 Welcome back, everyone, to theCUBE's live coverage in San Francisco here at Google Next 23. It's theCUBE's team coverage. I'm John Furrier, host with Rob Streche. We have Lisa Martin, we have Dustin Kirkland, Rob Hoef, Mark Alves, all on the ground getting all the stories. Exciting, growing ecosystem, great news and announcements. We're here with CUBE alumni. This team gets Sunil Padi, VP and general manager of Google Cloud and also the security cloud. Sunil, great to see you and thanks for spending time out of your business schedule to come on theCUBE. Great to be back, John. A lot of action, I'll say security's baked in. This is the Google phrase we've heard all week that they're baking in security into everything. Now we like that, of course, that's the talking point, but it is true. You're running the security aspect of cloud. A lot going on there. That's not baked in. This is actually a practice that you're running. Give us a quick update. You've got the mandiant brought in to the fold. You got an event coming up in DC. We'll be there with theCUBE. Give us the update on what the organization looks like and then we'll get into some of the conversations. It's great. I think basically the simple summary was four or five years ago, as you said, Google really was intentional about security to be built in and essentially it was more of a verb. We secure the cloud. Over the last four or five years, it's become a noun as in we are in the security business because a lot of our promise of Google's IP where we get it from protecting Alphabet, protecting Chrome, protecting all the signals that we get there, we wanted to bottle up that IP and bring it to customers where they are rather than just on GCP. And that's really how the security business or the security cloud was built. And mandiant was sort of like the first major sort of step function change of where we actually asserted our brand by the company. And in the last year that we've been with mandiant, it's been completely fused into the Google ecosystem intentionally, starting with mandiant's frontline Intel and services or something that we have doubled down because who better to actually educate the world other than a front responder who's actually seen the first instance of it. And imagine if that path between the customer zero who gets affected to thousands of customers is shock circuited, one of our goals is to prevent a patient one. You can't prevent a patient zero of the zero day attacks. But if you had the power of Google and mandiant together, you could actually prevent any more patient ones in the world. And so that's where you'll see a lot of announcements around mandiant threat Intel, mandiant consulting, infused into Chronicle. We also had an announcement around mandiant hunt for Chronicle where any customer doesn't have to be a mandiant expert, they could just call mandiant on demand and so forth. And the thing is is that security as a practice as a cloud, okay, check, you're running a business. It's a huge upside potential in this. You see RSA on these conferences, what's the plan? I mean, what's your strategy? How do you see the your business plan going forward? Because again, I see from a number standpoint, Google's got that $32 billion run rate Google Cloud. So there's a lot of workspace in there. But security, huge upside. Yeah, big time. So I think the way, so there's a mission and a ambition. Okay, so the mission is clearly in a good way synergistic with mandiant where a lot of security mission oriented people are there to kind of keep the world safe. But obviously, as one of our founders Larry used to say, the best way to support your mission is to have a real business, to support the mission, right? And so with security cloud as a business, as we talked about, we've broken it down into two major pillars. One is, how do you bring a best in class opinionated cloud platform that can provide the best built-in security, risk-centric approach using security command center and a variety of capabilities that any app that moves to Google cloud just inherits all the things that Google uses to protect itself is encompassing that thing. So that's one vector. And that's where you saw a lot of updates. You've done confidential computing, risk-first security compliance and all that, right? Sovereignty is a big deal there and all that. The other fork though, which is where security as a business also comes in is look, we have an opportunity to kind of go share this IP to modernize security wherever customers are. Amazon, Azure, other clouds, on-premises. And this is where the core asset there is around security operations and bringing a modern platform in Chronicle. Sort of like in the CISO, this is the ERP, right? And if you can really do a great job of that core business process of enabling a SOC to be world-class in prevention, detection response, then I think we can make a step-function change. So a lot of our focus is around modernizing security operations and this is where you'll see a lot of mandion being infused in addition to organic stuff. You know Rob, one of the things I was going to bring up is during theCUBE, we talked many times about security and one of the things that