Passwords Are Broken: AI Agents Need Identity | Rishi Bhargava, CEO of Descope

Show Notes

Rishi Bhargava is CEO of Descope, an identity management platform for customers and AI agents. They've raised $88M in funding from investors such as Notable Capital, Lightspeed, Unusual Ventures. The two previous he founded were acquired by Palo Alto Networks and McAfee. 

(00:01) Introduction
(00:08) Origin story: why identity and passwords needed a rethink
(02:59) Passwords vs passkeys explained in plain English
(05:06) Why logging in is still painful (and why passwords persist)
(09:06) Account takeovers explained: how hacks actually happen
(11:59) Building security products: philosophy vs regular software
(14:24) The ideal login experience: from frustration to seamless access
(16:40) What is an AI agent? Defining agent identity simply
(21:54) Good bots vs bad bots: trust, access, and control in an agent world
(25:03) Breaches and blast radius: security before vs after Descope
(27:55) Company building lessons from Demisto to Descope
(30:15) AI trends that matter most for enterprise products
(32:40) Rapid Fire Round

--------
Where to find Rishi Bhargava: 

LinkedIn: https://www.linkedin.com/in/bhargavarishi/

--------
Where to find Prateek Joshi: 

Website: https://prateekj.com 
Research Column: https://www.infrastartups.com
LinkedIn: https://www.linkedin.com/in/prateek-joshi-infinite
X: https://x.com/prateekj

Transcript

Prateek Joshi (00:01.508)
Rishi, thank you so much for joining me today.

Rishi Bhargava (00:04.704)
Absolutely very excited to be here, Prateek.

Prateek Joshi (00:08.462)
I want to start with the origin story. It's always fun to see how people arrive at the thing they're building. let's take us back to day zero, or even before day zero. What problem in the world did you see that made you think, hey, identity needs a rethink? Like it needs a new paradigm, new solution.

Rishi Bhargava (00:33.72)
Yeah, absolutely. So I think our background, right? All of the founders, previous company, Dimisto, which was in security orchestration space. And we've been in security space for all of our lifetime, me and my co-founders. Dimisto was sold to Polo Alto, spent three years there growing that business. So when we decided, says, okay, it's time to do something new. And it was more of...

team first idea later. Like it's not like we woke up and says, here's the idea. It was like, hey, we want to do something together. We enjoy each other's company. That's how it started. So he says, okay, what problems in security are big problems? Like problems that have been around for very, very long time, problems that have large markets. And very, I think one of the things that we all thought was like, what's at the core? And it jumped out. Like if you look at,

the history of security, it's like the password is at the core of it. Like all of the recent problems. And it's also very personal to people, right? All of us at our homes managing IT, home IT, it's the core. It's like, what is the password here? Do you reset the password? My wife trying to log in into the same account to kind of schedule a delivery for certain things. Like, how do you do that? And this whole password piece.

jumped out to us, like being at the core since early 1970s, password is the factor used for identity. And then that's also the problem on the business side. So first we said, hey, we're going to solve it for the consumer. But very quickly in our journey, thinking, talking to people, we realized we are not the cool young kids which will go solve a consumer problem. I think you need a very different mindset there. We are enterprise people.

Prateek Joshi (02:22.329)
You

Rishi Bhargava (02:25.656)
But then very quickly we realized you can solve this password problem from the other side, which is how about you enable every application to be passwordless? And the whole passkey thing was coming around. So the genesis of the idea was every SaaS app, B2C or a B2B, we can enable the developer to be passwordless and make it really easy for them to be passwordless. That's the core. That's like the real thought we started with. And then over time it emerges. It's not just the customer identity. It's also

the agent identity, which is where we are ending up now. But that's how we started in 2020.

Prateek Joshi (02:59.546)
That's amazing. I love the simple explanation of the overarching theme and how you came to the problem. Now, if you had to explain this to a non-technical friend who's just curious about passwords and pass keys, passwordless, so many terms out here. how can we understand the password and pass keys and any other concept in this zip code?

Rishi Bhargava (03:26.018)
Yeah. So I think the, the, and this one, think I, I actually love the scope that I can explain it to my mom and I can explain it to my 11 year old kid or 12 year old kid now, because they get the concept and the best way to define all of these concepts is password, pass keys, any of these ODP is like when you are logging into any application, what is your identity?

