sad to say, right? Because it can work much faster over there. So if we are able to use it that well, the attackers and some of the hackers are really, really good. Maybe you're just likely twisted mine, but they're really, really good. God knows what they will do with those tools at their disposal, how fast the attacks will come and how devious they can be. So I think we have to be super concerned in this day and age because the attacks like three years ago it was ransomware, then it was okay coming faster now is the agentic AI workloads, people will spawn on without thinking and will not do the protection because there's so much pressure to increase productivity in the companies. You'll be forced to do it. Securities, okay, we'll worry about it a little bit later and they'll get compromised. I think that danger is right now in the next two, three years as people don't know how they'll be attacked. And the people who don't do anything will be sorry, sorry about it.
Dave Vellante
>> All right guys, we got to wrap. Prashant, I'll give you a last word on your thoughts.
Prashant Gandhi
>> There is obviously silver lining, right? Our approach is leverage AI to improve our cyber portfolio, AI for cyber and the opposite side of the coin, which is take our cyber portfolio and apply to AI to secure AI workloads, agentic AI workloads. So we are looking at MCP, MCPfying our capabilities. So we can take out rogue agents, rogue data stores, rogue MCP services, very important, lockdown, all of that assets, any exfiltration that occurs, look at content security and flag that. And overall, how do you sandbox agents so that they are able to do what they're supposed to do, but no more, right? The principle of least privilege applied to agents. I think these are exciting areas and we think that with our architecture, which is software defined, platform integrated, multilayer, converged stack, we think it is kind of the right way to get to this Nirvana.
Dave Vellante
>> Shadow AI is obviously concerning a lot of people. I would imagine that Broadcom as an organization is very strong governance. Many organizations don't. How concerned are you about Shadow AI?
Umesh Mahajan
>> Yeah, Shadow AI can again, same way cause that problem, right? If people use their work laptop to do different things and they start doing it for their own, then, "Oh, I can use it for work too." And that's where that danger line happens and you're finding strange attacks are happening. The CEOs get routinely like people, "I got an email, this is Hawktan." I was about to click, "No, no, this email is strange or something." I stopped. So they're happening all the time. So shadow AI, people will do things and get compromised, but I think customers have to latch onto the right architecture, act upon it. They can't procrastinate for a year or two years. If they do, either through governance model, don't allow anything. Broadcom has a very tight governance model. Doesn't mean we can't use leverage AI. We do in a very heavy fashion, but an investment has been made around that. What is the sandbox? What can you do? How can you do and how do you operate? Either you do that or you'll be in for some surprise.
Dave Vellante
>> And we've all been there. Experienced Security Pro like yourself, myself. I'm always very careful, but I find myself multitasking sometimes.
Umesh Mahajan
>> Sometimes you play.
Dave Vellante
>> Well, thank you for that morning though. Guys, thanks so much for-
Umesh Mahajan
>> Thank you so much....
Dave Vellante
>> Coming back in theCUBE, really appreciate your support. All right. And thank you for watching. This is theCUBE's live coverage of RSAC 2026, Dave Vellante for Christophe Bertrand and Jon Oltsik be right back right after this short break.
Dave Vellante