返回播客 All-In Podcast

Palo Alto Networks CEO：「AI 六周找出人类五年才能发现的漏洞」

It's one of the biggest winners right now. 目前最大的赢家之一。 The big daddy of the cyber security space. 网络安全领域的老大。 Palo Alto Networks is an outer performer in the space. Palo Alto Networks 在这个领域表现优异。 CEO Nesh Aurora. CEO Nikesh Arora。 This might come as news to you, but humans have been writing bad code for a very long time. 这对你们来说可能是个新闻，但人类写烂代码已经很久了。 I spent 10 years at Google and you know Google search was democratizing information. 我在 Google 待了 10 年，Google 搜索让信息民主化。 If you take that analogy and think about what AI is doing, AI is democratizing intelligence. 把这个类比拿过来想想 AI 在做什么，AI 正在让智能民主化。 Money is a way to keep track. 钱只是记账的工具。 It's not the goal. 它不是目标。 You've been the CEO of Palo Alto Networks for eight years. 你担任 Palo Alto Networks CEO 已经八年了。 Coming up on eight years this week. 这周就快八年了。 Eight years. 八年。 And I think when you started it was $17 billion market cap if I remember correctly. 我记得你刚开始时市值是 170 亿美元。 And this morning I checked it's 238 billion which if you listen to what we said yesterday now that you passed 100. 今天早上我查了一下，是 2380 亿，如果你听了我们昨天说的，现在过了 1000 亿。 You're more likely to actually 10x. 你更有可能再翻 10 倍。 So the first 10x was actually much much harder. 所以前 10 倍其实要难得多。 So you're on your way to a trillion dollars 你正在迈向万亿美元。 from your mouth to God's ears. 借你吉言。 I think you are. 我觉得你能做到。 Okay. 好。 Okay. 好。 So, let's just double click into what you see because you are sort of in a really interesting position to see all of it. 那咱们就深入聊聊你看到的情况，因为你的位置真的很独特，能看清全局。 You see the birth of AI. 你见证了 AI 的诞生。 Maybe you you've seen the rise and fall of SAS. 也许你见证了 SaaS 的兴衰。 All the models talk to you. 所有模型公司都跟你们谈。 You were one of 你是最早 the rise again, right? 再度崛起，对吧？ The rise again. 再度崛起。 Uh you were one of the first and the few that got access to mythos. 你是最早获得 Mythos 访问权限的少数几人之一。 So, just let me just push the button. 那让我直接进入正题。 Go Nesh. 出发，Nikesh。 Start. 开始。 Well, uh first of all, thank you for having me here. 首先，感谢你们邀请我。 I think AI is exciting. 我觉得 AI 很令人兴奋。 I think it's exciting to see all the stuff that's gone down in the last possibly 24 months. 看到过去大概 24 个月里发生的这一切，真的很兴奋。 Um I think Sarah just said it, they were right in anticipating the huge amount of compute that was going to be needed. 我想 Sarah 刚才说了，他们很早就预判到需要大量算力，这个判断是对的。 So all that stuff's going on. 这些事情都在推进。 But you can see that, you know, there's this notion which we talked about briefly last time that AI is really democratizing intelligence. 但你们可以看到，我们上次简单聊过一个概念，就是 AI 真的在让智能民主化。 What that means is I have 250 people in marketing. 这意味着什么呢？我有 250 个市场营销人员。 They produce varied forms of output. 他们产出各种不同的结果。 Now I can get 90% of the output to be consistent across those 250 people. 现在我可以让这 250 人的输出 90% 都保持一致。 I have 5,000 people who talk to customers. 我有 5000 个跟客户打交道的人。 There's my my failure mode is when 5,000 people do different things where people say, "I want to talk to Joe because he knows how to solve the problem and Jim doesn't." 我的失败模式是 5000 人各行其是，客户说我要找 Joe 因为他会解决问题，Jim 不会。 So now you can get 5,000 people to act almost consistently in their interactions with people on the other side. 现在你可以让这 5000 人在跟对方互动时几乎保持一致。 So I think it's going to have a phenomenal impact to how we run businesses, how we operate. 所以我认为这会对我们的经营和运营方式产生巨大影响。 It's going to change the entire landscape. 它会改变整个格局。 Now in that context, you touched upon mythos and I know Dave has been very involved with this. 在这个背景下，你提到了 Mythos，我知道 Dave 也深度参与其中。 Mthos has shown us that all the bad code that humans have written over the last 50 years can be assessed by AI and shown uh the vulnerabilities can be shown. Mythos 向我们表明，人类过去 50 年写的那些烂代码，AI 都可以评估，并且把漏洞找出来。 