In your real life, your identity is your name and your face. When you are trying to present yourself to a computer, your identity was something you remember. So password is something you remember and only you remember and you know, that is the whole idea. And you come in and it says, I signed up and I told you my secret code and this is my secret code again. That's kind of one way. Now, in the...

In the new world, that secret code, if it's shared and then gets stolen, you're doomed. That's the problem you're solving. So now how do you present a secret code, which is stored on your computer and locked with your face? That's a passkey. It's very simple. It's a very large secret code, which even you don't know. So you cannot even share it. And it's different secret code for every website. But how do you unlock that secret code? It's with your

biometric, your face, your fingerprint, that's a passkey. Very simple. Large secret code, not shared, locked with your physical identity, which is how you present yourself in the world as well.

Prateek Joshi (05:06.064)
Amazing. This is great. right. Going into the, going into the scope of the company. Now, you just explained like what the scope of what you do. Can you talk about why logging in? For example, everyone knows that they have to log in, log into a website, log into the phone. Why is password still the dominant way in which this happens? And also why is logging in

seems painful to remember 200 websites because in 2025, have so many services we have to log in and they said don't use the same password and people just like what they do is they just write the passwords in a plain text file because it's so complicated to remember. so it's ironically like to make it more secure, they made it very, very not secure because now people are just writing passwords in plain text and storing it. So basically, why is it so painful still?

Rishi Bhargava (06:04.258)
Yeah, so I think first of all, it's just the change is hard. That's kind of the short answer. But I think we are starting to see majority of the new apps that are being built are not passwords. If I look at it from consumer apps, they're using phone and OTP, where your phone number becomes your identity.

and your proof of position is how you present yourself. So, look at segments like India. Majority of the apps do not have a password. They all work with OTP. Because these apps were born in the phone world. So you don't even start with a password. A good number of them use social login. Which is login with Google, login with Facebook, login with LinkedIn, login with GitHub.

depending on your audience. You're a developer tool, you log in with GitHub and that's it. Why do you need a password? You're proving your identity by ownership of someone that accesses. So anything built in last three years, I'm saying the password is on the decline, people are actually getting away. But it is like legacy. Now the legacy is very hard. And I think that is one of the things we really mastered to do, which is the login screen is, looks like a login screen to the user, but there is so much behind it.

password complexity, password checks, connectivity to internal systems to get the users right pieces of information. So it's not just login, it's authentication authorization. And that migration of passwords away to other options is what we really master at with this whole workflow concept and the Descope flow concept. I'll take an example of one of our larger customers, GoFundMe, which is a large customer of ours. They started...

when they started from the homegrown to us, they said, okay, I'm going to go stick with username and password. That is what we had. So they migrated to us using username and password because they wanted to one is to one. Two weeks is the time that took to add social login. And suddenly large increase like 60, 70 % increase in the usage of social logins rather than the old passwords. People don't like to use passwords. It's like if you give them a Google button, they will click on a Google button.

Rishi Bhargava (08:27.342)
If they give them an OTP button, you will. And by the way, if you give them a pass keys button, Google did an incredible job of passkey adoption. I'm a big user of passkey on Google, on Amazon. And the other day, I left my laptop somewhere, needed, so picked up another laptop at home. I wanted to log into Google for work. And the passkey, which is stored on my phone, I was able to log in, don't remember password at all. So, I did not have my password manager. So I didn't need to do anything with the passkey. So I think to me,

New apps, any new apps that have been lost for years, it's mostly passwordless with using something else. But the legacy is going to take some time.

Prateek Joshi (09:06.362)
Right? And in the movies, hacking is like a very cool big thing. They show with the screens and it's always fun to see. But in simple terms, accounts get taken over, right? Somebody gets control of your account. What is actually happening behind the scenes? Like, can you explain what happens?

Rishi Bhargava (09:20.706)
Yes.

Rishi Bhargava (09:29.006)
Yeah, 100%. So I think it's a, I don't know if you're aware of this. So there's a full, so the dark web and the dark web assume like the best way to define it is there are sites which you can only reach if you use certain browsers, like there are sites which you cannot reach by logging into Chrome. There are browsers, there's a full segment of dark web and there's a full business, call it underworld business, which is

selling of users identities. And that selling of user identity is the model where people would hack into large websites, right? So multiple attacks that happened in past where people would find a way, attackers would find a way to get access to a large website, steal users passwords and present usernames, take those and then go sell them on these documents.