always comes up is, okay, got endpoint protection, we got zero trust. Every time there seems to be a new one, they've got threat intelligence. The main thing's interesting because when you add AI to it, it gets to be interesting. So the question is is that, I won't say those are flavors of the month, security approaches, but what's the current state of the art, Sunil, in terms of is it threat intelligence, threat hunting? Is it zero trust? Yeah, I think the way we look at it is look, there's a whole bunch of, if I can call it, controls you have to put in place. Zero trust is just one of those controls, right? Just like you have good hygiene on the endpoint with endpoint systems, you have good hygiene on identity and all. But you do need this security digital nervous system that can collect signals from everywhere and control those outputs. And that's really what we mean by the, sort of like the central nervous system of security is the chronicle platform. And sort of like the brain that drives it is the threat intel that we actually collect from the front line, that mandate powers that our own experts use as well as partners use. But we're also fusing it with signals like safe browsing from Enterprise Chrome. We get a ton of signals from the Android Play Store. Of course, we have a lot of, you know, Project Zero is like a Google, you know, always on front of things. So all those are infused to sort of drive this nervous system powered by chronicles so that we can actually control all the, if I can call it, the touch points that actually matter, such as the network, the data, the endpoint and so forth. Yeah, and it also seems that it's really driving into the developer culture as well to help them even while they're building their apps and everything like that, and even deploying their apps and containers and how they use all that threat intelligence and how it's more of a solution versus just one product. Yeah, and I think you'll hear this with generally the ecosystem in general is how security is evolving from a state of, you know, technologies and products or even solutions to a state of outcomes. And an example of that is the following. People always talk about, oh, I've got a security solution that covers my enterprise and other areas, but what's unique in a security solution if you were only on cloud? I'll give you one example is you can actually do what you just said, which is not only can you detect things, not only can you remediate, you know, have a proactive sense, but you can burn these policies, you know, left shifted into the development life cycle so that the developers are, whether by intent or automatically, they're actually becoming security operators. Because now when they're generating code, the right security policies wrapped around it at build time, run time, deploy time and so forth, right? And that's the one big difference I would say in cloud that you can get because in a classical enterprise that's much harder. Yeah, I was going to say I run product for a number of startups and it was always how you get the engineers to really code safely and securely and how you had to continually train them to do that. Are you seeing this as a place where, I mean, you had the announcement of, you know, Palm 2, security Palm 2 and is this a place where that's going to help them? So let me maybe connect the dots to the AI side a little bit, but even pre-AI just on the software supply check, like if you really take a full step back, one of the still I would say soft spots where you look at the landscape where we are most exposed because look, on the data side, yeah, we have to be on top of it on the network side, yeah, it'll be fine, right? End point, so forth. But if you look at software, that's what's the IP for most of the companies now. And most of everybody's software, including Google's is open source and there isn't a real rank fence around open source. So that's one of the innovations we had done a while ago which is about look, what if the world of GitHub, any open source in GitHub is sucked into our pipeline, we apply our detections, our first testing and our vulnerability testing and then we push it back to the world. So it's still the same source code, compatible, but it's curated so that we are going to the source of the vulnerabilities as just one example of truly shift-lifting to the source, okay? But let's talk about AI for a second. So let me just set it up so that you guys can chime in. So the way we've approached AI in cyber is a little bit more holistically, what I would call a three-layer cake. The first layer is, before we do anything in AI for security, we have to protect our AI stack. And so that's a big focus for us is not just governance and controls and compliance, but just like we protect the software supply chain, how do we protect the AI supply chain? Developing models, creating inference, data customization, pruning, whatever, right? So we can get into that, but that's a huge focus for us at the bottom of this layer. We were just talking about that, by the way. Last week at VMware Explorer, and yesterday, all day, you know, the LLMs have security challenges, licenses rights. So there's secure. Yeah, I