June 16, 2025 • 27 mins
Aaron Jacobson is one of the most insightful thinkers at the intersection of AI, robotics, and cybersecurity—and in this conversation, he separates signal from noise. We explore the future of humanoids, the shifting threat landscape in cybersecurity, and why the next wave of industry-defining companies will be built on infrastructure, not just foundation models.
Aaron Jacobson is a Partner at NEA, where he invests in AI, cybersecurity, and cloud infrastructure. He’s backed companies like Databricks, Horizon3.ai and Veza, and previously worked in tech M&A at Qatalyst Partners. In this episode, we dive into what’s real vs. hype in AI, the future of humanoids, and where the biggest opportunities in infrastructure are emerging.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Elon Musk has predicted that by 02/1940,there's gonna be over 10,000,000,000, with a b,
humanoids on planet Earth.
You've been studying this going back to yourundergrad career over two decades ago.
What do you think about these predictions?
Huge fan of all the companies that he's builtas well as him being a technologist and
(00:21):
futurist.
But I really view Elon's predictions like allof them.
They're super inspirational, but they'reoptimistic.
I think he's been promising self driving carsnow for about ten years.
And they're here, but in a very narrow fashion.
And they're nowhere as nationally distributedas, like, these bold predictions typically
imply.
And I think what's interesting about thisprediction is he's learned from the past and
(00:43):
he's put a much longer time horizon on theprediction now.
But I still think he's off by multiple ordersof magnitude because it's just going to take
much longer than people expect for us to getenough data and also for us to have
breakthroughs in the model architectures behindfoundational robotic models to allow for
general purpose humanoids.
And even beyond AI technology, we're also goingto have to think about how we scale up the
(01:08):
supply chain because to get to that manyrobots, we're going need massive investments in
motors and all the various components that youwould actually need to even build
10,000,000,000 humanoids.
What is the most difficult part about buildinga general purpose humanoid today?
There's two problems that we're running into.
(01:31):
The first is just the robustness of humanoids.
Robots are historically very good at verynarrow, very specific tasks.
But as soon as you adjust one small thing inthe task, right, you might train a robot to be
very good at folding shirts, but you give itsome jeans and it fails.
Or maybe you put it in a room that has slightlylower light and it fails on actually folding
(01:52):
that shirt.
And so the robustness and the reliability ofrobotics based off of today's foundational
models aren't there.
And look, I think there's really threefundamental challenges that we're going to need
to overcome if we're going to beat that.
The first is really the scaling law.
I mean, language models, I mean, they improveso fast just because of there was a pretty
quick understanding of the amount of data andcompute required for us to actually get
(02:15):
exponential improvement performance of theselanguage models.
But we're still quite early understanding therelationship in the robotics world just because
of how much more complex navigating thephysical world is relative to language.
I mean, just think about the human brain andhow many years it took for us to evolve
language relative to like spatial awareness andwalking and moving and navigating a three d
space.
LLMs are basically assume that look, morequantity is better.
(02:38):
And eventually once we got to15,000,000,000,000 tokens, which is the
internet and some, we started to see reallymagical results.
But with robotics, we still don't really havethe confidence in the amount of data that
matters and when we're actually going to startto see generalizable behavior like we see with
LMs emerge.
And I think there's other aspects about datawith robotics and that quantity is not going to
(02:59):
be the only thing that matters.
Quality is going to be important too, as wellas the diversity of data.
Once you go to the real world, the amount ofdifferent the amount of diversity, variance,
the combinations of what a robot will need tofigure out to actually be able to solve
problems is so huge.
It's so many more orders of magnitude than whatyou would need for language.
(03:22):
This just starts to be a very, very hard task.
You get great at robots doing very specifictasks.
But, you vary the task or you then take thatand you try to have a different robot do a
similar task.
It just doesn't work.
You can ask an LLM today, a foundational model,to write like a poem in iambic pentameter about
a snephalophagus, and you'll actually get apretty good result.
(03:42):
And I bet that that model AI has never actuallyseen a poem about a snephalophagus.
But you go and you ask a robot to potentiallypick up an item or walk down or navigate a
hallway it's never been in before, and it stillfalls over enough of a time that we're not
actually ready to commercialize thistechnology.
And I think another key part too is really wealso have a challenge in the fundamental
(04:06):
technology underpinning the creation ofrobotics models.
We need a lot of video data.
We need a lot of physical data.
So how are we actually gonna cost effectivelygather that amount of data?
You mentioned that it's so difficult for arobot to complete generalized functions.
Is there a world where we have two or threehumanoids in the home doing different types of
(04:27):
tasks?
I think the home is an open question because ofthe safety issue, right?
Unlike LLMs, you know, if your LLM fails, it'sfunny.
If your humanoid fails, potentially killssomebody.
And so I think the home, because of the safetyrequirements, and again, back to a challenge of
robotics and even AI and LMs in general, wedon't really have great ways of evaluating
these things, knowing how well they perform,knowing how robust they are, knowing how secure
(04:51):
they are, which is incredibly important in thephysical world.
So I think that that's also a fundamentallimiter to consumer and home robots.
But I think your point's accurate in that weare going to see humanoids very much in
industrial applications because these are verynarrow applications.
You can surround the humanoids with cages.
You can probably tether the humanoids.
(05:11):
Actually, you'll probably see humanoids thatdon't even need to walk around.
They'll just be humanoid robots with two arms,which can slot into an existing assembly line
or actually run a machine.
And they'll stationary, they'll be tethered, soyou want to have security concerns.
And because it's a very specific task, you'llbe able to make the economics work in terms of
the amount of data that you need to do, therobustness that you need to do.
(05:34):
And when it fails, you'll probably still havehumans in the factory that can fix it or adjust
it or get the robot up and running versus aconsumer robot, right?
You're calling customer service, the thing'sfalling over, it's broken.
Like it's just, there's just so many moreconsumer challenges that need be solved to
actually get humanoids into the home.
The industrial use case and the economics on itscale much better too.
