George Kurtz on CrowdStrike's NVIDIA partnership and the rise of autonomous AI malware

tell you about adquick. com. Out of home advertising made easy and measurable. Say goodbye to the headaches of out of home advertising. Only Adquick combines technology, out of home expertise, and data to enable efficient, seamless ad buying across the globe. We have George Curtz from Crowd Strike in the Reading Room.

Welcome to the show, George. Great to meet you. Thank you so much for taking the time to come and chat with us on this busy GTC uh part time of the year. Uh would love to get an introduction on you and and just uh just a little bit of an overview of what's new in your world, what's new at GTC. Sure.

So, uh, George Kurtz, founder and CEO of CrowdStrike, um, leading provider of security solutions and, uh, I think the big announcement, uh, many big announcements at GTC, but certainly on the security side was continued partnership with Nvidia.

We have AI's leader and security leader coming together to provide greater protection uh, for customers. And that was a big part of our announcement um, that Jensen went through and, you know, we're excited to be working with them.

We've been working with them for for years now and uh to see it all come together as part of GTC I think was just fantastic. Yeah. Take us a layer deeper. You could be uh they could be a customer of yours. You're securing them as a company. You're you're baking it into the chips.

There's a wide you're buying chips from them. There's so many different ways to partner with Nvidia these days. Yeah. So, uh as you know, and I think a big part of his talk was Nvidia being the platform company. Yeah.

uh he sort of joked saying like hey I you know we don't even sell things to people like everything's embedded into other systems and you got to use the platform which is part of what we've done.

Um if you look at what they've come out with they've got something called Neotron which are [clears throat] open models that um customers can use and build their own AI agent. So really this particular announcement was focused on bringing security and visibility from an AI agent perspective to the edge.

So we've got something called Charlotte which is our agentic technology uh which allows our customers to identify and uh understand threats and do a lot of the work of what a security analyst would do which uh many times is sort of a onetoone relationship between a threat and an analyst and now with our security AI agents we can do the work of many analysts and one analyst can control those agents.

So that's what Charlotte does. Now, Charlotte with this announcement has the ability to actually talk to other AI agents leveraging the Neotron models and the NIM uh inference microservices.

So, as those agents are closer uh to where AI is created or on prem or in a data center, um you want to have very quick visibility into what's happening. And in many times, customers have their own AI agents where they're not shipping maybe sensitive data to the cloud.

It might be a network diagram or might be other sensitive information. So Charlotte can now talk to these other AI agents that are at the edge to make better decisions and they're always continuously learning. So uh we're one of the premier security partners for Nvidia and that that was part of our announcement.

Uh does vibe coding scare you? I love vibe coding. I'm an investor. I do it myself. It's also good for good for Crowd Strike, right? It's like people are going to just make a lot of software quickly. They probably need to spend more on cyber security, too. They they they do.

So, you know, the the old joke in uh many years ago was like, you know, you'd have uh people come out of university and they would just go to any number of the repositories and they would just grab their code snippet and slap it in. And if something was poorly written, it would just propagate everywhere, right?

You'd have this big problem. And now, you know, some of the coding that you get, some is very good, but you have to give it the right prompt. Um is a inefficient and it looks like an intern wrote it. So, um, it's gotten a lot better, you know, in the later generations, but that does become, uh, potentially problematic.

And given the rise of AI, the ability to actually find these software vulnerabilities has increased dramatically. I mean, we're seeing AI find more and more and more vulnerabilities and sort of leading the charge on these bug bounties because they're so efficient at finding software flaws.

Crowd Strike has uh, something like 10,000 employees. How do you think that how how are you thinking about human capital allocation over the next decade? Is it is AI changing your philosophy about the shape of the workforce? Yeah. Yeah. I think there's there's two pieces to it.

One is on the security side which is specific to how do you leverage AI agents to do more work on behalf of customer and what we found is at least in my mind the more AI you have the more work you can actually get done and security is you're always up against it you're up against the clock from an adversary perspective and there's just a uh just so much data to get through and so many threats that let the machine do what it's really good at let it sift through this data let it figure out what's happening and then again what happens is those security analysts become really the pilots, right?

Where they're they're piloting uh these AI agents.

And you can think about it akin to um maybe uh you know a um a Whimo or you know automated taxi autonomous taxi I should say where you've got all these autonomous chauffeers but then you have sort of the pilot in the cloud if you get stuck and I've been in you know these things where they've gotten stuck and they wait and you know somebody pilots it gives it a way point or what have you and that's really how trans how um security is going to be transformed where the human is not going to be out of the loop but they're going to be able to do so much more.

