7월 23, 2024
EP 57 – Proactive Defense: Security’s AI Infusion
In this episode of the Trust Issues podcast, we explore the transformative impact of artificial intelligence (AI) on identity security. Guest Peretz Regev, CyberArk’s Chief Product Officer, joins host David Puner, for a discussion about how AI is reshaping cyber protection, offering solutions that are as intelligent as they are intuitive. With the ability to predict threats and adapt with unprecedented agility, AI is ushering in a new era of proactive security. Regev shares insights into the company’s strategic vision and the role of AI in enhancing customer security and productivity. He also discusses the launch of CyberArk’s AI Center of Excellence and the introduction of CyberArk CORA AI, an umbrella of AI capabilities infused within CyberArk’s products.
Join us as we examine the challenges and opportunities presented by AI in the cybersecurity landscape, the importance of fostering a culture of innovation and how CyberArk is leading the charge in securing identities in the AI era. This episode is a must-listen for anyone interested in the intersection of AI and identity security – and the future of cyber protection.
[00:00:08] David Puner: In an era when artificial intelligence is revolutionizing every aspect of our lives, it’s crucial to recognize that cyber is a critical and broad aspect. And within it, identity security is the foremost concern. Together, AI and identity security are reshaping the very fabric of cyber protection, and we’re witnessing the birth of solutions that are as intelligent as they are intuitive, capable of predicting threats and adapting to them with unprecedented agility, security that’s proactive rather than reactive.
[00:00:42] David Puner: Because, of course, also thanks to AI, the attack vectors we’re defending against are only getting more sophisticated and effective. At the same time, security professionals charged with constant innovation and a relentless pursuit of excellence can’t be bogged down by complexities that slow down productivity.
[00:01:01] David Puner: Nobody likely knows that better than our guest today, Peretz Regev, who’s CyberArk’s Chief Product Officer, the guy driving our product vision. Peretz came over from PayPal about two years ago, and the teams he oversees now are responsible for developing products, defining roadmaps, researching new technologies and attack vectors, and ensuring operational efficiency.
[00:01:28] David Puner: He arrived here just two months before ChatGPT’s wide rollout in late 2022, which of course was part of a massive AI paradigm shift, one that triggered ripple effect paradigm shifts that are felt everywhere. Since then, under Peretz’s leadership, CyberArk launched its AI Center of Excellence, which focuses on integrating AI into CyberArk’s strategy to enhance customer security and productivity.
[00:01:58] David Puner: The center is responsible for researching AI and developing methodologies for applying AI technologies across R&D and embedding AI capabilities in CyberArk’s product portfolio. Peretz also led the introduction of CyberArk CORA AI, an umbrella of AI capabilities infused within CyberArk’s products, aiming to provide customers with advanced security. In our conversation, Peretz discusses all of this along with fostering a culture of innovation that can inherently adapt to today’s rapidly changing threat landscape and the future threat landscape.
[00:02:35] David Puner: Let’s get to it. Here’s my conversation with Peretz Regev. Peretz Regev, CyberArk’s Chief Product Officer, welcome to Trust Issues.
[00:02:43] Peretz Regev: Thank you, thank you, David, and thanks for having me.
[00:02:46] David Puner: Absolutely, really excited to have you on, uh, long time in coming here. Why don’t we just get right into it. I’d love to hear a little bit about your role, because I know that you oversee a lot of things. So, what does it mean to be CyberArk’s Chief Product Officer, and what does your role entail, and who’s on your team?
[00:03:06] Peretz Regev: As the Chief Product Officer, I’m overseeing a few groups. One, and the biggest one, is the R&D. All the great developers that are developing our products, solutions, and capabilities to our customers.
[00:03:18] Peretz Regev: The second one is the product management. Product management is the arm that defines the roadmap for our products that prioritize the capabilities and features, and at the end of the day, works hand in hand with the R&D to release these to the market. The third arm will be the innovation and labs. These are the white hat hackers on one hand, the hackers that you want on your side. These are the people who are researching new technologies, new attack vectors, new methodologies within the cybersecurity world, as well as the recently established AI Center of Excellence, which are responsible for delivering, researching the AI area and how we can help our customers to be more secure, more efficient, much more productive.
[00:04:07] Peretz Regev: And at the end of the day, to run all of this. Thank you. We have our internal product and technology operation, uh, people that helps with everything that is all around there. Right? With the budget, with the headcounts, with everything that enables us to run a very productive organization.