mean, I would say that securing AI workloads, what I would call is that there's some table stakes job. Like, okay, they're just services like anything else, so you got to have good IM controls, you got to have good data governance and all. But there's also a more deeper nuance. The deeper nuance is the threat landscape can be fundamentally changed if actors use AI to obfuscate the classical attack landscape that they currently have, right? So part of our securing AI workloads is to actually say, hey, can somebody use our AI stack to actually break into our systems? Yeah, a problem is an injection. An example of that, right? Our data poisoning injection and all. So there is a team between a lot of, this is where Google is a little bit unique because we actually have DeepMind and our cloud security team sitting side by side to actually do red teaming exercises that Mandiant knows how to do well. And so that's a good example of what is red teaming in the world of AI mean is something that's securing AI workload. So that's the four lowest layer, right? I would say that the second layer of the AI stack is, as you said, now is that we've, inside Google Cloud, it's probably the first area where we have a lot of data. We have data from Mandiant, we have data from Google Chrome and all. We have trained our own large language model to essentially, we call it SecPyM too, to actually create security's first, you know, sort of LLM, right? And then we have exposed it to both our first party applications so Mandiant could use it, Chronicle could use it and all, but also partners like Accenture. I mean, there's a variety of partners we've talked about. So that's the three layered kick pad. I want to, thanks for sharing that. AI is definitely in your future for sure. This is good and bad. You got to manage both. Great for sharing. I want to dig into that in another session after Google. And in fact, in fact, the thing that, the tagline that the Mandiant and DeepMind guys have is, AI, with AI, good actors can do more good. Bad actors can do way more, more certain things, right? So that's the motive of Accenture. Totally, and it's going to be the same game, chasing them down, hunting them down. I want to get into something you said before we came on camera, the cyber shield for Mandy and some, Chronicle shield. What is that? Can you think of me for that? That's super interesting. So about a year and a half ago, between the Israeli National Cybers Direct Rate, and you can imagine, they're a power horse in cyber in the world. They partner with Google Cloud Security to reimagine what would be an equivalent of the iron dome, like the cyber dome for a country, from the ground up. And to do it on a more modern platform that combines, as we talked about, not just all of Chronicle's scale and efficacy, but infusing it with Mandiant's Intel, while at the same time also providing the same platform so that they could build on next generation stuff like AI. The more modern technologies that have come along with it. So that's essentially what we launched was Chronicle's cyber shield in partnership with the Israeli National Cyber Direct Rate as the first instantiation of it. And what you'll hear from us in the near future are more instantiations of that for other governments because the way this is being built is to be a very, how do I say, open-minded way because the best practices, the more countries can solve for each other, the harder it's for these nation states to penetrate. And eventually the same best practices of the solution we expect to be adopted in the mainstream enterprises as well. And you're looking at deploying that to enterprises, bringing that functionality to enterprises. So today, already any of our current large banks that have Chronicle, Mandiant, already have enough of the, if I can call it building blocks, this takes it to the next level of how do you actually create a sock of socks so that a large multinational can still have, act globally, act regionally kind of scenarios. And that best practice and framework is what we'll bring to the large scale enterprises. And so you guys have your Mandiant event in Washington DC coming up, we'll be there at the Cube. After Google Next, what's left? Did you save any announcements? There's always room for that, for that, but people have to wait till M-Vice. How about a little teaser? So I think one of the big things, one of the big things we'll talk about at M-Vice, but also later would be, just imagine the, remember we talked about Secfarm2, our core LLM, just like you've seen us here, you should expect major advances in the quality and the scale of it, as compared to what we talked about earlier this year. And the kind of applications that are being built on it, you'll see instantiations with great partners as well, not just Google Apps, right? Because that's ultimately the way to kind of truly manifest that open platform promise. You mentioned earlier, you're bottling up all the IP of inside Google security, I'm sure, not literally bottling it up, but trying to aggregate some of the best practices. I mean, we've seen some of those physical security with Chromebooks and just at the firmware level, just so much