So, it's about helping people up, not out. That's the way I look at it from a security perspective.

Now, if I put my CEO hat on, I think most CEOs are looking at, well, how do you get efficiencies uh from AI in running a business, you know, and looking in areas um like legal, in sales, obviously in coding, like how do you do more with the people you have?

And I think the big thing is always like how do you flatten the hiring curve? doesn't mean you're getting rid of a whole bunch of people, but if you could be more efficient because the people you have can do more, you can flatten the hiring curve, which um you know, ultimately adds leverage to to the business model.

So, we're always looking at how to take people and upskill them and train them up. And uh that's what we've done internally and that's also what we're looking at for customers that are using security technologies like CrowdStrike. Mhm.

What's the in your view the most significant like genai related security incident to date that's public? Is there one that comes to mind? We were you're like I usually hear about the ones that we try to keep them out of the headline.

[laughter] No, but we were talking the other day the fact that that there's been this explosion of software and we could it didn't we didn't immediately have one that came to mind. Yeah. That felt like squarely pin on Gen AI. It actually feels like we've been doing pretty well on security.

Yeah, there there's actually this is sort of the scary part of where the industry is going. Um there was some some new malware that was found that was basically Gen AI malware or what I would call autonomous malware. So if you think about malware, you might, you know, you and your audience might be familiar with it.

You know, you have a program that's bad. And in the old days, the MAC and semantics of the world used to have these databases that would go, okay, that's a bad file. We're just not going to let it run.

And over the years, companies like ours, we've created this sort of math model where without even seeing it, we can tell if something's bad and we block it. That's kind of old hat. But now, the new malware is basically Gen AI, meaning um if it drops on your system, that makesense.

Okay, it looks like like a like a script. It doesn't even look like a like a compiled program. And essentially, it uses prompts to figure out, okay, what system are you on? What is unique about that system?

what data can I harvest and how do I learn more about the network I am on so I can pivot and I can jump to another system that we might might be more interesting.

So the fact that it doesn't necessarily have a command and control back to the pilot and you can do this autonomously that's fascin like it like the best uh security pentesters or like the best uh of the nation state actors that are you know piloting it themselves.

So, it's a pretty scary thought to have autonomous malware. Did you did you start Crowd Strike so you could uh get more involved with motorsports? Well, it's uh it's been a passion of mine, but it's been a big part of our overall uh brand.

You probably see us, you know, Formula One and uh you know, our customers like it and it's just kind of part of the ethos, but uh it's you know, it's been just part of what we've done early on.

Do you try to do you try to get to as many of the F1 races as you as you can or what's your do you try to do you have to limit yourself cuz I know we know we know some sponsors and and and like they got a pretty heavy travel schedule. They're like we sponsored this team for the next two seasons.

We're going to be at every race and I'm like you might want to work on your business. But yeah. Yeah. We we actually just uh pick the the big ones for us obviously the big US ones. Uh and then we host customers at those. uh we actually have what we call CXO roundts.

So we combine security and the technology of motor racing and uh it's a passion you know security is a mission for a lot of people at crowd strike and a lot of our customers I mean we can be doing lots of things but we love the fight against the bad guys and to bring those people together to talk about the technology and the speed of cyber security and the risk management of cyber security there's a lot of uh analoges into motor racing it's speed it's technology it's data it's risk-taking or managing risk um and it's been a big part of uh I I think just our brand, it's incredible.

Fantastic. Uh well, we will uh we'll hope hopefully run into you at uh in Vegas for F1. Looking forward, if you're going to be there, let's coordinate. We'll give you uh give you a whole tour of the Mercedes paddic and the garage and uh we'll go uh we'll go have some fun. That'd be fantastic.

Uh well uh next time there's a massive sec public security incident in Genai, we're going to give you a ring and we'll get you back on and uh have you break it down. But, uh, thank you. Thank you for coming on and, uh, congrats on all the progress and thanks for thanks for keeping us, uh, safe out there. You got it.

Thanks, guys. We'll talk soon. Great to hang, George. Have a good one. Bye. Uh, we should have done more time with him.

I I love Crowd Strike because every time I I get one I get nerd sniped by Crowd Strike reports like all the time whenever there's like like when Solar Winds happen, like CrowdStrike tells the story of it and they're always gripping and uh, they do a ton of good work out there.

So, thank you to everyone at Strike, to all 10,000 plus employees, and thank you to Eightle. com. Get a pod 5 ultra uh get uh 5year warranty. 309 free trial. I I I thank you to be concier is available to source you any watch on the planet. Seriously, any watch.

