Lessons from Arvind Nithrakashyap, Co-Founder and CTO of Rubrik, on scaling cyber resilience platforms, building multiple product curves, and implementing AI across both products and operations.
Company Snapshot:
Founded: January 2014 (11 years)
Current ARR: $1.09B+ (Q1 FY2025)
Growth Rate: 39% YoY ARR growth, 47% revenue growth
NPS Score: 80 (exceptionally high for enterprise software)
Net Revenue Retention: 133% (as of Jan 2024)
Customers: 2,246 customers with $100K+ ARR contracts
IPO: April 2024 on NYSE (RBRK) at $5.6B valuation
What Rubrik Does: • Zero Trust Data Security platform for cyber resilience • Data protection, backup & recovery across hybrid cloud environments • Data security posture management and threat detection • AI-powered data governance and compliance solutions • Ransomware recovery with $10M warranty program
After 11 years of relentless execution, Rubrik has achieved what many B2B companies only dream of: crossing the $1 billion ARR milestone with 39% year-over-year growth and an extraordinary 80 NPS score. But perhaps more impressive than these numbers is how Co-Founder and CTO Arvind Nithrakashyap has positioned the company at the intersection of two of enterprise software’s most critical trends: cybersecurity and artificial intelligence.
In a recent deep dive at SaaStr Annual + AI Summit 2025, Arvind shared the tactical playbook behind Rubrik’s scale, revealing counterintuitive strategies for product development, customer success, and AI adoption that challenge conventional SaaS wisdom.
The Multi-Product Growth Engine: Why “Say No to 95%” Doesn’t Work at Enterprise Scale
Most SaaS advice tells founders to focus ruthlessly and say no to 95% of requests. Arvind fundamentally disagrees—at least when it comes to large enterprise customers.
“I don’t believe in saying no to 95% of requests. You have to say yes to everything with large Fortune 500 customers. If you miss a $100K deal today, you’re potentially walking away from a 20-30x lifetime value down the road.”
This philosophy has driven Rubrik’s expansion from a core data protection platform to multiple product pillars spanning data protection, data security, and AI enablement. But saying yes to everything requires a systematic approach to innovation and go-to-market execution.
The Hackathon-to-Product Pipeline
Rubrik’s new product development follows a surprisingly grassroots approach. Almost every product in their current portfolio started as a 24-hour hackathon project:
10 hackathons over 11 years with consistent execution since year two
130 submissions in their most recent hackathon
Top 10 projects get formal review and consideration
Systematic evaluation process to identify commercial potential
“It all starts with a few engineers spending 24 hours hacking up something and saying, ‘hey, here’s an interesting idea,'” Arvind explains. This bottom-up innovation model ensures product ideas come from technical feasibility rather than market research alone.
The Three-Stage Go-to-Market Conveyor Belt
Once a product shows promise, Rubrik deploys what they call their “RX” process—a systematic go-to-market incubation engine:
Stage 1: Go-to-Market Incubation (0 to $10M)
Dedicated team that only gets paid for selling the new product
Cross-functional squad: engineers, product managers, sales, marketing
Rapid iteration on both product and messaging
Deep customer discovery and market validation
Stage 2: Product Line Sales (10 to $100M)
Scale the successful formula to 10-20 dedicated sellers
Continued focus on the specific product line
Refinement of sales processes and customer success playbooks
Stage 3: Core Sales Integration ($100M+)
Integration with the main sales organization
Mature product with proven market fit
Established messaging and sales processes
This approach solves a critical challenge most SaaS companies face: how do you enable a large sales team to sell new products without disrupting their core business performance?
Customer Success at Scale: The Transparency Advantage
Achieving an 80 NPS score while scaling to $1B+ ARR seems almost impossible. Arvind attributes this to two core principles that were established from day one.
Founder-Level Customer Obsession
Both Arvind and his co-founder were literally the first support team members, taking calls directly from beta customers. This wasn’t just a startup necessity—it was a cultural decision that permeated the entire organization.
“There was an early-stage customer—a law firm at 4 PM—that had an email system issue. I literally booked a flight that night, took the red eye, was with them for two days sitting there until it was resolved, then flew back.”
This level of commitment created a “customer-first” DNA that scaled throughout the organization. Today, when any customer has a problem, engineers still drop everything to help resolve it.
Radical Transparency in Customer Relationships
Perhaps counterintuitively, Rubrik’s approach to customer challenges is radical honesty, even when it means admitting they can’t meet requirements.
Arvind shared a telling example: “A very large retailer in Europe came with huge Oracle database requirements. They said, ‘without this, we’re not going to buy you.’ After evaluation, we realized we couldn’t meet their 7x reduction requirement. So my engineer and I went in front of the customer and said, ‘You know what? What you want today isn’t going to happen today. But we will invest in this, and in six months we’ll be able to deliver it to you. But if you want to go with somebody else, we would totally understand.’ The next day they came back and said, ‘We’ll go with you.'”
This approach works because it builds trust. Customers prefer honest assessment over over-promising and under-delivering.