(05:56):
You know, from day one, how much you're making,how much money you're making versus with a
humanoid, you have to do a marketing campaign,you have to invest tens of billions of dollars
before you even know if there's demand for it.
Absolutely.
I mean, the truth about robotics is thePowerPoint, it's always easy, right?
When you're selling to an industrial customer,it's just pure ROI.
How much does it cost me today?
What is the productivity and what is the ROI onyour robot?
(06:19):
And I think the biggest challenge in The US,it's a combination of labor shortages as well
as this pressure to bring manufacturing backinto The US.
And robotics is perfect for that.
But then when you actually get into production,it's really hard to get the robot to perform at
the economics and costs that you say it can do.
Everybody wants robots.
Everyone wants humanoids, but actuallydelivering a product that's reliable, robust,
(06:43):
secure, delivers the economics and is a reallygreat business model as a startup in terms of
margins and scalability, that's the hard part.
You alluded to it earlier, a couplebreakthroughs that we may need before we have
the humanoid scale.
What are some engineering or technologicalproblems that we need to solve before we could
scale humanoids?
(07:03):
Yeah.
I think I mentioned this a bit earlier, right?
It's really the cost of data collection, right?
How are we going to gather video?
Is it gathering videos?
It's going to be through teleoperations.
How are going to get enough robots out there orpotentially people out there maybe holding some
type of robotic hand or maybe tele operatingrobots in enough different situations that's
(07:24):
diverse enough that's seeing a variety ofenvironments, different objects.
How are we gonna do that that's cost effectiveso we can get enough data?
And then how much data is that going to be interms of running it through the GPUs and the
underlying compute costs to actually train amodel that's reliable?
And I think another part is the underlyingmodel architecture.
(07:45):
I mean, transformers at the end of the day,they're not that efficient.
They're good enough for LLMs.
We're able to get enough data and compute at areasonable enough cost to have magic be created
through OpenAI and Anthropic and LAMA.
But we don't have that magic yet in roboticsbecause it's still anyone's guess in terms of
the order of magnitude of the data and thecompute we need relative to the existing
(08:08):
transformers architecture.
If we found an architecture that was a 100times, a thousand times more innovative, then I
think that would really go a long way becauseit would start to function like the human
brain.
I mean, I have twins that are now almost threeand a half.
I've been watching their evolution.
I've been watching their brains, their LLMswork in real time.
And the things that they learn, it will justamaze me.
(08:30):
I'll say, how did you learn how to do that?
How did you even pick that up?
Like, who told you that?
Like, you're asking questions.
You don't like, how have you even seen enoughdata to be asking questions like this?
Because the human brain is really efficient atbuilding a world model, thinking about how the
way the world works.
And I think that's an open question whetherTransformers AI actually has a world model or
whether it's, you know, regurgitating what it'sseen before, obviously with some adjustment in
(08:54):
inference in terms of, you know, thinkingdifferently based off of the patterns that it's
been trained on.
Steel me on your thesis a little bit, whatwould make you change your mind about your
timeline for humanoids and what would make youthink that the timeline is being accelerated?
I would want to see strong evidence andprogress on that scaling law where we actually
(09:15):
see an order of magnitude improvement on arobot's capabilities across multiple platforms
in a variety of different environments as wellas tasks.
You know, maybe it's picking, packing, foldinglaundry, loading the dishwasher, being able to
introduce new objects it's never seen beforeand having it figure out and do that with a
significant improvement in terms of accuracy.
Like if you start to see that, that would startto make me believe.
(09:38):
So we're predicting 100x or 1000x evolution inAI capabilities over just the next two, three
years.
Why would that not lead to massive evolution inhumanoids and a decrease in cost of
development?
Let's talk about the AI space itself.
The jury has been out on whether LLMs are wherevalue will accrue in the ecosystem.
(10:03):
What are your views on this?
Important part of LLMs is whether they'reclosed models or open models.
Closed models being like open ianthropic, whereyou have to access that model through either
ChatGPT or maybe an API.
Open models being, you know, LAMA out of Meta,DeepSeq and Quan out of China, in which you can
actually take that model, run it yourself.
(10:24):
You have a lot more control and the ability toflex and change and customize that model.
And then you either run it yourself or you runthat you access that model on of an
infrastructure provider.
And so I think it's important to differentiatebecause there's gonna be value capture in both
of these at different layers.
(10:45):
When I think about the closed model side ofthings, I think that there's probably gonna be
one or two really successful, highly valuablecompanies, and the value capture is gonna be in
those companies because the way you consume themodel will be either through their consumer
product like ChatGPT or a developer API.
When you get into the open model, it's muchharder to commercialize the open model because
(11:08):
anybody else can run it.
And so a lot of the value in the world of openmodels, it starts to accrue in really the
infrastructure surrounding the model.
So this starts to get into companies like ourportfolio companies, Databrickson, They serve
open models like Lama on their infrastructure.
They also train and release their own openmodels.
(11:28):
But the way they make money is when you runopen models on their GPUs or you consume open
models through basically an API, and theyhandle all the underlying infrastructure
beneath you.
And so they're able to commercialize and make alot of money on that model despite not having
trained it.
And then they also surround that model with abunch of additional value add services as it
(11:51):
relates to, you know, evaluating andtroubleshooting that model, securing that
model, deploying that model, you know, in adistributed fashion so you get super low
latency.
There's also a whole bunch of best in classstartups that we funded like Martian, which is
pioneering router model routing, which is howto actually get the right prompt to the right
(12:11):
model in order to decrease cost and increaseperformance.
And so this world of open models gives way to amuch richer ecosystem in terms of who can
actually capture the value.
What is Facebook's strategy?
How would you categorize Facebook's LAMAengine?
(12:31):
It's a really interesting question.
Right?
Because Facebook's spending a lot of money onputting these open models out.
And historically, it hasn't monetized thosethrough through others.
The work and research that they've done onthose models is going back into Facebook
products.
So WhatsApp, Instagram, and that improvement isback it factors into advertising and all their
(12:53):
various products, which generates a lot morerevenue.