And the selling of credential is I bet if you have been compromised at different past places, Prateek's password is out there, Prateek's email is out there. Not only that, by the way, the chances are your social and your physical address is also being sold. And the price is low. Like typically these identities are single digit dollars, like less than $10.

And then somebody else would buy those identities and then try the same email and password at other sites, your bank site. And that's the account takeover, which is you get password from dark web. Now try to log in, compromise those. And now once they have access to those things, then they can do whatever. the whatever could be, if it's a shopping website, they'll because the credit card is saved, they will ship it to their address.

If it is a banking website, they will try to do a transaction. So that's the account takeover concept and these underworld, basically that's where the identities are.

Prateek Joshi (11:28.912)
Amazing. I love that. Love that explanation. it's always, it's interesting how the people think that, I, I, somebody hacked into my computer and took the password and that's how they got it. No, there's like this, this path where this goes from here to some big bank and from there to dark web and say somebody buys it and they log into it. So there's a path that, happens here. It's not as simple as somebody just logged into your laptop. Okay. Yeah. Okay. So going into,

Rishi Bhargava (11:53.038)
There's a full economy running there.

Prateek Joshi (11:59.248)
product building and product philosophy. So you're building a security and identity product. Can you, at high level as a starting point, talk through your philosophy of building a product in this category versus building just a software product? Like what's the same and what's different?

Rishi Bhargava (12:18.604)
Yeah, so I think that's actually a good point. I just came off a customer call and pretty much answered this. So I think if you look at the mission, the mission is to de-scope customers' identity so that they don't have to deal with it, right? So we go to a large customer, we say, you don't need to manage your customer's identity, we will manage it for

So there's two things that we need to be very, very, particular about. One, security of our systems, because now we are taking over the risk that the customer had to protect all of their data, right? So that's security. Two is just the amount of what I call work that I want to reduce for the engineering. Like typically, like if they were to build this internally,

The engineering team need to build all of the infrastructure for managing identity and passwords, or if not passwords, connectivity to tokens and all of this. Now, if they're giving it to Descope, can I make that experience really easy? Like, can they set up their log-in flow, everything with few lines of code, and we take over all of the work and everything is seamless? So reducing the engineering overhead. And second is security of the system.

are the two core principles. And the third I always point out is the future proofing, which is your user's journey is not static. Today, you'll start with a social login with Google. Tomorrow, you may want to add a new target audience and add LinkedIn login. How easy is it to add the new one? You want to add MFA? How easy is it to add MFA? So it's like time to value, which is how much effort does it take to integrate security.

And the third is future proofing. Can I iterate much faster? Those are the very core principles that we have really tried to adhere to and tried to deliver.

Prateek Joshi (14:24.432)
And can you walk us through a typical customer journey from, hey, I can't log in, I don't know what's happening to, oh, that seemed very smooth. So what does that journey look like?

Rishi Bhargava (14:38.402)
Yeah, so I think it's amazing, right? So one of the metrics we ask our customers like, how do you measure whether the scope added value to you or not? And when customers move from passwords to passwordless, the biggest metric is drop of support tickets on the customer side. It's like, otherwise people have been calling them to say, hey, my password doesn't work, re-login, try to reset this, do that, do this.

Is there a drop in those tickets? Does that go away? That's a simple metric. So that and then in some companies even just the reset flow is not self-service. Like you cannot go reset your password on your own. You need to call in. You need to prove your identity. And these are like old traditional companies, regulated companies. Or you want to add a new MFA. was like recently I had an experience and it was horrible. I and the experience was we opened a bank account.

me and my wife together and the phone number that we gave for MFA was my wife's phone number and I wanted to change it for the MFA to my bank, my phone number. Now that could be a self-service experience that could have been built and they did. I had to call them, wait on the line for 25 minutes and then was able to change the phone number to my phone number. It's like why?

There's no reason, there's no extra security layer that you added. You could have easily done all of the pieces. So I think the journey is one, the tickets go down. And then from a customer experience perspective, imagine they were using password, password, password. Next time they come in, they put in their email address or they click on a social button. In the back, we automatically merge the identities based on the email address or based on the phone number. And from there on, the user has a single click login.

That's the experience we deliver.