I I uh ran uh offscreen for a second and caught Brian uh on the way out and he was saying like yeah I told him like yeah I've been a little less healthy the last year running the show than historically. He's like yeah I've heard some of your you know eight sleep updates sleep your sleep then my sleep scores brutal.

Well I got a 90 last night so went back in the game. I I lost my phone. I don't know. This is the this is an issue. Uh do we have any more timeline? Meta uh Meta is reporting earnings I believe uh uh right now uh or they already did. Meta stock sinks after tax hit weighs on earnings. Um what? They're down like 9%.

Wait, what? Wait. Is that good? [laughter] Wait, who's down 9%? Meta. Meta. Why? Earnings. Missed earnings. They missed earnings. Oh no. Microsoft sinks on beat. Meta crashes 6% on EPS miss. Is it good that Microsoft is sinking on a beat? Is it over? Is it over? No. Uh, it's not over for me. I got a 94. How'd you do?

I got a 90. You got a 90? I beat you. 7 hours 9 minutes. Let's go. I'm sleeping well and that's all that matters. There's also a bombshell uh guest essay in the New York Times about OpenAI.

One of the senior researchers who led product safety at OpenAI is taking shots at their uh at their uh messaging around erotic content. They have some data around uh how many people use AI or use a chat GPT in this erotic faction uh fashion. Uh that's going to be a bigger bigger story for sure.

This is definitely going to grow. Um but [snorts] hopefully there's guard rails. Hopefully there's more clear messaging on uh on the uh uh on the actual transparency reports and and the and the the the bounding the boundaries of how these apps get used.

I realized that uh I don't know if I've actually ageverified with OpenAI. Like I don't know if I've ever actually scanned my ID.

And I mean like I maybe this is a bullc case for worldcoin or something but uh I feel like I have a moral duty to upload my ID to chatt because I want I care about I care about I keep it pretty PG. I don't I don't want I don't want them releasing any of those adult features on on on your account. Yes.

But but I want them to be able to clearly understand what an what what an adult person is versus a versus a uh an underage person. And so it's important that they have a really strong data set of adults versus people who haven't age verified so they can classify the users effectively. What do you think?

Uh I actually have uh uploaded my ID to OpenAI. There's a bunch of like um your real ID. Yes. Obviously, I don't have any other kinds of like, uh, ChachiBT operator agent mode, buy me a beer, deliver a six-pack to me. She's [laughter] like, yes, Tyler thinking, contacting the Instacart API and buying you a six-pack.

Uh, but there are some products that you have to use the ID for, at least. Um, it's like the early version. So, um, really like the agent builder. Uh, oh, agent builder. You have to you have to ID verify at least it was in in the days following like right right when it came out your ID.

Um I I think I haven't heard anything about agent builder recently. What's what's going on over there? I have not used it either. You haven't been in building agents. I don't know. I mean it it's not like a We should try build We should try and build an agent that does something for TBP that buys beer.

That buys beer for interns. Yes. [laughter] Bobby Cosmic. Shout out to John for providing data to improve the system. Thank you. That's what it's all about. Uh no, but seriously, if you want to keep if you want to keep uh the the bad stuff out of the underage users, uh you got to know who's of age and who's underage.

And so you should be strongly favor. People have said you have the mind of a of a child. Yeah. Brian Johnson, I you know, he has uh I think his biological age is like 19. Uh my I did a test on my brain the mind of a 5-year-old. Yeah.

A lot of dinosaur questions constantly running deep research reports on I love I do love slapstick comedy. Nothing like a story of a of a leopard and a monkey falling off a boat and going splat. That's the pinnacle of comedy. Or or just being having the mind of a 5-year-old and being like why are clouds? Exactly.

and then running a deep research report. Yes, this is the key. You mean this is the key to what are clouds and you know this is the key. Why? Uh more news. Apparently Mastercard is is uh planning to acquire uh Zero Hash for nearly 2 billion. Zeroash is a crypto infrastructure player.

They've been at it uh uh quite a long time. Um and uh pretty serious move from uh from them. Uh we should wait to kind of assess earnings since we can't uh listen or read any of the transcripts uh live. Exactly. Yeah. Um but uh fortunately we'll be back uh tomorrow.

And uh John, in the meantime, find your happy place, book a wonder with inspiring views, hotel grade, dreamy beds, top tier cleaning, and 247 concier service. It's a vacation home but better, folks. Uh there's a bunch more stories, but we can get to them tomorrow. Um, we will talk to you later.

Have a great, beautiful, productive evening. Night. We'll see you tomorrow. Goodbye. Cheers.