But the open question is like, okay.
Couldn't you do that without releasing the openmodels?
And so I think for me, it's a few things.
One, it's it's a bit of an equalizer in themodel ecosystem.
It basically forces folks like OpenAI and otherclosed model providers to become consumer
companies.
They have to compete on Facebook's terms wherethey really have to innovate on the actual
(13:16):
consumer product.
And also think more about monetizing notthrough you know, actually monetizing through
business through advertising subscriptions,things that Facebook monetizes through.
So I think that's one, to change the playingfield.
Two, I think it's also a brand.
It hugely impacts Facebook brand Facebook'sbrand.
(13:36):
There's a lot of AI engineers that reallybelieve that AI should be open because of its
controls that could potentially introducedisparities in terms of value capture, in terms
of safety.
And so I think by being a champion of opensource, Facebook accrues a ton of brand value.
You're very active in the cyberspace,cybersecurity.
(13:56):
You have very bullish on the space.
Why is cybersecurity growing so quickly today?
There's two reasons you continue to see cybergrow.
The first is just the amount of breaches andransomware attacks.
They just continue to increase.
Cybersecurity is getting worse, not better.
(14:17):
I think like global ransomware attacks went upin 2024 by 11%.
There was over 5,000 incidents.
UnitedHealth, which had a terrible '24 givensome, you know, horrible things that happened
to them, also had a major ransomware breach,which I think is now approaching like
$3,000,000,000 or so of loss.
And beyond ransomware, we've also had databreaches.
(14:37):
2024 was another banner year for data breaches.
There was over 3,000 incidents.
It was actually slightly down from 2023.
But before you get excited, that number it'salmost doubled, almost doubled from '22 to
2023.
And if you go back ten years, it's actuallylike four or five x relative to the amount of
data breaches.
So the amount of data breaches and ransomwareattacks, it's getting worse and worse, which
(15:03):
means the cyber risk that folks are facing isalso getting riskier.
And so enterprises have to spend more money inorder to keep up with the pace of advancement
and threats in the in the world ofcybersecurity, which is why you see budgets
continue to grow.
And we also have these architectural shifts,which happen too.
You get the rise of new threat surfaces, whichneed to be protected.
(15:25):
So ten years ago, was mobile and cloud.
Great.
We have all these mobile applications and cloudapplications.
All the security tools we have today on premaren't securing those tools.
Now we have to develop an entirely new securitystack to solve all the cloud and mobile
security challenges.
Now we're seeing it with AI.
Now we're deploying models.
How are we gonna secure all these models?
Now we've got our employees who wanna runagents to automate a lot of the workflows.
(15:49):
How are we gonna secure all of those agentsfrom running a mock and accessing sensitive
data and then leaking it all over the internetor leaving buckets on S3 open that somebody can
go and seal our data from.
And so the new threat services is also a keydriver of the growth in the cyber market.
(16:10):
Tell me about penetration testing, pen testing.
What is that and why is that so important incybersecurity?
Pen testing is the best practice where you testyour network and your IT infrastructure from
the outside in.
It's really mimicking the behavior of a hackerto figure out how you might actually be
breached.
The whole goal is to actually find all thevulnerabilities and then feed them back into
(16:31):
your IT or developers so that they can patchthem before a black hat can actually take
advantage of them.
This whole world of proactive of pen testing isreally around proactive cybersecurity
practices, which you can also have things likeaccess reviews in there, code scanners.
This is all a broader category, which isreally, really be coined as exposure
(16:54):
management, which is how do we figure out allthe risks to an organization and minimize the
risks before they're actually exploited.
Just like in health care, prevention is thebest medicine in cybersecurity.
But the challenge remains today that existingteams are just overwhelmed relative to the
amount of things out there that we need to findand fix, which continually puts the advantage
(17:18):
on the side of hackers.
What will cybersecurity look like in five, tenyears from now?
It's gonna get lot worse and scarier before itgets a lot better.
I'm ultimately positive about the future ofcyber of cybersecurity because of AII.
(17:39):
Certainly in the near term, we're gonna seemore sophisticated attacks.
We're gonna see deep fake attacks.
Like, we're gonna be getting voice calls fromour family members, from our CFO.
We're potentially gonna get on on Zoom calls.
There were fake that already happened.
There was a fake Zoom call that led to somebodywiring millions of dollars in a hack.
So we're gonna see a lot more of that in thenear term.
(18:01):
But in the long term, the reason it's gonna getbetter is because AI is gonna fundamentally
solve the biggest challenge in cyber, which isthe lack of talent.
We don't have enough good people, and we alsodon't have enough budget to employ those people
relative to the asymmetry that exists incybersecurity.
The offensive side, the black hat side, theycan do thousands of attacks a day, and the cost
(18:22):
of a failure is very minimal.
They just move on to the next target.
But if you're an enterprise, all you need isone bad day and you get host.
And that asymmetry is so wide is so large, youwould have to have 10, a 100, a thousand times
more people on the defensive side to actuallystand a chance of closing the gap.
But now with AI, we can actually have that.
We now actually start to train agents that areas good as our best pen testers, our best cyber
(18:47):
analysts, our best SOC analysts out there.
And now we can unleash those first in a humanin loop fashion and ultimately in an autonomous
fashion because in the long run, this isultimately gonna be complex AI agents on the
offensive side fighting complex defensive AIagents.
We can unleash those and we're that's gonnaactually close the gap on the defensive and the
(19:10):
offensive side so that in real time, we'regonna have this AI versus AI war happening of
things that are getting tested and fixed asfast as possible before the offensive side can
discover something and hack you.
How much does insurance play into thisecosystem and insuring yourself from these kind
of long tail consequences?
(19:30):
It's super important.
It's arguably gotten a lot harder because ofthe amount of breaches that are happening,
especially on the ransomware front.