action and security, kind of in pockets all over Google. How do you bring that together? I think currently, I mean, it's been, by the way, that particular thing has been in play for a little bit of time. For example, when we launched BeyondCorp, it was an opinionated way in which we brought, if I can call it Chromebook level security, hardware keys, all the way to your mobile device, all in an opinionated solution. So one way we manifest that is in these solutions. And in security operations is another way, right? We were actually taking thread intel from Google, expertise from Project Zero, Mandian on a platform and bringing it in the most systematic way. So you guys are operationalizing the best of the best and then kind of often as a service employee? I'd say to be the best of the best, I'd rather be a little bit of the underdog, a little bit humble and angry, but yeah. I would say for sure the quality of not just the talent, but the quality of content now is world class. So our job is to make it easy for the world to consume that. And it seems like, again, the other layer that you have on top of that is the integrations with Duet as well and making it simpler for the security professionals to understand what they're seeing as well. And I think we've taken a little bit of a, I would say, I mean, in 30 seconds, you obviously heard of Duet AI all the time. It's AI all the time now at the show. And cyber is no different, like I said, with a couple of differences. We have an opinionated LLM now and all that. But the approach we have taken, the analysis that I give people is, look, you have your phone, 2008 iPhone 1 launches. You had what, a phone call? You had some email maybe, and you had a browser. First time you had a browser, right? And so the world started browsing the net using the browser. And the analogy that I draw to the GenAI stack is that's the chatbot. But if you only stayed on the browser and you didn't have a mobile app that was native to the mobile ecosystem, swipe left, right, use GPS camera, you wouldn't probably have accomplished what we did on the mobile side, right? So the way we're thinking about beyond chatbots is to actually infuse AI into each workflow of the value chain. A simple example is, I have to parse logs, man. It's boring job, right? Told ya. I have to learn all these rules. Who learns learning rules, especially these days? So imagine if each of those workflows inside or each of our products are intentionally upgraded with AI. So that's the real, we call it AI-infused rather than AI-overmined. Total sense because one, it's native. You got data that you're used to, workflows you know, get them automated, and then move on to the next more creative thing. And in some ways, if you remember our original discussions, ultimately, this is another instantiation of invisible security. It isn't like we're putting AI to work invisibly rather than something that's front and center like a chatbot all the time. It should be interesting. It should be just standard oxygen. It should be safe. Sunil, thanks for coming on. Your thought leadership's awesome. Great to have you on Explain the Security Cloud. And the last minute we have, explain your vision for the security. What's coming up at the event? I can't reveal anything too much. I know you got to save some of that for the event. But as you look at the security landscape, AI's here, it's going to be infused. What's going to roll out in your mind's eye as you look at the 20-mile stair down to the ecosystem? I think probably, maybe not just at the event, but it'll be a sequence. But I would say probably in a year or two, hopefully the material step function would be independent of what the threat landscape is. Every customer's talent pool for security gets expanded dramatically, not because they're hiring more people, but because the team that they have can do 10x more. And then they can leverage 10 more people outside of security to do the work of security. So I would say that the real ambition for us at Google Cloud is to say, look, you're not going to add more talent. The threat landscape is going to keep changing. But how do you still get to a better posture? The only way is to democratize security across all of your IT, so that every developer is contributing to security. The date is the key, scale is key. And this is where, you know, who knows about the front line is important, who has the data is important, who has the platform is important. And so there's a little bit of, I would say, synergies there that we can build on. If data and software is the IP, you've got to protect that. Make sure all of us protect it. Thank you for coming on. Great to see you in the end. Thanks for taking time out of your busy schedule to come on the crew, really appreciate it. And Rob and I, thanks so much. All right, for the whole team here, we're in day two coverage here in San Francisco, getting all the action, securing everything, getting all the data, sharing with you. I'm John Furrier, Rob Stritching with protein coverage. Dustin Kirkland and Lisa Martin are here as well. Rob Hope and Mark Alveson, getting all the stories. We'll be right back with more coverage after this short break.