Episode 63: Rethinking DLP: Nightfall AI’s Rohan Sathe on Data Protection in the Age of AI Agents

Narrator:

Welcome to 909 Exec, the executive leadership podcast from 909 Cyber, where cybersecurity intersects with business strategy. Your host is Den Jones, founder and CEO of 909 Cyber. For more than three decades, Den has led enterprise security at Adobe, Cisco, SonicWall, and Banyan Security, helping executives navigate risk, trust and transformation. Each episode goes beyond headlines and hype with conversations that matter to leaders shaping the world of technology. So please join us for 909 Exec episode 63 with Den Jones and Rohan Sathe.

Den:

Hey, everybody. Welcome to another episode of 909 Exec. I'm your host, Den Jones, and every episode we try and bring some exciting guests on the show that can help you in your career journey. Founders, CEOs and the like, and today is like no other because we're going to have a great talk about DLP. So Rohan Sathe, thanks for joining the show. You're the co-founder and CEO of Nightfall AI. So why don't you introduce yourself a little bit better than me? I'd love to dig into who you are and how did you get started in the world?

Rohan:

Yeah, thanks for having me, Den. I appreciate it. Yeah, so just a quick bit of background before starting Nightfall, I was on the founding team over at Uber Eats. So got a chance to see how first class engineering teams were built and how Applied Machine Learning worked at scale. So I was working on designing some of the pricing algorithms for Eats and search pricing and things like that. And unfortunately at Uber we had a series of different data security incidents while I was there. And so that started getting me thinking a little bit about DLP and data security and how I could leverage some of my applied and machine learning kind of expertise to solve the problem better than it had been in the past. So that's kind of how I got into the space originally.

Den:

Yeah. And so let's talk about you as a kid. So I always like to learn from the guests when they were a kid, what kind of got you into tech?

Rohan:

Yeah, so I was pretty fortunate to grow up in the Bay Area itself. So kind of classic Silicon Valley background. So grew up in the heart of it. My dad was a founder as well and then ended up moving into venture. So I was pretty fortunate to have a lot of the exposure of entrepreneurship and building companies and technology. But I was always driven as a kid to, irrespective of what it was to start something. So I always had sort of this entrepreneurial spirit. Even in high school, right when Alibaba had first started taking off, found a way to sort of make some money in high school by importing some clothes from Alibaba and selling them locally here in the US. So there's always kind of been in the back of my mind and I was just trying to find pathways to do that in technology because I just thought that that was kind of the best place to go.

Den:

And I guess growing up in the Valley, you were always like a computer person. It wasn't something where all of a sudden you were a minor one day and then suddenly fell into doing IT. I've had a bunch of guests in a show where it's like their career was something totally different. In fact, this kid was a posterman at one point in Scotland, there's a beginning story right there. And then Uber Eats, I mean, I think that's one thing, right? You guys were doing stuff at scale. What was one of the lessons learned that you think helps you now as you start this business?

Rohan:

Yeah, I mean, I think for one, the experience was really good. So I got the opportunity to build something zero to one, of course, with the backing and support of a bigger company behind me, but got the opportunity to build something truly zero to one and see phenomenal scale once we had launched the product. Some of the biggest lessons for me was we weren't a very hyper competitive ecosystem. So there were already food delivery competitors at the time. And so I learned a lot about switching costs and making sure that product quality is really high because it was very easy for the consumer to just say, "Hey, Uber's not doing what I wanted to do. I'm just going to go switch over to one of the competitors." So I took a lot of that learning to enterprise software because I do think the barrier to entry and building product has gone lower and lower.

And so having that sort of consumer-esque mindset I think has helped us a lot.

Den:

At the end of the day, you're still in the service industry. I mean, experience counts. So you leave there and you start this business and you kind of mentioned a little bit about there's some security incidents over there. They're pretty public. So lawyers, please don't chase Rohan and I, that's public knowledge, I guess. What made you think I'm going to start my own business and this is the area I'm going to focus in on?

Rohan:

Yeah. So there's two pieces to it. One was I wanted to get to the point where I felt ready to start a company and you're never truly ready because you learned so much on the job, but at least from the standpoint of building a product zero to one, I wanted to feel comfort that I could do that as a founding kind of engineer product person at a company and two, be able to recruit top talent. So just growing my own network at Uber and understanding what it took to hire the best people and keep them happy ultimately. So I wanted to make sure that I had that sort of experience first. And then as I evaluated different problem spaces, the problem itself need to be technically challenging and interesting to me. And so applied machine learning and cybersecurity felt like a perfect intersection. And two, I needed to feel like there was a true moat that we could build that wasn't just like, "Hey, we have better software or something." I think the fundamental aspects of machine learning and data network effects was what got me pretty excited.