Prateek Joshi (16:40.528)
Yeah, that's amazing how, you I think it's been, yeah, it's funny how many like little friction points exist in the name of security, like just changing a phone number. I have both phones, just let me swap. But no, you have to call and do the 25 minute wait, that stuff. right, going into AI agent identity, which is becoming very, very interesting. So we all know about humans and human identity and the need to prove it, to log into a site.

Now, before we start, can you just help define AI agent in plain English? Like, what does it mean and what does agent identity mean?

Rishi Bhargava (17:23.438)
So I there's a very, I think the very, very, very good question. What is an agent, first of all, right? An agent tech identity comes after that. I think to me, this was a dinner discussion recently. Every dinner is turned into an AI discussion these days. So nothing new there, right? So from my perspective, an agent is an intelligent system which...

Prateek Joshi (17:42.96)
was like, right.

Rishi Bhargava (17:53.473)
is going to perform certain actions across your applications either triggered by a human or based on certain other parameters that you have guided the system to. So an intelligent system taking actions on your applications either when instructed by a human or based on certain other conditional triggers.

So that's kind of the basic premise of the definition in my

If I put this definition to me, how do you define an agentic identity is I break it into two because I said either instructed by a human or based on certain triggers. So I kind of say there are two types of agents, fully autonomous or on behalf of users.

Fully autonomous are still provisioned by somebody in IT or a security team or a human in my personal life. But the actions that they take are not asked by me because I'm not at the time. A good example is I can set up an agent in an enterprise setting to say, watch my pipeline for the quarter. And if you see it decline by more than 5%, trigger this.

notify this, do this. Simple example. That's a fully autonomous agent. set up some rules.

Rishi Bhargava (19:26.642)
Or on behalf in the enterprise world could be, hey, can you please check my free busy schedule, respond to Pratik with certain times to schedule a meeting for next week. That's on behalf of an action. Or can you go ahead and summarize this web page for me? That's an on behalf action. Two types of agent. Now, what is agent identity? In the fully autonomous, that agent identity

in the technical world is OAuth client credentials, which is given at the time of provisioning. You give it an identity, which is you are going to do this task. I'm giving you client credentials. Typically, they're recommended to do that client ID being separate for each agent. And that's the task. That's the ID. So it's a machine ID. Has existed in our world. By the way, that world is not very different when you talk of agent identity from a simple machine to machine flows that we have done.

the last 10 plus years or so. On behalf of a user is way more interesting because there human is instructing an agent to do something. So there is an agent identity which is the client and then there is a user identity and I believe we will need a combination of agent identity and a user identity to define the true agent identity. It's like here's the machine the user is instructing a machine and this combination is the agent identity. So you need to give it a unique identity.

So the same agent, for example, let's say a Salesforce agent for you, Pratik and Salesforce agent for me needs to have different agent identities so that we can track the user. So that's the definition of agent identity based on that agent. And the big thing to think about here is unless you define this agent identity this way, you won't be able to track actions done by the agent and the permissions needed, all of those pieces on behalf of the user. Because if I am instructing the agent,

that agent identity need to be different than when Pratik is instructing the agent.

Prateek Joshi (21:24.078)
Right. And historically, we have all been taught that when it comes to security and password, like humans are good, bots are bad. So all bots need to be kept out and humans need to be let in. That's been like the historical premise. Now we're entering the world where everything's a bot. we now we need to not humans should be allowed in. But within bot, now we have good bots, like agents that I authorize, I want the agent to do the work. What's this malicious agents? They'll always exist. So

Rishi Bhargava (21:39.886)
Everything is a part.

Prateek Joshi (21:54.384)
How do you balance? Like, on one hand, we have to make it super easy to log in, don't bother the customer. And also on the other side, you can't let malicious, bad actors in. So how do you look at this world where now some bots are good and some bots are bad?

Rishi Bhargava (22:13.11)
I think first of all, if I look at the, it's kind of the origin of trust, right? Where do you put your trust in? Right? So I think for me, there are certain principles to go back to. Like one thing that's happening in this world is you're pretty much challenging everything that you've built over the last 20, 25 years in this world and saying, how does that apply to this new world?

And if I put those principles in, the best way to define it is in the enterprise world, everybody is going to use certain approved platforms from an agent-tick workflow perspective. So the enterprise is going to say, I'm going to use ChatGPT for the agent platform, OpenAI as the agent platform, Anthropic as the agent platform, whatever you are, Cloud or whatever, your defined agent platforms, and then I'm going to buy these products.