I think that insurance, one of the things itactually does is encourage companies to embrace
best practices because the whole point ofinsurance is to gather as much information
about a organization and their cybersecurityprocesses to understand risk, to try to create
(19:55):
a probabilistic model of the chance of themactually being breached, underwrite that model
based off of the chance that you're actuallygonna think they're gonna be breached, the cost
of that breach, and then can you actuallyencourage the CSO or SMB to adopt certain tools
to lower that and then getting them to pay youa premium where if there is a risk, your payout
(20:16):
to them ultimately, it doesn't bankrupt thecompany.
And so if you do cyber insurance right, if youencourage CISOs to embrace the right tooling
stack, you actually do provide a better degreeof cybersecurity.
What could individuals or companies dopreventatively to decrease the chance of being
(20:36):
a victim of a cyber attack?
It's all about the basics.
Let's get back to the basics.
Multi factor authentication, least privilegedaccess.
Just look, this idea of least privileged accessis really about who can access what within your
organization.
And when you go into an enterprise, you've gotthousands of SaaS applications, on prem
(20:57):
applications.
You've got multiple clouds.
You've got on prem databases.
You've got, you know, Databricks.
You've got, you know, third party APIs.
We have we don't do a very good job ofunderstanding who can actually access what in
an enterprise and what they can do.
And so you get what's known as access sprawl,where somebody inevitably inevitably gets
(21:20):
access to something that they shouldn't.
And either that person does something wrongthat leads to a cybersecurity breach, or maybe
that person gets hacked and the hacker is ableto take up the advantage of privileges which
are escalated and shouldn't be in order toeither exfiltrate data or maybe move laterally
within an organization to eventually cause acyber breach.
(21:42):
And so if we could just get back to the basicsof only give people access to what they need
when they need, only allow them to do what theyneed to do in real time, that would solve a lot
of problems.
So the challenge, I say like, why don't we dothis?
It's really, really hard to do this at scalebecause of how fragmented IT is.
This is why we our actually most recentcybersecurity investment is in this company
(22:04):
called Vesa, which is solving for this accesschallenge.
They're able to digest all your SaaSapplications, all your databases out there, all
your clouds, all your on prem systems, customapplications, digest it, and give you a single
pane of glass so you can actually see who canaccess what and where the privilege issues are
so that you can fix them and actually enforceleast privilege access so you don't have to
(22:28):
worry about this issue down the road wheresomebody's able to do something because they
somehow got access to something they shouldn'thave otherwise had access to.
On a basic level, multifactor authenticationworks because it's very unlikely that a hacker
could hack both your computer and your phonebecause two different networks.
Is that is that a simple way to explain it?
That's the idea.
(22:49):
Yeah.
It's it's hard for hard for you hard for you tobe in two places at once.
To be very clear, I wanna be something specificabout the phone.
Text based messages, you actually can hackthose through social engineering.
There's a lot of instances of folks actuallyfiguring out to hack the multifactor SMS side
of things, which is why I really encourage youto use actually use applications and, you know,
(23:13):
basically virtual keys as the primary way ofdoing your second factor authentication, not
just text codes.
Social engineering being somebody calls you andpretends they're somebody that they're not.
Somebody calls the telecommunications providerVerizon or AT and T, and finds a customer
support rep.
(23:33):
And like I said, everybody has a bad day, andthey convince that customer support rep to
maybe transfer your number or maybe tell you acode that they just sent to you.
And so that social engineering, you know, youcan hack SMS side of that versus if you're
actually generating some type of code within anapplication like like Authy.
(23:54):
It's next to impossible to actually get thatcode unless you actually have my phone.
You steal my phone.
You log in.
You put a password in my Authy, and youactually see that code.
And then you log in, and then you have myphone.
You do all that all at once before if you havethings configured right.
I may also get a notification when someone elseis logging in on my email.
So I will now see that.
(24:14):
And if I don't have my phone and somebody'slogging in, that also now gives me awareness
that I might have potentially been breached.
So many major breaches are just peopleforgetting to configure MFA properly.
That's just like a base cybersecurity one onone.
You started your career at Francotron'sCatalyst.
(24:35):
It's a famous firm that competed directlyagainst the large investment banks.
What did you learn at Catalyst that you bringto your role at NEA?
Look, my biggest learning is on what Catalystmade Catalyst successful.
It was the founder, Frank.
Catalyst was a startup.
It was a different kind of startup.
(24:55):
Right?
It was a services startup, but ultimately itwas a startup.
And startups are so highly dependent on the DNAand ethos and the background of the founder.
Frank taught me about a lot about what to lookfor in a founder to ultimately build a
successful company.
Frank was super unrelenting and competitive.
He wanted to win every deal.
He had a chip on his shoulder given his unfairtreatment after the fall of the .com bubble.
(25:17):
He was a master of his craft.
He had an amazing, you know, unmatchedexperience in network.
Frank is also an incredible storyteller, andhe's a master of sales.
He knows how to connect with people, win themover.
Ultimately, being a founder is about resourceaggregation.
How can I convince investors, employees,customers to follow me, to believe in me, to
work with me?
(25:38):
It's the same thing with investment banking.
Fred Quatrone is a master of that craft, and alot of what I saw in Frank is something I hope
to find in the founders that I end up backingat NEA.
Venture itself as an industry is evolving at ahyperscale.
You saw Lightspeed now going to Publix.
You saw CO2 launching interval funds.
(25:59):
How do you see venture as an industry evolvingover the next decade?
Look, it makes sense to me, right?
I think that there are synergies in terms ofbeing able to invest in multiple stages.
It's why we're a multistage investment firm.
You can invest in a seed or series a company,and as that company scales, growth stage,
public company, you can invest more capital.
(26:21):
The dollars and returns and venture are soslanted.
Once you have a winner, you wanna try to get asmuch dollars into that company.
Also thinking about risk reward and time tovalue and all that, but you typically wanna get
a lot of money into that company.
And so it starts to make sense to start to havethese different ways to win as you build and
help create some of the generational companiesthat are out there.
(26:44):
How should people follow you on social?
Yeah.
You can find me on x, iron e j.