Den:

Yeah. You mentioned hiring good people. I was just always saying that a good person, Greg Andrews brought us together. So that is always a good example of build your network before you need it and great things can happen. And one of the things as you were starting the business, you've got the idea I'd love to hear a little bit about funding. So where are you guys at in your funding and what have you seen in the last few years as the biggest challenge to new businesses getting funding or what was the biggest mistake or lesson learned?

Rohan:

Yeah, again, I think I was pretty fortunate to have a co-founder that was in venture prior to starting the company with me. And so we already had inside baseball on how fundraising kind of worked, at least at the early stage. And so we've raised about 65 million in total. We've raised our series B as a mostly recent round and we're fortunate enough to partner with a catalog of awesome investors, I think anchored by Enrique Salem over at Bain Capital. So one of the marquee cyber investors in the world. So that was kind of what we were looking for was if we're going to raise capital from folks, how are they going to help ultimately and how are they going to be empathetic to the founder journey? Those two things were super important to

Den:

Us.

Rohan:

Yeah,

Den:

I mean that matters. I mean, I think most founders when they're looking for investors, there's maybe more focused on getting the investment rather than who the investor is and then how the investor can support the founders, right?

Rohan:

Yeah, totally. And look, sometimes it's not like you've got 20 options on the table. It's easy to say when you have 20 options. If you need to take a term sheet and you need money, then sometimes you just have to do it. But I think we were fortunate enough to have many different options. And so as part of our valuation criteria, we were really looking for that expertise in founder empathy.

Den:

Yeah. Yeah. So yeah, I'm seeing something in chat as well, Rohan, for you, I think. Yeah, one of the things I'd love to dig into is this DLP topic there. Oh, there we go. Yeah. So the DLP topic, so you guys thought you were going to get into that space. Did you have much experience with DLP before you started?

Rohan:

No experience with DLP, but I think as in venture, we were able to quickly build up expertise. Just the first thing we did was we probably talked about a hundred different CISOs and got their perspective on the problem A, just to even evaluate if this was an opportunity that was interesting enough to go after the problem was burning enough and B, the market was large enough. So I think that's really what shaped how we thought about it and allowed us to get up to speed really, really quickly. So conversations, this was pre-AI, so we couldn't just ask ChatGPT, give me a brain dump and explain to me a five-year-old what DLP was. So it was a little bit of a harder research focus that we needed to

Den:

Have. Yeah, no, that's pretty cool. I mean, I'm guessing as you were getting the hypothesis together, what did you focus on or what was the themes that you heard as being the biggest issue about the DLP market?

Rohan:

So this is back in 2018, but back in 2018, the biggest sort of challenges were, one, existing or incumbent DLP solutions were super noisy to the point where people just really didn't really like the word DLP. I think you've been mentioned that you've been a skeptic as well. And so I think we definitely saw that in the market. And two, there hadn't been this kind of rapid adoption to the cloud and so people were starting to use tools like Slack, Google Drive a lot more and putting sensitive data in those applications. And so it was obvious to us a nice wedge to get into the market was to go and solve that use case and then try to expand there.

Den:

And one of the things in my research for you guys and your approach as you go to market, the security industries are very hard space to sell into. CISOs are notoriously hard to give you their time. I can tell you at one point I was getting probably a hundred emails a day and messages on LinkedIn and I wasn't even a C, so I was running enter price security at Adobe or enterprise security at Cisco. So my boss who was the C level must have been getting just crazy numbers. So what approaches do you guys take that you think are winning? What's that approach like for you guys?

Rohan:

You mean back then or now? Because I think they actually-

Den:

Probably actually describe both. I mean, what did you think at the start and then where did you land?

Rohan:

Yeah, I think early days we didn't have any product. It was just two kids in a pitch deck and some code that we had written. And I think there it's just being humble saying, "Hey, we're just here to help under ... We just want to understand some of your most burning challenges and we're not trying to sell you anything. This is just a brain dump. And if there's a way we can be helpful, then we will." So I think of those 100 conversations, you think of it like a funnel, some percentage of those folks were like, "I have such a burning problem that if you solve this for me now, I even give you a little bit of money to help me solve that. " So that kind of anchors the first bit of momentum and then it kind of trickles from there.