You can start by saying allowed only these agents and then layer a control plane to say these agents for these users or groups of users. So for my sales team, here are the three approved agents. For my developers, I'm going to use cursor. I'm going to use cloud code, whatever you want.

And that's the model. So whitelist. It's basically you're going and saying in the enterprise world, the whitelist model works. And the whitelist model will be able to say the agent identity, the user identity. So the machine identity, the user identity combined into an agent identity, you approve, you don't approve what permissions you give, what scope you get. And that's the model we are. I almost, the best way to get our role in this world is to say we are the IDP for the agents. Very simple.

there was an IDP for your workforce, there was an IDP for your customer identity, which Dsco plays in, and we are the IDP for the agents. So that's how I define it, right? So if that is the model on the consumer side though, that's very tricky. Like when I am going using Comet as the new browser to take action, Comet is the agent, it's gonna act on my behalf on every website. Does it know?

Rishi Bhargava (24:35.564)
that is it Comet doing the work or is it Rishi doing the work? If Comet purchases something on my behalf, I am authorizing it. So it's a little bit of an unsolved problem, Pratik, I think that is the world where in the consumer world and that is why the adoption of agents in the consumer world will have to see where is that source of truth and how does that world works and what is the identity model in pure consumer world unsolved yet.

Prateek Joshi (25:03.024)
And when it comes to a breach, meaning let's say if a breach happens at a customer, and what does the blast radius look like with and without the scope? Let's say before you come in, what does it look like? And after you come in, how does that change?

Rishi Bhargava (25:23.672)
This one is a very big one. And I think recently there was public vulnerability where Salesforce integrated with SalesLoft. That is another tool. And SalesLoft had the token of Salesforce on behalf of the user of the Salesforce. And that token, if SalesLoft has breached, with that token, you can log into Salesforce.

And the basic premise here is your agent should not have the token of your application.

So what I'm like the architecture to control the blast radius, right? So think about it. If you deploy agents that connect to your applications, have tokens of your applications for all your users, and a breach happens in one of those agentic platforms, that's it. All your user's identities, employees' identities, because it is the same credentials, the same big level of scope is there. You do.

So the attack surface, by the way, because people are predicting five or 20 agents to each user, is 20x, right? That's your attack surface now. The model that we are proposing and deploying now with customers is we kind of become the air gap in

We issue the token to the user. We save the token, sorry, not to the user. We issue the token to the agent and we store the token of the application in this form. So now, one, when the agent comes in, they need to connect to an application, they ask for the application token. We exchange the token, give them, they do the operation and done. What is stored and saved is a token to us. So.

Rishi Bhargava (27:24.258)
Let's say the agent platform get compromised, we nuke that agent at the scope level, done. The applications are never compromised. So it's almost like a two key system, if you will. And we are able to kind of block that in the middle. And that is the model that we're going. So the blast radius is exactly the value that people need to think about because I think suddenly what's happening is like the agents can now have access to every system, every application work on behalf.

just becomes a big, big, attack.

Prateek Joshi (27:55.888)
Amazing. I'm gonna go maybe spend a minute on company building. I mean, obviously it's not your first rodeo, so you have a ton of experience. So from Dimista, what do you wanna bring into the scope in terms of your philosophy on company building? And also what's one thing you are doing differently?

Rishi Bhargava (28:17.39)
Yeah, I think bringing into dscope, it's the team first philosophy, right team building on the right principles, building on the principles of transparency, which is very, very important to us. It's like internally who we hire, very careful planning all of those pieces. So I think that is one of the fundamental principles carrying over

from the D'Amisto days, is it's all about the team, you hire the right people and then you build on that principle. What are we doing different? I think the core principles in these philosophies remain the same, but we are in a different market, right? I mean, when I say that, it's like one of the things I realize is, this is where go back to the, I say is like,

every time you do you need to go back to zero you need to think of the problem as if with first principles. So one thing to realize here is DEMISTO was an exist was a new category. So the approach there was going to the market understand what are the needs how are the needs evolving you could predict the future a little bit and say this is where it's going. You can set the narrative of

of what is happening in the dscope world of customer identity. Now, agentic identity, that's the same world, which is set the narrative, define the tone. the customer identity world, there are large players out there. And that's a very different product, very different go-to-market, how you approach that. You almost need to be 10x better than them. So it's a very, very, very different product build, go-to-market build. That's one of the things that is very different.