[00:04:25] David Puner: Wow, that’s a lot. And, uh, and I think I kind of knew that going in, but we’ve talked to a few folks who sit under that umbrella, including Daniel Schwartzer, who’s the Chief Product Technologist and the leader of that AI Center of Excellence. You mentioned we’re going to talk about the AI Center of Excellence in just a little bit. But first, you came over from PayPal just about a couple of years ago, where you were its head of global data science and engineering. What did you expect coming into this Chief Product Officer role here at CyberArk, and what’s been surprising?
[00:05:01] Peretz Regev: When I joined, uh, and the CEO who recruited me was Udi back then. I think that the major reason was to bring the AI, the innovative, the new approach to the team. What I found, first of all, is really a set of amazing people all over, not just in product and technology, you know, at finance, HR, legal, people that want the best for CyberArk, have the same mission, the same direction, and we’ll do everything that they can for the best and for the good of CyberArk. So this was one of the immediate things. The second is the transition. We were, and still are, in transition to a full SaaS company. And this is what I found, but also what kind of surprised me in a good way. We were in transition for six quarters, mainly on the financial aspect, but now we continue this transition throughout the product transition, uh, for full SaaS capabilities on the technology, on the architecture. So it’s kind of an ongoing transition that the company and my organization is going through in the last couple of years.
[00:06:10] David Puner: I want to go back for a moment to being recruited by Udi Mokady, our founder and executive chairman. What is being recruited by Udi look like? Does he slide into your LinkedIn DMs or how does that work?
[00:06:24] Peretz Regev: So just before that, just, uh, um, you know, a funny story. One of my questions during the interview process to Udi was, Udi, come on, what’s going on? How do you find this energy after so many years? And his answer was amazing. There is no single day that is similar to the previous one, and this is what excited him and this was the exact answer that I wanted to hear because I’m a very energetic person, both in my personal life as well as in the professional one, and I’m looking for challenges in my background. I’m an engineer that wants to solve problems. And where there are no problems, I’m looking for other areas to solve these things. So I was so excited with the opportunity, but also with what is the roadmap, what is the future that entails for CyberArk as a whole and the challenges in front of us. And I think that there was an immediate, I’ll call it an immediate match between us. Uh, you asked about Udi. Udi is, you know, when he wants something, he gets things done. For the first time, we set 45 minutes. It took us two hours to finish the first round of, uh, uh, meeting. And another funny story is by the end of this meeting, we shook hands. We said, okay, let’s, let’s continue because it didn’t, you know, it didn’t, uh, it wasn’t enough. And after a couple of days, I was calling Udi, telling him that I had COVID positive and probably I infected him. So he remembers that I was the one who infected him with COVID. This is a real story.
[00:08:01] David Puner: So you have that bond as well.
[00:08:03] Peretz Regev: Yep.
[00:08:03] David Puner: That’s really interesting. And I guess at this stage of the game, maybe a bit entertaining as well, but who knows anyway, Udi is a friend of the show. We love having him on and I can totally see how a short conversation could lead to two hours and then more. So, going back then to your experience leading up to CyberArk, how was your experience at PayPal applicable to now living and breathing identity security here at CyberArk, and how are you thinking about identity previous to being here, and how has that evolved into how you’re thinking about it now?
[00:08:34] Peretz Regev: At PayPal, where I spent almost eight years over there, we dealt with AI before it was called AI. When it was only data science or only analytics and so on. What we did and the main, I’ll call it the main purpose of our work was to make sure that the identity that is doing the transaction over there in PayPal is really the right identity that we think is right. That it’s not a fake, that it’s not a fraudster, that it’s not something that is like a machine or something like that. When I entered CyberArk, I found a lot of similarities between them because at the end of the day, what we are doing is to make sure that we are securing all identities with the right level of privilege controls. And the first part of it is to identify the identities, to make sure these identities are the real ones and not the fake ones. And there is a lot of similarities between catching a fraudster that is trying to make a transaction versus a fraudster or a hacker that is trying to hack and get into the system. So there were a lot of similarities around that. I think that once the AI got into this boom, mainly the gen AI, this is where I think my capabilities and my knowledge in AI and data science came into the game. I joined September 1st, 2022. And the first thing that we did as a team, was to put on our roadmap for 2023 as part of the planning for 2023 is start experiment with AI again before ChatGPT was out there.
[00:10:10] David Puner: Right?