AI Strategy: Product Enhancement vs. Platform Enablement
Rubrik’s AI strategy operates on two distinct tracks, each addressing different market needs and opportunities.
Track 1: AI-Enhanced Product Experience
Rubrik’s first AI initiative focuses on making their complex platform more accessible through “Ruby”—an AI companion for their SaaS platform.
The Problem: Rubrik’s platform handles data across data centers, cloud VMs, databases, object storage, and SaaS applications. When security incidents occur, IT personas often lack the knowledge to respond effectively.
The Solution: Ruby serves as an intelligent assistant that:
Explains security concepts and IOCs (Indicators of Compromise)
Recommends next steps based on specific scenarios
Queries the product through APIs to provide contextual answers
Leverages knowledge bases, documentation, and support articles
This isn’t just a chatbot—it’s a sophisticated system designed to enable self-service support and reduce the expertise barrier for complex cybersecurity operations.
Track 2: Enterprise AI Data Platform
The second track addresses a broader market opportunity: enabling enterprises to build AI applications securely.
Arvind observed that “80% of AI POCs don’t make it to production,” often because of data access and security challenges rather than AI model limitations. Enterprises struggle with:
Data Access: Getting the right data for specific use cases
Permission Management: Ensuring users only access authorized data
Sensitive Data Protection: Preventing financial documents or PII from being exposed to unauthorized users
Rubrik realized their 11-year investment in enterprise data management positioned them perfectly to solve these problems:
Unified Data Platform: All enterprise data in a single, accessible platform
Automatic Refresh: Data updated daily or hourly
Permission Understanding: Built-in access controls
Sensitive Data Masking: Automatic detection and suppression of sensitive information
Their new product, Anapurna, aims to let enterprises “focus on your business use case, focus on your workflow, focus on building the right kind of agents, but don’t worry about the data.”
Internal AI Adoption: Legal-Led Innovation
Rubrik’s internal AI adoption strategy offers a fascinating case study in organizational change management, particularly because it’s led by their VP of Legal—an unconventional choice that has proven highly effective.
AI Governance Committee
Rather than treating AI adoption as purely a technology initiative, Rubrik established an AI governance committee including InfoSec, Legal, and business stakeholders. This committee evaluates AI tools and use cases for security and compliance before deployment.
The AI Summit Approach
Recognizing that grassroots adoption was happening regardless of top-down initiatives, Rubrik held an internal AI summit to:
Consolidate Tools: Reduce the proliferation of different AI tools across teams
Share Best Practices: Enable cross-functional learning about what works
Platform Strategy: Prioritize building on Rubrik’s own platform where possible
Education: Provide basic education on generative AI, RAG, and implementation approaches
Adoption Challenges
Despite providing tools and training, Arvind notes that “even if you put these tools out there, people just don’t adopt it easily. They try it once, doesn’t work, they’re like, ‘oh no, I’m not going to go there.’ So you’ve got to keep pushing people to go adopt it.”
This highlights a critical insight: AI adoption isn’t just about tool availability—it requires ongoing change management and support.
Measuring AI ROI: Business Metrics Over AI Metrics
Perhaps the most tactical insight from Arvind’s approach is how Rubrik measures AI success. Rather than focusing on AI-specific metrics, they prioritize business outcomes.
Engineering AI Metrics
Primary Business Metrics:
Roadmap Delivery: Reduction in net delay for planned releases (measuring if Q3 deliveries actually happen in Q3 vs. 15-30 days later)
Quality Index: Defects per account and support cases per account to ensure speed doesn’t compromise quality
Secondary AI Metrics:
Percentage of code generated by AI
Mean Time to Resolution (MTTR) for defects
Other technical efficiency measures
The Business-First Philosophy
“At the end of the day, we measure ourselves by: did these business metrics actually go down? If they didn’t, then it doesn’t matter. I can do 100% AI code. If we don’t meet those business metrics, it makes no difference to the business.”
This approach ensures AI initiatives stay grounded in actual business value rather than getting caught up in technology for its own sake.
Key Takeaways for SaaS Leaders
Rubrik’s journey from startup to $1B+ ARR platform offers several counterintuitive lessons for SaaS leaders:
1. Enterprise Strategy: Say yes to large customers, then figure out how to deliver efficiently
2. Innovation Process: Systematic hackathon-to-product pipelines can drive meaningful innovation
3. Go-to-Market: Use dedicated incubation teams before scaling to core sales
4. Customer Success: Radical transparency builds stronger relationships than over-promising
5. AI Product Strategy: Consider both product enhancement and platform enablement opportunities
6. AI Adoption: Legal and compliance stakeholders should be partners, not obstacles
7. AI Measurement: Business metrics matter more than AI-specific metrics
As enterprises navigate the intersection of cybersecurity and AI, Rubrik’s approach demonstrates that success comes not from choosing between these priorities, but from systematically addressing both through disciplined execution and customer-centric innovation.
The companies that will lead the next decade of enterprise software won’t just be AI companies or cybersecurity companies—they’ll be the ones that solve real business problems at the intersection of multiple technology trends, backed by the operational discipline to scale efficiently while maintaining extraordinary customer satisfaction.
Share this post