Den:

And were all those conversations focused on data security the topic or did you just go in with any topic?

Rohan:

We had a few different kind of hypotheses and then we kind of narrowed in on data protection as we got to chat with more and more people. But yeah, I think it started a little bit broader and then it kind of.

Den:

I mean, I certainly think as an industry goes is one area that ... I mean, data is the thing you're trying to protect anyway, but it's one area that I think has been a struggle for a lot of larger enterprises and hence as we get into the skeptic of you, you'll hear a little bit of it. When you were thinking of, so one of the things, so conferences and stuff, I read somewhere that you guys that were pretty bold about not doing a conference booth at RSA, you're going to do dinners and stuff like that instead. I mean, what's your take on the ability to engage people at these big conferences now?

Rohan:

It's tough. I mean, you walk down one of these halls, there's hundreds of companies and it's easier. I mean, I feel like it's easier than ever to raise capital at least early stage these days with a little bit of traction. So I think for us it's always been about trying to find very close personal kind of conversations and avenues to having those. I think I see the booths and stuff as just brand place, frankly. And so if you've got the money to blow and burn or you're at a certain size where you just kind of have to be there and pay the tax as they say, then it makes a lot of sense. But I think if you're in our stage or even earlier, it's a pretty expensive thing to shell out 40, 50K for something that may or may not return to any leads.

So we like to spend the money in our suite, just have a nice suite and invite people to have conversations and kind of close business there. Yeah.

Den:

And that's a theme. And actually we do some advisory work with startups and there's a couple of things we'd say is one is don't waste your money. And sometimes depending on what your ICP is, happy hours are better than dinners because maybe you want engineers and you want them on mass as opposed to, I want CISOs and I want a small group and I'm going to create that list. So I talked to founders about that quite a lot. And then the other one is, oh wait, I lost my thought there. Yeah. But I think the biggest thing, oh yeah, doing compliance and stuff as well. Compliance, I look at it sometimes as it doesn't equal security. So when we speak to founders about compliance, it's like don't do it unless you're losing deals. If you're losing deals because you don't have your stock too, then entertain it.

But I remember being somewhere as a CSO talking to the founder and he talked about FedRAMP and I was like, "Do you have a million dollar deal on the table that I'm missing somewhere? Because if you don't, your investment isn't worth it. " And these things don't equal good security. They do have a good feeling of security I guess and they definitely help the sales motion. But most CISOs I know the only reason that SOC twos are good is it's a good starting point and then maybe I don't need to audit you as much or care as much, but you still do care your supply chain still matters. And I think for you guys, I'm sure there's a great advantage to being a DLP partner of your clients where you can actually help them and even their compliance effort.

Rohan:

Yeah, for sure. I mean compliance, customer obligations, you're selling to big financial institutions, we see that. It's funny, I have a funny story, which was we were talking to CISO and they were trying to sell us their product and we were going to buy it and we kind of said, "Look, we'd love to find a way to help you with your DLP initiatives." And they were like, "Well, our employees are financially incentivized enough to not take data from the company, so we don't need an insider risk program." And I was like, "That is a very scary way to think about insider

Den:

Risk." Yeah, that is a risky maneuver.

Rohan:

Yes.

Den:

Okay. We're going to take a break for a second and then when we come right back, we're going to talk about DLP and depth and the skeptic is going to come out. So we'll be right back. Hey folks, just want to take a minute to say thanks for listening to the show, watching the show, however you engage with us. If you're liking the conversations, if you think we're adding some value, we'd love you to like, subscribe and share the show with your friends if you know of anyone else that would benefit. Ideally for us, that will help us be able to grow the show, invest more in the quality, get some more exciting guests and keep bringing you some executive goodness. Thanks everybody. Take it easy and enjoy the rest of the discussion. Hey, everybody. We are back in Rohan and Den. We're going to talk about some DLP.

We want to know, well, this kid here, so look, as a practitioner for 30 years, I look at DLP and I'm going to scroll to my notes that I took here, my skeptics view of things. There's a couple of things. Number one for me is killing employe productivity.

Rohan:

Number

Den:

Two is false positives. I still think there's blind spots. I've never seen a DLP tool that will do all of your data. And I think the other one for me is this whole notion of data classification and expecting employees to classify data. So I'm going to start off with there's four things for me and usually each one of those things are millions of dollars. So I remember we'd spend about $5 million plus a year on just basic DLP stuff. And yeah, I wasn't a fan. So why don't you jump in, Rohan, give me a little bit of the ... And I love how you're new to DLP and this is the first adventure. So it's almost like you were naive to the problem, you'd done your research, you've built a company, you guys think you're the B's knees. Yeah. Tell me why employees and the friction disappears.