[00:10:10] Peretz Regev: It was amazing to see when it was out there, how much training, how much experiment we got internally that we were able to say, okay, it’s on fire right now. So let’s accelerate our plan. The original plan was to only kick it off in 2024, even later than that. And we made an immediate decision. We established the AI Center of Excellence in order to be able to deliver already in 2023. You know, meaningful capabilities and of course, what do we call to explode in 2024 with a really large set of capabilities that eventually named CORA AI and you know, 2025 we’ll talk about it probably later on is looking even brighter.
[00:10:59] David Puner: So let’s talk then about CyberArk’s AI Center of Excellence, which launched in September 2023. What is that? And I guess, how have you approached integrating AI into CyberArk’s strategy? And what were the key considerations when you established the AI Center of Excellence?
[00:11:16] Peretz Regev: Yeah, so let’s first of all talk about, AI is a technology that is evolving so fast compared to any other technology. You know, in the past, if in the past, we said that every two years, we double the compute power, for example, when we talk about storage, when we talk about optimization, all of a sudden, we are jumping from like in no time, we’re able to make huge progress around this technology. It was evident that we need to have people that are focused only on that and not doing AI as a side work or as a priority for out of 10. We need to make AI a priority for us as a company. And why is that? Because at the end of the day, our systems, our software, our products are the ones who secure the most meaningful systems for our customers. And if we’re not able to help them tackle, handle the AI challenges around the world, then they will just go elsewhere. And when we are talking about AI in CyberArk, we are dividing it into two. There is what we call the productivity AI set of tools, capabilities, technologies that we as CyberArk employees are using in order to be much more productive, much more efficient. And we can elaborate it. You know about it later on. The other part is the product AI. What are the capabilities that we are providing to our customers? To help them to be more secure and to be more efficient and productive. So this was the approach establishing a center of excellence to give kind of an immediate answer to the evolving technology. At the same time, we wanted to develop the methodology of developing AI capabilities because at the end of the day, we would like to expand over there. We would like to expand our capabilities. We would like to expand our investment. And how do you do it? How do you make it at scale? How do you apply AI technologies all over the R&D, all over our products and not just in a specific area or in a specific solution? How do you make AI as a common practice or common mindset for our developers when they think and talk about new capabilities that will come in. This was the idea. This was the approach. It’s kind of a phased approach. The first phase is a center of excellence. The second phase is actually expanding in training, developing processes and methodologies. And there are more phases as we grow and as the technology will evolve as well.
[00:13:53] David Puner: Do you feel like, because obviously the mass release of ChatGPT in November 2022, caught fire and changed everything and was ahead of what you were planning for when it comes to AI. Do you feel like on any given day you could come into work and everything could change again, and you’d have to do a 180-degree pivot, or is this built so you can pivot with whatever the changes may be or innovations may be?
[00:14:18] Peretz Regev: The AI technology is really disruptive at this point. I wouldn’t say that it’s going to be 180 because we understand what is the direction, what are the capabilities. But at the same time, I would say that it’s going to surprise us every time again about the usage, about the capabilities, about the scale. And we need to be prepared as a company and as a software company that helps customers to protect themselves. We need to make sure that we know what’s ahead of us. We talked about the labs, we talked about the research. We need to see what is approaching us from the future and being able to answer it and provide capabilities ahead of the time.
[00:15:03] David Puner: So you had mentioned CyberArk CORA AI earlier. What is CyberArk CORA AI and how does that figure into our overall AI approach?
[00:15:13] Peretz Regev: CORA AI is an umbrella, a family name for different AI capabilities that are infused within our products. It helps our customers to be more secure, more protected, and at the same time, be much more efficient and productive. It can be a way for our customers to be able to respond to many, many more security events. It can be a productive way to help our customers to actually recommend them about actions and steps they need to take within their day-to-day activities. And it can also be a capability that will actually help them to be more compliant and more secure within their activities. So it’s kind of a widespread capability named CORA AI. And our direction is actually that every single AI capability in the future will go under this umbrella. So to summarize CORA AI is our set of capabilities to help our customers to be much more secure, protected, productive, and efficient. And this is also the change of the mindset of moving towards an AI era. You will see that in the future, all AI-generated capabilities will go under the CORA AI family.
[00:16:28] David Puner: So is CORA AI then sort of a layer of evolving innovation, or is it something that inspires innovation or is it both?
[00:16:38] Peretz Regev: It’s actually the latter one. It actually inspires innovation. We had a very interesting naming meeting.
[00:16:44] David Puner: I was going to ask about that too.