You can also find me on LinkedIn, which, youknow, I'm posting on and spend a lot of time
on.
You can also reach out to me, ajacobsonnea dotcom.
Always love meeting founders and talking aboutthe future of cyber AI and robotics.
Thank you, Aaron, for taking the time.
(27:05):
Look forward to catching up soon.
Thanks, David.
Elon Musk has predicted that by 02/1940,there's gonna be over 10,000,000,000, with a b,
humanoids on planet Earth.
You've been studying this going back to yourundergrad career over two decades ago.
What do you think about these predictions?
Huge fan of all the companies that he's builtas well as him being a technologist and
(00:21):
futurist.
But I really view Elon's predictions like allof them.
They're super inspirational, but they'reoptimistic.
I think he's been promising self driving carsnow for about ten years.
And they're here, but in a very narrow fashion.
And they're nowhere as nationally distributedas, like, these bold predictions typically
imply.
And I think what's interesting about thisprediction is he's learned from the past and
(00:43):
he's put a much longer time horizon on theprediction now.
But I still think he's off by multiple ordersof magnitude because it's just going to take
much longer than people expect for us to getenough data and also for us to have
breakthroughs in the model architectures behindfoundational robotic models to allow for
general purpose humanoids.
And even beyond AI technology, we're also goingto have to think about how we scale up the
(01:08):
supply chain because to get to that manyrobots, we're going need massive investments in
motors and all the various components that youwould actually need to even build
10,000,000,000 humanoids.
What is the most difficult part about buildinga general purpose humanoid today?
There's two problems that we're running into.
(01:31):
The first is just the robustness of humanoids.
Robots are historically very good at verynarrow, very specific tasks.
But as soon as you adjust one small thing inthe task, right, you might train a robot to be
very good at folding shirts, but you give itsome jeans and it fails.
Or maybe you put it in a room that has slightlylower light and it fails on actually folding
(01:52):
that shirt.
And so the robustness and the reliability ofrobotics based off of today's foundational
models aren't there.
And look, I think there's really threefundamental challenges that we're going to need
to overcome if we're going to beat that.
The first is really the scaling law.
I mean, language models, I mean, they improveso fast just because of there was a pretty
quick understanding of the amount of data andcompute required for us to actually get
(02:15):
exponential improvement performance of theselanguage models.
But we're still quite early understanding therelationship in the robotics world just because
of how much more complex navigating thephysical world is relative to language.
I mean, just think about the human brain andhow many years it took for us to evolve
language relative to like spatial awareness andwalking and moving and navigating a three d
space.
LLMs are basically assume that look, morequantity is better.
(02:38):
And eventually once we got to15,000,000,000,000 tokens, which is the
internet and some, we started to see reallymagical results.
But with robotics, we still don't really havethe confidence in the amount of data that
matters and when we're actually going to startto see generalizable behavior like we see with
LMs emerge.
And I think there's other aspects about datawith robotics and that quantity is not going to
(02:59):
be the only thing that matters.
Quality is going to be important too, as wellas the diversity of data.
Once you go to the real world, the amount ofdifferent the amount of diversity, variance,
the combinations of what a robot will need tofigure out to actually be able to solve
problems is so huge.
It's so many more orders of magnitude than whatyou would need for language.
(03:22):
This just starts to be a very, very hard task.
You get great at robots doing very specifictasks.
But, you vary the task or you then take thatand you try to have a different robot do a
similar task.
It just doesn't work.
You can ask an LLM today, a foundational model,to write like a poem in iambic pentameter about
a snephalophagus, and you'll actually get apretty good result.
(03:42):
And I bet that that model AI has never actuallyseen a poem about a snephalophagus.
But you go and you ask a robot to potentiallypick up an item or walk down or navigate a
hallway it's never been in before, and it stillfalls over enough of a time that we're not
actually ready to commercialize thistechnology.
And I think another key part too is really wealso have a challenge in the fundamental
(04:06):
technology underpinning the creation ofrobotics models.
We need a lot of video data.
We need a lot of physical data.
So how are we actually gonna cost effectivelygather that amount of data?
You mentioned that it's so difficult for arobot to complete generalized functions.
Is there a world where we have two or threehumanoids in the home doing different types of
(04:27):
tasks?
I think the home is an open question because ofthe safety issue, right?
Unlike LLMs, you know, if your LLM fails, it'sfunny.
If your humanoid fails, potentially killssomebody.
And so I think the home, because of the safetyrequirements, and again, back to a challenge of
robotics and even AI and LMs in general, wedon't really have great ways of evaluating
these things, knowing how well they perform,knowing how robust they are, knowing how secure
(04:51):
they are, which is incredibly important in thephysical world.
So I think that that's also a fundamentallimiter to consumer and home robots.
But I think your point's accurate in that weare going to see humanoids very much in
industrial applications because these are verynarrow applications.
You can surround the humanoids with cages.
You can probably tether the humanoids.
(05:11):
Actually, you'll probably see humanoids thatdon't even need to walk around.
They'll just be humanoid robots with two arms,which can slot into an existing assembly line
or actually run a machine.
And they'll stationary, they'll be tethered, soyou want to have security concerns.
And because it's a very specific task, you'llbe able to make the economics work in terms of
the amount of data that you need to do, therobustness that you need to do.
(05:34):
And when it fails, you'll probably still havehumans in the factory that can fix it or adjust
it or get the robot up and running versus aconsumer robot, right?
You're calling customer service, the thing'sfalling over, it's broken.
Like it's just, there's just so many moreconsumer challenges that need be solved to
actually get humanoids into the home.
The industrial use case and the economics on itscale much better too.
(05:56):
You know, from day one, how much you're making,how much money you're making versus with a
humanoid, you have to do a marketing campaign,you have to invest tens of billions of dollars
before you even know if there's demand for it.
Absolutely.
I mean, the truth about robotics is thePowerPoint, it's always easy, right?
When you're selling to an industrial customer,it's just pure ROI.
How much does it cost me today?