Rohan:

Yeah. And I think to your point, it's actually like Uber, the preconceived notions and having background experience in a particular space can frame the way you think about a solution in potentially a negative way. And so much like with Uber, none of the founders had a background in the taxi cap industry. They just kind of thought about it in a new way and that was a paradigm shift. So I think the same is true here. But the way we think about employee productivity is twofold. So one is making sure that there's not added latency in their workflows. So that fundamentally is an insertion point question. Where are you actually hooking to do all of the detection analysis and control that you do as a company? So we think a lot about rather than shoving everything down one particular architecture, let's just architect the best possible way for the type of thing that we're trying to identify.

So let me give you an example. A lot of these SASE companies will say, "We've got all the network telemetry and we see all your corporate network traffic." So we're just going to shove all of our DLP through the corporate network. And unfortunately that can add a bunch of latency to end users or it limits the type of technology you can use from a detection standpoint because you're in line, you're in a very high friction kind of insertion point and so you have to be very, very low latency. So that we think a lot about architecture, I would say. And then two, it's DLP, even if you're the most sophisticated AI system, there will be false positives. And so there is a tuning phase no matter what company you are and there will still be times where something will alert and it shouldn't alert. And so what's the kind of workflow that you have in place to make that as low friction as possible for the employee and for the SOC team so that they don't have to deal with stuff that is very obviously noise.

So think a lot about that as well. Yeah,

Den:

That makes sense. Yeah, that makes sense. So the employee friction piece, that employee friction bit is one of the biggest things. I mean, if you go to an enterprise company and there's 48 or 100 or more though people, so you get 40,000 people, the security team or the IT team, they can't handle the complaints when they start coming through. There's a very large company based on Seattle where their DLP stuff I would say five, six years ago was just gnarly where even the emails send them back and forth, you'd have to go through the silly workflow in order just to see the email. They'd be really cumbersome. And it might sound silly, but if you're adding five seconds on to just an employee's time every time they're going to look at an email, which is restricted as classified or confidential compared to something else, then it really adds up when you get 40,000 people.

I mean, that shit is expensive after a while. Now you guys are thinking of the problem a little bit differently. So I heard somewhere that you got a framework called 3Is or something like that. Why don't you share, is it invisible, invincible, inexpensive?

Rohan:

Oh, yes. That's how we think about just that from a value standpoint. So yeah, I think when it goes down to it from a productivity standpoint, ideally your DLP solution is invisible. Nobody knows it's there until there's an actual incident that it's handling. So that's how we think about that aspect, but we want it to provide value to the SOC team. So when we get into the false positives question, talk about how we think about detection.

Den:

Yeah. And by the way, I always love when we do research and then we speak to the CEOs and the founders and you recognize, and by the way, and I have this problem as well, the connection between the marketing team and the stuff that they put out and the stuff that we tell them we put out, somewhere that thing gets lost in translation, but I really did like this. I mean, for me, like invisible, invincible, inexpensive, actually that resonated with me because to your point, security should be a background activity that protects the company without adding friction to the users. And I think the cost of operation, so when I think of an expensive, I don't think of it like it's a cheap tool. I don't mind paying more for the tool if the cost of operation is low.

Rohan:

That's right.

Den:

And I think that was the thing and then actually in my conversation with Greg who you guys brought on recently, I quizzed them on all this kind of stuff because I'm like, I want to know why would a CISO part with money for another DLP solution? Because most DLP solutions are really hard to get up and running. Now you guys are using some AI for the classification because that's the piece that I think is one of the harder pieces of this is classifying data so that you know whether a piece of data is higher risk to your business than others. So can you share a little bit about that?

Rohan:

Yeah. So from a data classification standpoint, that's been our bread and butter since the beginning of the company. So even back in 2018 pre LLMs, neural networks had kind of come out and we started using them at Uber. And so NLP technology had come a pretty long way, even computer vision. So we felt like we could leverage a lot of the existing technology advancements to just do data classification a lot better than what was basically competing with rules or regular expression or exact data match. But the way I think about detection as a whole is data classification is just one component to what constitutes a true incident from a DLP standpoint. And so if you think about a model that's outputting risk, data classification would be one such feature in that model. There would be other features like the identity, the lineage, where did that data come from?