[00:16:45] Peretz Regev: Yeah, what name to choose. And the reason we chose CORA, one of the reasons is because we believe that AI is going to be the core of the technology, and I would like as a CPO that everything that we do starts with an AI mindset starts with how things can apply to CORA AI. What can we do to make CORA AI better? It’s not just a bunch of capabilities, but actually capabilities that work together in an integrated manner that will, again, help our customers to be more secure and more productive.
[00:17:18] David Puner: So as a CPO, Chief Product Officer, how do you overall think about innovation? And what are some of the challenges and successes you’ve encountered as AI has entered into the product development fold?
[00:17:30] Peretz Regev: David, with your permission, I would like to kind of focus on AI innovation rather than the general innovation, because I think that with AI innovation, we are facing very distinct challenges. With AI today, the change or the pace from moving from an idea to a POC is like that. It’s really amazing to see where you’re saying, okay, what about doing this and that? And I’m telling you within hours to a few days, you’re able to actually produce this proof of concept and really show the value behind this technology. I think that the main gap or the main challenge that we see is, okay, now that we have this POC, how do we take it to production? How do we take it to scale? How do we make sure that the ChatGPT knows to answer all the questions and not just the prompts that I gave it? How do we make sure that when there are 10,000 events, a million events, 10 million events, it sticks to that? To its performance about quality, about accuracy, about the scale. This is, I think, the main challenge that we see with the AI technology as of today. And these are the maturity steps that we need to take as a company in order to be able to deliver it to the market.
[00:18:54] David Puner: That’s a really interesting way of looking at it. And thank you for the clarification. Given the potential risks then associated with AI, how does CyberArk ensure the security of its AI implementations while still benefiting from using the technology?
[00:19:11] Peretz Regev: Yeah, let’s talk about what kind of risk we have, right? So we have first of all, the liability risk, making sure that, for example, if a chat answers a question, it’s the right answer, right? And it’s not something weird or something misleading. There is a risk of data privacy. How do we make sure that the data that we are using in order to infuse our machines, our machine learning technology, is safe? Is actually not compromising data privacy, not compromising our customers’ privacy. There is also a compliance risk where we need to be compliant with the regulation. I’m saying in a way because there are no specific regulations as of the moment. For how AI should look like and as we move along as an industry, these are the rules and laws that are being developed and we as CyberArk need to make sure that we are not compromising them and we are staying ahead of the market, we are staying ahead of the curve of understanding what is going on, what are we allowed to do and what we are not allowed to do and making sure that we are compliant with this. So we are working hand in hand with several organizations within CyberArk, with our legal department, really hand in hand, everything is getting a legal approval, making sure that we are aware of the new regulations, the new compliance that is out there. We’re working with our IT to make sure that we are able to scale in the right way. We are working again, as a CyberArk team, AI is not just product and technology is all over CyberArk, and we need to make sure that we’re working hand in hand, because this is the only way that we’ll be able to be successful.
[00:20:57] David Puner: You have a lot of parameters to keep in mind. You mentioned, you know, thinking like the market, obviously here at CyberArk, we all need to think like an attacker, but also I would think in your role, you need to think like a customer. So how are you thinking like a customer and what kind of feedback are you getting from customers about AI? Are they apprehensive about it? Are there challenges that they feel like are too hard to overcome? What are they saying?
[00:21:22] Peretz Regev: David, you’re so right. We are changing hats during the same meeting every time that we develop a new capability or we are trying to think about the future, the customer hat, the hacker in the room, and even when we talk about the customer, is it the end user? Is it the decision maker? Is it the admin or the actual user? So we are changing hats. What we are hearing from our customers is the following. First of all, help us. It’s a huge wave of new technology and they are saying, Hey, let us know what you think. What should be our approach? What should we do? We want to be the thought leaders around AI in identity security. The second is they are asking, how can you help us leverage AI within your products to be more productive. And actually, I think that for us, since we also learn this new wave, this new technology, we want to hear from customers because in many cases they are bringing great use cases for us to develop new capabilities in the future. So we are working very closely and hand in hand with our customers through customer advisory boards, through EBCs, executive briefing centers. Through surveys that we are having within the products and outside the products, and of course, customer meetings, and we are getting all this information we are cataloging it, tagging it in the right way and trying to grab the gold out of the mass of the information and the gold is what can answer best for our customers’ needs? We talked about the different arms. This is definitely part of the product management arm. The ability to identify these needs for our customers.
[00:22:57] David Puner: Obviously a very exciting time to be in technology, let alone in identity security.