We tested for 6 weeks and in 6 weeks we found what would have taken us 5 to 7 years. 我们测试了 6 周，6 周内发现了本来需要 5 到 7 年才能找到的东西。 Wow. 哇。 Say that one more time. 再说一遍。 In 6 weeks we found vulnerabilities which would have normally taken us 5 to seven years to find. 6 周内我们发现了正常情况下需要 5 到 7 年才能找到的漏洞。 So Methos these are vulnerabilities where these are vulnerabilities in your own codebase or in your customer in your own code. 所以 Nikesh，这些漏洞是在你们自己的代码库里，还是客户的代码里？ Oh wow. 哦，哇。 So Mythos was not oversold. 所以 Mythos 没有言过其实。 It was legit. 它确实有真本事。 The capabilities of AI in being able to assess vulnerabilities in code are real. AI 评估代码漏洞的能力是真实存在的。 Not just that, if you put it on ultra mode, which is persistent thinking, so it keeps trying until it gets an answer, you can actually daisy chain vulnerabilities, i.e. finding a new attack path into your into your vulnerabilities. 不止如此，如果你开启超强模式，也就是持续思考模式，它会一直尝试直到找到答案，你还可以把漏洞串联起来，也就是发现通往你系统的新攻击路径。 Now, we pride ourselves as a top percentile of companies that test our code because we're in the cyber security business. 我们自认为是代码测试做得最好的那批公司，因为我们本身就是做网络安全的。 If you take that and compound that across all the companies that exist in the world that write their own code or the 10 million developers write code, this thing is going to find stuff which would have taken us 10 years to find. 如果把这个放大到全球所有自己写代码的公司，或者那 1000 万个开发者，这东西会找出原来需要 10 年才能找到的漏洞。 How much did it cost? 花了多少钱？ Like did you track the token cost? 你们有没有追踪 token 成本？ Was it $100 million, $10 million? 是 1 亿、1000 万美元？ No, it was in the low millions. 不，是低个位数百万的水平。 But again, the cost as Sarah said, the cost curve is going to come down already. 不过正如 Sarah 说的，成本曲线已经在下降了。 OpenAI has got a model which is cheaper, more consistent. OpenAI 推出了更便宜、更稳定的模型。 You know, Anthropy's come out with other models. 你知道，Anthropic 也发布了其他模型。 You buy 你信 You buy the hype. 你信这个炒作。 It's not hype. 这不是炒作。 It's true. 是真的。 That's 确实 the capabilities. The capabilities are real. 能力是真实的。能力是真的。 You know that the capabilities are true. 你知道能力是真实的。 Yes. 对。 I mean, you saw IBM announced a project for $5 billion to fix open source. 我是说，你看到 IBM 宣布了一个 50 亿美元的项目来修复开源问题。 That's the biggest problem. 那是最大的问题所在。 What would have happened if Claude didn't have the restraint and they put it out in the public? 如果 Claude 没有克制，直接把这个放到公开环境里，你觉得会成为真正的攻击向量，给企业造成混乱吗？ Do you think it would have been like a real attack vector and caused chaos in corporations? 我觉得如果不是现在，3 个月后这东西就会在野外出现。 I think u we're 3 months away if not already there from this being available in the wild. 好。 Okay. 好。 Open source. 对。 Yeah. 就 3 个月。 Just 3 months. 对。 Yeah. 对。 Yeah. 因为 Cuz 我是说我们一直说还有大概 6 个月 I mean we've been saying that it's roughly 6 months away before Mythos 级别的能力就会在公开模型里出现 Mythos level capabilities are available 中国模型、开源模型，诸如此类。 in Chinese models, you know, open models, whatever. 但你是说可能只要 3 个月。 But you're saying it could be 3 months. 但你说可能只要 3 个月。 Well, look, there's what is 4.8 is already out, 5.5 is already out. 你看，4.8 已经出来了，5.5 也已经出来了。 They have similar capabilities. 它们有类似的能力。 And look, you don't need to crack the hardest code to crack. 而且你不需要去破解最难破解的代码。 You just need to find a few vulnerabilities in code that are out there. 你只需要在现有代码里找到几个漏洞就够了。 Just take an take an old industrial system which is running, you know, OT code on the edge. 就拿那些跑在边缘侧的工业 OT 系统来说。 You can find that vulnerability reasonably easily. 找到里面的漏洞其实相当容易。 So So we're in a race right now between the cyber defenders finding these vulnerabilities and patching them before 所以我们现在处于一场竞赛中，网络防御方在抢先发现这些漏洞并修补， the cyber attackers do the same thing. 在网络攻击方做同样的事之前。 Yes. 对。