Where did it go to? What transformations happened in between? So there are a bunch of these features that will incorporate in a model that will then output risk and that's what kind of constitutes an incident on the Knife Wall side.

Den:

Yeah, it's pretty cool. When you talk to customers, let's roll forward to right now, you're talking with customers about, obviously you're walking the door, you've got their attention. So when you're talking with them, what are you hearing is their biggest concern and problem when it comes to not just data protection, but the advancement of AI and

Rohan:

The

Den:

Data protection? I mean, what's that car? Are you seeing a correlation there?

Rohan:

I think that's the biggest kind of tailwind for us today, honestly. So one has always been we have a crappy DLP solution and we want to modernize it to something that's AI native and lightweight. But I think the AI security and AI data protection use case is now a board level kind of concern because every board is telling their CEO, how do you make our company more AI pilled? And in an effort to do that, you need to have the right control and governance to manage data risks. And AI agents operate autonomously and at machine speed. So they'll kind of emulate human behavior, but they're doing that way faster and just in the background. So that's been probably the biggest focus for us as a company today.

Den:

Right. And a typical customer when you're chasing that ICP, what does that look like?

Rohan:

So historically we've done best in technology forward companies, health tech and regulated. So health tech, fintechs, and then just software companies as a whole. With our AI security kind of use case, it's broadened our ICP in crazy ways. So we'll talk to some supply manufacturer that's selling Iron because they want to use as much AI as possible. We got a big car washation as a customer that has, it's like Florida's largest carwash company or something like that. So it's broadened our ICP quite a bit, which has made the momentum that we've had even.

Den:

Yeah, I guess when you go back to your board, you can tell them your TAM has now adjusted.

Rohan:

Exactly.

Den:

Yeah. And that's the one thing. I mean, and then that typical engagement, let's talk a litle bit about that. So you get in there, you sell the product What's it like to get set up and up and running? Can you share that journey?

Rohan:

Yeah, it's very fast. So the insertion points that we track time to value basically, but the insertion points for us are going to be a very lightweight endpoint agent that is not kind of a man of the middle network proxy based. So it's using different system APIs under the hood. And then on top of that, we have API integrations with some of the most common applications. So your AI platforms like Anthropic and OpenAI and Microsoft Copilot and then SaaS as well. So we get to see both from an AI security standpoint, we get to se both the types of prompts and things that agents are doing in the AI platforms and then the underlying systems that they're connecting to and pulling data from. And there are agents that live on the cloud, but there are also agents that run locally on the endpoint, which is why we feel like the endpoint presence is equally as important.

It is.

Den:

Yeah. Yeah. And then you don't jump on servers apps or stuff like that, right? From an agent perspective?

Rohan:

Yeah, less of a runtime. I would consider that more of a runtime or product security kind of use case, which is less. We're very focused on enterprise security.

Den:

Yeah. And so for somebody to get up and running, if they're a large shop, they've got a DLP, not a DLP, MDM solution, they can jump in and deploy your agent to a hundred thousand devices as quick as they like. And then I think the curious one for me is I've got my Google Drive for personal, I've got my Google Drive for business. So that's narrow when I'm going to move stuff, copy and paste between the two of them. That's something that you guys would catch and protect or? Yeah, that happens there.

Rohan:

Yeah, one of the big use cases for us is Google Drive, but also just personal AI versus corporate AI. So those are the types of features that we include in our risk calculation. So whether it's going to a personal instance of ChatGPT or Google or they're moving it to a corporate instance, those are two very different workflows that have different implications.

Den:

Do you regard yourselves as an agent security, like an AI agent security play as well?

Rohan:

Yeah, it's humans and non-human identities. Yeah. Data

Den:

Protection. So it's interesting because there's a lot of companies out there that they'll say they're an AI security company and really they are protecting data, AI data usage. Whereas you guys are branding yourself as a data protection company or do you brand yourself as an AI security company now?

Rohan:

A little bit of both. I think in the marketing world, you kind of have to speak multiple sometimes, but I think it's both. Ultimately, I think a lot of the enterprise AI security companies are just doing data protection at the end of the day. And so we feel like we've already got an advantage having been in the data protection space for the last eight years. Yeah.

Den:

I mean, that's maybe the leading conversation is that you are really a data protection company and what the data is and how the access to data doesn't matter.

Rohan:

Well, for the AI security piece, that is a very important component. So governing access to specific MCPs, for example, is a use case of ours because it just kind of ties hand in hand with the ultimate data protection risk. If you have over privileged access, then you can inherently move data that you shouldn't be moving. So it is on and the same in our opinion. There's kind of this convergence, I think. Yeah.