[00:23:02] Peretz Regev: That’s for sure.
[00:23:03] David Puner: So earlier you had mentioned productivity and obviously how AI is impacting the productivity of your team. What kind of changes have you seen over the two years that you’ve been here with, uh, with the company?
[00:23:17] Peretz Regev: I’m happy to share that CyberArk was one of the first users for GitHub Copilot. GitHub Copilot is a copilot, an AI-based technology that helps developers to write code. Better code, in a faster way, and in a more secure manner. As of today, we have 90 percent of our developers using GitHub Copilot. This is a tremendous change. So when a developer starts to code, they can optimize the code. They can check security vulnerabilities. They are being suggested with the right code and the right approach for coding while they are using the GitHub Copilot. This is a tremendous change within the R&D. Outside of the R&D, you see the Microsoft Copilot. So you see people that are using it for writing emails. For generating slide decks within PowerPoint, all to help with budgets and tables with Excel. I can share with you the amount of time that we are spending now on PowerPoint generation, for example, as being reduced dramatically. Why? Because we’re able to tell copilot what we want to have, what we want to do, and all of a sudden we have 70 percent ready in no time. So I think it’s an amazing era to be at not only as a developer, but also as a user. And there are more things that we are reading again in the news on articles that are approaching enterprises like us that will help our productivity even better.
[00:24:50] David Puner: So when we had Daniel on a couple of episodes ago, he was partially focused on AI predictions and where he thinks things are going in the short to near term, or short to near to long term, and I know that you can’t necessarily speak too much about future or product roadmaps or anything like that, but as far as innovations that we in general can expect coming in the near term future or that customers can expect. What do you think is coming and what are some of the changes that are coming and how will they contribute to the identity security platform vision?
[00:25:20] Peretz Regev: I’ll start with a quick story about Sam Altman that was asked about, okay, what should we expect in the next year or so? And he said, a year is too long. Let’s talk about the next month. Again, this is how fast the AI era or the AI revolution is happening. What we can expect is to see much more capabilities that are integrated within the product that will help our customers to hack faster and in a more secure way. Since I’m bound to legal constraints, what I can share is that we’ll see more things that will help our customers to be more productive and secure their environment in a better way. More recommendations that will go in that will help them to be more secure and also more recommendations that are based on our knowledge in identity security. We have tons of experience and knowledge about how to secure better your environments, how to secure better your identities. Getting all this data and providing this to the customers, to the users and help them to be safer, to be more protected. This is the direction that we are heading to.
[00:26:33] David Puner: How will today’s AI innovations continue to transform identity security and our workplace for that matter?
[00:26:40] Peretz Regev: AI is here to stay. It’s going to continue to revolutionize our way of doing things. And my ask from each and every single one of you that hear this conversation is to come to us, to the product and technology with ideas, with directions. With things that you have seen or things that you want to imagine, because at the end of the day, it’s not just the product and technology is the ones that are creating this. As I’ve mentioned, we have customers, we have competition. I would like everyone in CyberArk to think AI, to think what we can do and to come to us and we will make it real.
[00:27:23] David Puner: Peretz, it’s getting to be, I hope, toward the end of your business day in Israel. We’re coming up on about 10 a.m. here in Boston. Just starting, David, just starting.
[00:27:34] Peretz Regev: You’re just getting warmed up?
[00:27:35] David Puner: Yep.
[00:27:35] Peretz Regev: Uh oh.
[00:27:36] David Puner: Do you take a break to have dinner with the family or, uh, we just, uh, have AI eat for us? How’s that work?
[00:27:43] Peretz Regev: You know, with the mobile and, uh, tablets, you’re always on, but I do find spots and the time to spend with the family and relax a little bit and get a recharge to go back and, uh, you know, develop the new set of capabilities for our customers.
[00:27:58] David Puner: Well, I should also mention that it’s Thursday evening for you. So you’re coming up on your weekend. We really appreciate the time that you’ve taken. Really nice to speak with you. Thanks for coming on to Trust Issues.
[00:28:10] Peretz Regev: Thanks for having me, David.
[00:28:11] David Puner: Thanks for listening to Trust Issues. If you like this episode, please check out our back catalog for more conversations with cyber defenders and protectors and don’t miss new episodes. Make sure you’re following us wherever you get your podcasts and let’s see. Oh yeah. Uh, drop us a line. If you feel so inclined, questions, comments, suggestions, which come to think of it are kind of like comments. Our email address is trustissues, all one word, at cyberark.com. See you next time.