Prateek Joshi (30:15.248)
I have one final question before we go to the rapid fire round. And it's regards to the speed at which AI is moving. So many developments happening in AI. As it comes to building your company, what AI advancements are the most exciting to you?

Rishi Bhargava (30:35.79)
So I think the biggest AI advancements to me is this, like, it's interesting, right? Watching the AI space over the last three, four years, LLM and LLMs being smart, being able to do things, that was amazing. But what really turned for me is this whole concept of tool or function.

And the reason is, if you think about it right, what you just did was you gave an intelligent system a set of tools which are well defined to perform actions. And there could be read actions, write actions. But that changed the world, especially in the enterprise context which is where we focus a lot on.

You're never, you were never going to get to a point or it will be very long time if you didn't take this agent calling path where my enterprise knowledge is understood by an agent, which is, or by a system LLM, which is trained on general purpose, internet data. But if I start to give this concept of tool that changes, in content, let's say a very extreme example. I'm an oil company. have oil rigs.

do drilling, you got to have go custom thing to learn that, but you can define simple tools says, here is a function which lets you ask specific questions about this. And here is a function which lets you take certain actions. And then when you give this to LLM, the outcomes are different. Like it's incredible, very powerful concept. So to me, the evolution of this agent idea and the tool calling or the function calling idea,

is a big big jump. I think the whole concept now MCP even makes it easier. So this is this is game changing like literally the agent and MCP pieces are game changing.

Prateek Joshi (32:40.912)
With that, we are at the rapid fire round. I'll ask a series of questions and would love to hear your answers in 15 seconds or less. You ready? Alright, question number one. 
Rishi Bhargava (32:48.982)
All ready? Let's go.

Prateek Joshi (33:31.33)
Which historical figure do you admire the most and why?

Rishi Bhargava (33:39.335)
I think for me, wow, this is a difficult one. I think I'm big into science and scientists and the big evolutions that have happened. And I would go back here to the whole story of Edison where it's about trying and trying and trying till you get to the answer. So the whole folklore of how many tries did you try before you got to the light bulb. That's kind of the perseverance that I really admire.

Prateek Joshi (34:08.396)
What's the one thing about agentic identity that most people don't get?

Rishi Bhargava (34:14.252)
I think the big piece about agentic identity that people don't understand is a lot of people are saying, hey, what's the new thing here? It's the machine identity. And what I'm pointing out is we at the beginning of this journey. are like literally at the very beginning of the journey. We don't even know the type of agents that will evolve and how they will evolve to perform different actions. They may have more scope and more power.

than what a typical human has in an organization. So to me, I think the one thing I want people to realize is keep an open mind. This is the beginning. So it will evolve a lot.

Prateek Joshi (34:56.014)
What separates great AI products from the merely good ones?

Rishi Bhargava (35:01.826)
I think the biggest and this one I truly believe is, are they able to deliver incremental value with every week that passes by? To me, the AI product needs to get smarter either from the context collected from the user or as it gets smarter based on new tools and based on new knowledge that it requires somewhere else. But it needs to get smarter every other day.

Prateek Joshi (35:32.964)
What have you changed your mind on recently?

Rishi Bhargava (35:36.75)
I think one of the things I changed my mind on recently is I think you need to take a very long-term view on judging people. Sometimes you are not able to see people's strengths in a short window in a six month or nine months. You need to take a very long-term view on people.

Prateek Joshi (35:59.332)
What's your wildest AI prediction for the next 12 months?

Rishi Bhargava (36:05.006)
I don't know if it is vile. think one prediction is the agent adoption in enterprise will be much faster than what enterprises are thinking. I truly believe that it will unlock a lot of value. So I don't know if it is a vile prediction. The other prediction I have is in our personal lives, and I think that I will say it's going to be two years, but each one of us will have a personal assistant.

Prateek Joshi (36:34.308)
Our final question, what's your number on advice to founders who are starting out today?

Rishi Bhargava (36:40.814)
Go back to first principles, understand your user very, very well and take baby steps rather than set big visions.

Prateek Joshi (36:55.664)
Amazing. Rishi, this has been a brilliant discussion. I love the simplicity of your explanations, especially when dealing with a complex topic like security and agents. So I really appreciate you breaking down these topics in a way that people can understand. So thanks again for coming on to the show.

Rishi Bhargava (37:14.081)
Absolutely. This was very, good, Pratik. Thank you for having me.