Den:

And now I did see a quick demo. So I do believe that if a user is going to try and do some copying or moving of information that they're not permitted to do, then you throw up a little customized message that they can get so they know they're maybe not meant to do it. You've got the logic behind it whether they get to do it, not get to do it and all that stuff. Can I share just a little bit about that?

Rohan:

Yeah. So basically the workflow is you can set up policies or we have templates or you can rely on our out- of-the-box risk calculation. But for the use case that you just described, if you wanted to monitor or block personal usage of AI applications, then if we identify that somebody's taking a corporate file, so we're tracking the lineage of that file, is it just their own file and then who cares, or is it something that belonged to the organization? And then if they were on the tab that was a personal kind of instance, we will track that and block it if you've got the policy set up and then we'll pop up a justification and the organization can allow, if they want, the employee to bypass the control just depends on the philosophy of the organization.

Den:

And I think this plays back to the whole notion of the customer experience, right? I mean, at the end of the day, you're basically trying to create a frictionless experience so that you are more in the background, only in the foreground when you have to be ... Okay. So as we wrap up, the one thing I want to learn is if you could do this all over again, or if you had to do it all over again, what's the one lesson that you think you've learned that you wouldn't want to repeat?

Rohan:

I probably coming from the Uber world where the product always, that's the most important thing, product wins and operations was an important component to Uber, but I would say very much it was the fabric of the company was just the creative product thinking and just always being ahead of our competition. I think in cyber go- to-market is very important and not having that background, I think I've learned a lot just over the last eight years and what it takes to really sell cyber products to these big enterprises, which honestly sometimes you're kind of playing a game a little bit and it is what it is. You just have to play that game if you want to sell into these companies. So I think that's been probably the biggest learning lesson.

Den:

I think the business models are uniquely different, right? Uber Eats and Uber, the car is a more B2C play where you're the B2B play and the B on the other side is a grumpy bunch of CISOs usually and they're quite a hard group to infiltrate. I only know that because I'm not calling them grumpy. I'm also calling myself grumpy because I'm in that boat as well. But yeah, I hear this from vendors all the time, especially new ones, they're like, "How do we sell to this audience?" And I'm like, first of all, stop telling them that you know their problem before you know about them when you can't tell them that I've got the solution to your problem because you don't know their problem. You've got to assume that they've only got money to buy five things this year. Why is your thing the thing?

And when you kind of go in with that mindset, the bigger thing for me is this is relationship building. We're building human to human relationship and building trust. So whether you're leading this company or you lead the next company, if you build trust with someone and you don't let them down and you don't screw them over and you help them be successful in this job, then the next job they'll give you time and attention.

It's pretty simple. And going back to my salesman friend, that's exactly the case. It's like I've got maybe 12 sales guys in my phone book. They can call me anytime I'll pick up. But in 30 years of me doing this shit, you'd think it'd have more than 12, but I only got about 12. And actually right now I can only think of eight. So I'm sure there's four more in there. Okay. So as we part, Ron, why don't you share the last thought for the audience, whatever wisdom, guidance you want to impart, this is your last window.

Rohan:

I mean, I think AI agents, honestly, not to sound like a broken record, but AI agents are just changing the paradigm of how existing security products really work to help you solve use cases for AI agents. So what we're finding honestly is like no one is really architected for this kind of new world where organizations will be spinning up tons of AI agents, employees will be doing it and then these agents are just going to be making millions of tool calls out to the internet or external SaaS systems or even your internal applications. And so how do you make sure you're kind of future proof for that world, which is already kind of here. Yeah,

Den:

That future world has arrived. Rohan, thank you very much, man. Pleasure having you on the show. Everybody, Rohan Sathe, co-founder and CEO of Nightfall AI. We'll have links in the show notes. This actually was not a paid episode. I wanted Rohan to come in here and convince me that DLP is not shit and I think he's done a good job and I think the company is one to pay attention to. So Rohan, thank you very much. I appreciate your time.

Rohan:

Yeah, thanks for your time, Den. Appreciate it.

Narrator:

That wraps up this episode of 909 Exec. If you found value here, subscribe and leave a rating to help others discover the show. To learn more about 909 Cyber, our advisory services, and how we help organizations secure growth, visit 909Cyber.com. Thanks for listening and until next time, lead with clarity, build trust, and stay secure.

‍