What is the productivity and what is the ROI onyour robot?
(06:19):
And I think the biggest challenge in The US,it's a combination of labor shortages as well
as this pressure to bring manufacturing backinto The US.
And robotics is perfect for that.
But then when you actually get into production,it's really hard to get the robot to perform at
the economics and costs that you say it can do.
Everybody wants robots.
Everyone wants humanoids, but actuallydelivering a product that's reliable, robust,
(06:43):
secure, delivers the economics and is a reallygreat business model as a startup in terms of
margins and scalability, that's the hard part.
You alluded to it earlier, a couplebreakthroughs that we may need before we have
the humanoid scale.
What are some engineering or technologicalproblems that we need to solve before we could
scale humanoids?
(07:03):
Yeah.
I think I mentioned this a bit earlier, right?
It's really the cost of data collection, right?
How are we going to gather video?
Is it gathering videos?
It's going to be through teleoperations.
How are going to get enough robots out there orpotentially people out there maybe holding some
type of robotic hand or maybe tele operatingrobots in enough different situations that's
(07:24):
diverse enough that's seeing a variety ofenvironments, different objects.
How are we gonna do that that's cost effectiveso we can get enough data?
And then how much data is that going to be interms of running it through the GPUs and the
underlying compute costs to actually train amodel that's reliable?
And I think another part is the underlyingmodel architecture.
(07:45):
I mean, transformers at the end of the day,they're not that efficient.
They're good enough for LLMs.
We're able to get enough data and compute at areasonable enough cost to have magic be created
through OpenAI and Anthropic and LAMA.
But we don't have that magic yet in roboticsbecause it's still anyone's guess in terms of
the order of magnitude of the data and thecompute we need relative to the existing
(08:08):
transformers architecture.
If we found an architecture that was a 100times, a thousand times more innovative, then I
think that would really go a long way becauseit would start to function like the human
brain.
I mean, I have twins that are now almost threeand a half.
I've been watching their evolution.
I've been watching their brains, their LLMswork in real time.
And the things that they learn, it will justamaze me.
(08:30):
I'll say, how did you learn how to do that?
How did you even pick that up?
Like, who told you that?
Like, you're asking questions.
You don't like, how have you even seen enoughdata to be asking questions like this?
Because the human brain is really efficient atbuilding a world model, thinking about how the
way the world works.
And I think that's an open question whetherTransformers AI actually has a world model or
whether it's, you know, regurgitating what it'sseen before, obviously with some adjustment in
(08:54):
inference in terms of, you know, thinkingdifferently based off of the patterns that it's
been trained on.
Steel me on your thesis a little bit, whatwould make you change your mind about your
timeline for humanoids and what would make youthink that the timeline is being accelerated?
I would want to see strong evidence andprogress on that scaling law where we actually
(09:15):
see an order of magnitude improvement on arobot's capabilities across multiple platforms
in a variety of different environments as wellas tasks.
You know, maybe it's picking, packing, foldinglaundry, loading the dishwasher, being able to
introduce new objects it's never seen beforeand having it figure out and do that with a
significant improvement in terms of accuracy.
Like if you start to see that, that would startto make me believe.
(09:38):
So we're predicting 100x or 1000x evolution inAI capabilities over just the next two, three
years.
Why would that not lead to massive evolution inhumanoids and a decrease in cost of
development?
Let's talk about the AI space itself.
The jury has been out on whether LLMs are wherevalue will accrue in the ecosystem.
(10:03):
What are your views on this?
Important part of LLMs is whether they'reclosed models or open models.
Closed models being like open ianthropic, whereyou have to access that model through either
ChatGPT or maybe an API.
Open models being, you know, LAMA out of Meta,DeepSeq and Quan out of China, in which you can
actually take that model, run it yourself.
(10:24):
You have a lot more control and the ability toflex and change and customize that model.
And then you either run it yourself or you runthat you access that model on of an
infrastructure provider.
And so I think it's important to differentiatebecause there's gonna be value capture in both
of these at different layers.
(10:45):
When I think about the closed model side ofthings, I think that there's probably gonna be
one or two really successful, highly valuablecompanies, and the value capture is gonna be in
those companies because the way you consume themodel will be either through their consumer
product like ChatGPT or a developer API.
When you get into the open model, it's muchharder to commercialize the open model because
(11:08):
anybody else can run it.
And so a lot of the value in the world of openmodels, it starts to accrue in really the
infrastructure surrounding the model.
So this starts to get into companies like ourportfolio companies, Databrickson, They serve
open models like Lama on their infrastructure.
They also train and release their own openmodels.
(11:28):
But the way they make money is when you runopen models on their GPUs or you consume open
models through basically an API, and theyhandle all the underlying infrastructure
beneath you.
And so they're able to commercialize and make alot of money on that model despite not having
trained it.
And then they also surround that model with abunch of additional value add services as it
(11:51):
relates to, you know, evaluating andtroubleshooting that model, securing that
model, deploying that model, you know, in adistributed fashion so you get super low
latency.
There's also a whole bunch of best in classstartups that we funded like Martian, which is
pioneering router model routing, which is howto actually get the right prompt to the right
(12:11):
model in order to decrease cost and increaseperformance.
And so this world of open models gives way to amuch richer ecosystem in terms of who can
actually capture the value.
What is Facebook's strategy?
How would you categorize Facebook's LAMAengine?
(12:31):
It's a really interesting question.
Right?
Because Facebook's spending a lot of money onputting these open models out.
And historically, it hasn't monetized thosethrough through others.
The work and research that they've done onthose models is going back into Facebook
products.
So WhatsApp, Instagram, and that improvement isback it factors into advertising and all their
(12:53):
various products, which generates a lot morerevenue.
But the open question is like, okay.
Couldn't you do that without releasing the openmodels?
And so I think for me, it's a few things.
One, it's it's a bit of an equalizer in themodel ecosystem.
It basically forces folks like OpenAI and otherclosed model providers to become consumer
companies.
They have to compete on Facebook's terms wherethey really have to innovate on the actual
(13:16):
consumer product.
And also think more about monetizing notthrough you know, actually monetizing through
business through advertising subscriptions,things that Facebook monetizes through.
So I think that's one, to change the playingfield.
Two, I think it's also a brand.
It hugely impacts Facebook brand Facebook'sbrand.
(13:36):
There's a lot of AI engineers that reallybelieve that AI should be open because of its
controls that could potentially introducedisparities in terms of value capture, in terms
of safety.
And so I think by being a champion of opensource, Facebook accrues a ton of brand value.
You're very active in the cyberspace,cybersecurity.
(13:56):
You have very bullish on the space.
Why is cybersecurity growing so quickly today?
There's two reasons you continue to see cybergrow.
The first is just the amount of breaches andransomware attacks.
They just continue to increase.
Cybersecurity is getting worse, not better.
(14:17):
I think like global ransomware attacks went upin 2024 by 11%.
There was over 5,000 incidents.
UnitedHealth, which had a terrible '24 givensome, you know, horrible things that happened
to them, also had a major ransomware breach,which I think is now approaching like
$3,000,000,000 or so of loss.
And beyond ransomware, we've also had databreaches.
(14:37):
2024 was another banner year for data breaches.
There was over 3,000 incidents.
It was actually slightly down from 2023.
But before you get excited, that number it'salmost doubled, almost doubled from '22 to
2023.
And if you go back ten years, it's actuallylike four or five x relative to the amount of
data breaches.
So the amount of data breaches and ransomwareattacks, it's getting worse and worse, which
(15:03):
means the cyber risk that folks are facing isalso getting riskier.
And so enterprises have to spend more money inorder to keep up with the pace of advancement
and threats in the in the world ofcybersecurity, which is why you see budgets
continue to grow.
And we also have these architectural shifts,which happen too.
You get the rise of new threat surfaces, whichneed to be protected.
(15:25):
So ten years ago, was mobile and cloud.
Great.
We have all these mobile applications and cloudapplications.
All the security tools we have today on premaren't securing those tools.
Now we have to develop an entirely new securitystack to solve all the cloud and mobile
security challenges.
Now we're seeing it with AI.
Now we're deploying models.
How are we gonna secure all these models?
Now we've got our employees who wanna runagents to automate a lot of the workflows.
(15:49):
How are we gonna secure all of those agentsfrom running a mock and accessing sensitive
data and then leaking it all over the internetor leaving buckets on S3 open that somebody can
go and seal our data from.
And so the new threat services is also a keydriver of the growth in the cyber market.
(16:10):
Tell me about penetration testing, pen testing.
What is that and why is that so important incybersecurity?
Pen testing is the best practice where you testyour network and your IT infrastructure from
the outside in.
It's really mimicking the behavior of a hackerto figure out how you might actually be
breached.
The whole goal is to actually find all thevulnerabilities and then feed them back into
(16:31):
your IT or developers so that they can patchthem before a black hat can actually take
advantage of them.
This whole world of proactive of pen testing isreally around proactive cybersecurity
practices, which you can also have things likeaccess reviews in there, code scanners.
This is all a broader category, which isreally, really be coined as exposure
(16:54):
management, which is how do we figure out allthe risks to an organization and minimize the
risks before they're actually exploited.
Just like in health care, prevention is thebest medicine in cybersecurity.
But the challenge remains today that existingteams are just overwhelmed relative to the
amount of things out there that we need to findand fix, which continually puts the advantage
(17:18):
on the side of hackers.
What will cybersecurity look like in five, tenyears from now?
It's gonna get lot worse and scarier before itgets a lot better.
I'm ultimately positive about the future ofcyber of cybersecurity because of AII.
(17:39):
Certainly in the near term, we're gonna seemore sophisticated attacks.
We're gonna see deep fake attacks.
Like, we're gonna be getting voice calls fromour family members, from our CFO.
We're potentially gonna get on on Zoom calls.
There were fake that already happened.
There was a fake Zoom call that led to somebodywiring millions of dollars in a hack.
So we're gonna see a lot more of that in thenear term.
(18:01):
But in the long term, the reason it's gonna getbetter is because AI is gonna fundamentally
solve the biggest challenge in cyber, which isthe lack of talent.
We don't have enough good people, and we alsodon't have enough budget to employ those people
relative to the asymmetry that exists incybersecurity.
The offensive side, the black hat side, theycan do thousands of attacks a day, and the cost
(18:22):
of a failure is very minimal.
They just move on to the next target.
But if you're an enterprise, all you need isone bad day and you get host.
And that asymmetry is so wide is so large, youwould have to have 10, a 100, a thousand times
more people on the defensive side to actuallystand a chance of closing the gap.
But now with AI, we can actually have that.
We now actually start to train agents that areas good as our best pen testers, our best cyber
(18:47):
analysts, our best SOC analysts out there.
And now we can unleash those first in a humanin loop fashion and ultimately in an autonomous
fashion because in the long run, this isultimately gonna be complex AI agents on the
offensive side fighting complex defensive AIagents.
We can unleash those and we're that's gonnaactually close the gap on the defensive and the
(19:10):
offensive side so that in real time, we'regonna have this AI versus AI war happening of
things that are getting tested and fixed asfast as possible before the offensive side can
discover something and hack you.
How much does insurance play into thisecosystem and insuring yourself from these kind
of long tail consequences?
(19:30):
It's super important.
It's arguably gotten a lot harder because ofthe amount of breaches that are happening,
especially on the ransomware front.
I think that insurance, one of the things itactually does is encourage companies to embrace
best practices because the whole point ofinsurance is to gather as much information
about a organization and their cybersecurityprocesses to understand risk, to try to create
(19:55):
a probabilistic model of the chance of themactually being breached, underwrite that model
based off of the chance that you're actuallygonna think they're gonna be breached, the cost
of that breach, and then can you actuallyencourage the CSO or SMB to adopt certain tools
to lower that and then getting them to pay youa premium where if there is a risk, your payout
(20:16):
to them ultimately, it doesn't bankrupt thecompany.
And so if you do cyber insurance right, if youencourage CISOs to embrace the right tooling
stack, you actually do provide a better degreeof cybersecurity.
What could individuals or companies dopreventatively to decrease the chance of being
(20:36):
a victim of a cyber attack?
It's all about the basics.
Let's get back to the basics.
Multi factor authentication, least privilegedaccess.
Just look, this idea of least privileged accessis really about who can access what within your
organization.
And when you go into an enterprise, you've gotthousands of SaaS applications, on prem
(20:57):
applications.
You've got multiple clouds.
You've got on prem databases.
You've got, you know, Databricks.
You've got, you know, third party APIs.
We have we don't do a very good job ofunderstanding who can actually access what in
an enterprise and what they can do.
And so you get what's known as access sprawl,where somebody inevitably inevitably gets
(21:20):
access to something that they shouldn't.
And either that person does something wrongthat leads to a cybersecurity breach, or maybe
that person gets hacked and the hacker is ableto take up the advantage of privileges which
are escalated and shouldn't be in order toeither exfiltrate data or maybe move laterally
within an organization to eventually cause acyber breach.
(21:42):
And so if we could just get back to the basicsof only give people access to what they need
when they need, only allow them to do what theyneed to do in real time, that would solve a lot
of problems.
So the challenge, I say like, why don't we dothis?
It's really, really hard to do this at scalebecause of how fragmented IT is.
This is why we our actually most recentcybersecurity investment is in this company
(22:04):
called Vesa, which is solving for this accesschallenge.
They're able to digest all your SaaSapplications, all your databases out there, all
your clouds, all your on prem systems, customapplications, digest it, and give you a single
pane of glass so you can actually see who canaccess what and where the privilege issues are
so that you can fix them and actually enforceleast privilege access so you don't have to
(22:28):
worry about this issue down the road wheresomebody's able to do something because they
somehow got access to something they shouldn'thave otherwise had access to.
On a basic level, multifactor authenticationworks because it's very unlikely that a hacker
could hack both your computer and your phonebecause two different networks.
Is that is that a simple way to explain it?
That's the idea.
(22:49):
Yeah.
It's it's hard for hard for you hard for you tobe in two places at once.
To be very clear, I wanna be something specificabout the phone.
Text based messages, you actually can hackthose through social engineering.
There's a lot of instances of folks actuallyfiguring out to hack the multifactor SMS side
of things, which is why I really encourage youto use actually use applications and, you know,
(23:13):
basically virtual keys as the primary way ofdoing your second factor authentication, not
just text codes.
Social engineering being somebody calls you andpretends they're somebody that they're not.
Somebody calls the telecommunications providerVerizon or AT and T, and finds a customer
support rep.
(23:33):
And like I said, everybody has a bad day, andthey convince that customer support rep to
maybe transfer your number or maybe tell you acode that they just sent to you.
And so that social engineering, you know, youcan hack SMS side of that versus if you're
actually generating some type of code within anapplication like like Authy.
(23:54):
It's next to impossible to actually get thatcode unless you actually have my phone.
You steal my phone.
You log in.
You put a password in my Authy, and youactually see that code.
And then you log in, and then you have myphone.
You do all that all at once before if you havethings configured right.
I may also get a notification when someone elseis logging in on my email.
So I will now see that.
(24:14):
And if I don't have my phone and somebody'slogging in, that also now gives me awareness
that I might have potentially been breached.
So many major breaches are just peopleforgetting to configure MFA properly.
That's just like a base cybersecurity one onone.
You started your career at Francotron'sCatalyst.
(24:35):
It's a famous firm that competed directlyagainst the large investment banks.
What did you learn at Catalyst that you bringto your role at NEA?
Look, my biggest learning is on what Catalystmade Catalyst successful.
It was the founder, Frank.
Catalyst was a startup.
It was a different kind of startup.
(24:55):
Right?
It was a services startup, but ultimately itwas a startup.
And startups are so highly dependent on the DNAand ethos and the background of the founder.
Frank taught me about a lot about what to lookfor in a founder to ultimately build a
successful company.
Frank was super unrelenting and competitive.
He wanted to win every deal.
He had a chip on his shoulder given his unfairtreatment after the fall of the .com bubble.
(25:17):
He was a master of his craft.
He had an amazing, you know, unmatchedexperience in network.
Frank is also an incredible storyteller, andhe's a master of sales.
He knows how to connect with people, win themover.
Ultimately, being a founder is about resourceaggregation.
How can I convince investors, employees,customers to follow me, to believe in me, to
work with me?
(25:38):
It's the same thing with investment banking.
Fred Quatrone is a master of that craft, and alot of what I saw in Frank is something I hope
to find in the founders that I end up backingat NEA.
Venture itself as an industry is evolving at ahyperscale.
You saw Lightspeed now going to Publix.
You saw CO2 launching interval funds.
(25:59):
How do you see venture as an industry evolvingover the next decade?
Look, it makes sense to me, right?
I think that there are synergies in terms ofbeing able to invest in multiple stages.
It's why we're a multistage investment firm.
You can invest in a seed or series a company,and as that company scales, growth stage,
public company, you can invest more capital.
(26:21):
The dollars and returns and venture are soslanted.
Once you have a winner, you wanna try to get asmuch dollars into that company.
Also thinking about risk reward and time tovalue and all that, but you typically wanna get
a lot of money into that company.
And so it starts to make sense to start to havethese different ways to win as you build and
help create some of the generational companiesthat are out there.
(26:44):
How should people follow you on social?
Yeah.
You can find me on x, iron e j.
You can also find me on LinkedIn, which, youknow, I'm posting on and spend a lot of time
on.
You can also reach out to me, ajacobsonnea dotcom.
Always love meeting founders and talking aboutthe future of cyber AI and robotics.
Thank you, Aaron, for taking the time.
(27:05):
Look forward to catching up soon.
Thanks, David.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.