Lessons from Arvind Nithrakashyap, Co-Founder and CTO of Rubrik, on scaling cyber resilience platforms, building multiple product curves, and implementing AI across both products and operations.
Company Snapshot:
Founded: January 2014 (11 years)
Current ARR: $1.09B+ (Q1 FY2025)
Growth Rate: 39% YoY ARR growth, 47% revenue growth
NPS Score: 80 (exceptionally high for enterprise software)
Net Revenue Retention: 133% (as of Jan 2024)
Customers: 2,246 customers with $100K+ ARR contracts
IPO: April 2024 on NYSE (RBRK) at $5.6B valuation
What Rubrik Does: ⢠Zero Trust Data Security platform for cyber resilience ⢠Data protection, backup & recovery across hybrid cloud environments ⢠Data security posture management and threat detection ⢠AI-powered data governance and compliance solutions ⢠Ransomware recovery with $10M warranty program
After 11 years of relentless execution, Rubrik has achieved what many B2B companies only dream of: crossing the $1 billion ARR milestone with 39% year-over-year growth and an extraordinary 80 NPS score. But perhaps more impressive than these numbers is how Co-Founder and CTO Arvind Nithrakashyap has positioned the company at the intersection of two of enterprise softwareâs most critical trends: cybersecurity and artificial intelligence.
In a recent deep dive at SaaStr Annual + AI Summit 2025, Arvind shared the tactical playbook behind Rubrikâs scale, revealing counterintuitive strategies for product development, customer success, and AI adoption that challenge conventional SaaS wisdom.
The Multi-Product Growth Engine: Why âSay No to 95%â Doesnât Work at Enterprise Scale
Most SaaS advice tells founders to focus ruthlessly and say no to 95% of requests. Arvind fundamentally disagreesâat least when it comes to large enterprise customers.
âI donât believe in saying no to 95% of requests. You have to say yes to everything with large Fortune 500 customers. If you miss a $100K deal today, youâre potentially walking away from a 20-30x lifetime value down the road.â
This philosophy has driven Rubrikâs expansion from a core data protection platform to multiple product pillars spanning data protection, data security, and AI enablement. But saying yes to everything requires a systematic approach to innovation and go-to-market execution.
The Hackathon-to-Product Pipeline
Rubrikâs new product development follows a surprisingly grassroots approach. Almost every product in their current portfolio started as a 24-hour hackathon project:
10 hackathons over 11 years with consistent execution since year two
130 submissions in their most recent hackathon
Top 10 projects get formal review and consideration
Systematic evaluation process to identify commercial potential
âIt all starts with a few engineers spending 24 hours hacking up something and saying, âhey, hereâs an interesting idea,'â Arvind explains. This bottom-up innovation model ensures product ideas come from technical feasibility rather than market research alone.
The Three-Stage Go-to-Market Conveyor Belt
Once a product shows promise, Rubrik deploys what they call their âRXâ processâa systematic go-to-market incubation engine:
Stage 1: Go-to-Market Incubation (0 to $10M)
Dedicated team that only gets paid for selling the new product
Cross-functional squad: engineers, product managers, sales, marketing
Rapid iteration on both product and messaging
Deep customer discovery and market validation
Stage 2: Product Line Sales (10 to $100M)
Scale the successful formula to 10-20 dedicated sellers
Continued focus on the specific product line
Refinement of sales processes and customer success playbooks
Stage 3: Core Sales Integration ($100M+)
Integration with the main sales organization
Mature product with proven market fit
Established messaging and sales processes
This approach solves a critical challenge most SaaS companies face: how do you enable a large sales team to sell new products without disrupting their core business performance?
Customer Success at Scale: The Transparency Advantage
Achieving an 80 NPS score while scaling to $1B+ ARR seems almost impossible. Arvind attributes this to two core principles that were established from day one.
Founder-Level Customer Obsession
Both Arvind and his co-founder were literally the first support team members, taking calls directly from beta customers. This wasnât just a startup necessityâit was a cultural decision that permeated the entire organization.
âThere was an early-stage customerâa law firm at 4 PMâthat had an email system issue. I literally booked a flight that night, took the red eye, was with them for two days sitting there until it was resolved, then flew back.â
This level of commitment created a âcustomer-firstâ DNA that scaled throughout the organization. Today, when any customer has a problem, engineers still drop everything to help resolve it.
Radical Transparency in Customer Relationships
Perhaps counterintuitively, Rubrikâs approach to customer challenges is radical honesty, even when it means admitting they canât meet requirements.
Arvind shared a telling example: âA very large retailer in Europe came with huge Oracle database requirements. They said, âwithout this, weâre not going to buy you.â After evaluation, we realized we couldnât meet their 7x reduction requirement. So my engineer and I went in front of the customer and said, âYou know what? What you want today isnât going to happen today. But we will invest in this, and in six months weâll be able to deliver it to you. But if you want to go with somebody else, we would totally understand.â The next day they came back and said, âWeâll go with you.'â
This approach works because it builds trust. Customers prefer honest assessment over over-promising and under-delivering.
AI Strategy: Product Enhancement vs. Platform Enablement
Rubrikâs AI strategy operates on two distinct tracks, each addressing different market needs and opportunities.
Track 1: AI-Enhanced Product Experience
Rubrikâs first AI initiative focuses on making their complex platform more accessible through âRubyââan AI companion for their SaaS platform.
The Problem: Rubrikâs platform handles data across data centers, cloud VMs, databases, object storage, and SaaS applications. When security incidents occur, IT personas often lack the knowledge to respond effectively.
The Solution: Ruby serves as an intelligent assistant that:
Explains security concepts and IOCs (Indicators of Compromise)
Recommends next steps based on specific scenarios
Queries the product through APIs to provide contextual answers
Leverages knowledge bases, documentation, and support articles
This isnât just a chatbotâitâs a sophisticated system designed to enable self-service support and reduce the expertise barrier for complex cybersecurity operations.
Track 2: Enterprise AI Data Platform
The second track addresses a broader market opportunity: enabling enterprises to build AI applications securely.
Arvind observed that â80% of AI POCs donât make it to production,â often because of data access and security challenges rather than AI model limitations. Enterprises struggle with:
Data Access: Getting the right data for specific use cases
Permission Management: Ensuring users only access authorized data
Sensitive Data Protection: Preventing financial documents or PII from being exposed to unauthorized users
Rubrik realized their 11-year investment in enterprise data management positioned them perfectly to solve these problems:
Unified Data Platform: All enterprise data in a single, accessible platform
Automatic Refresh: Data updated daily or hourly
Permission Understanding: Built-in access controls
Sensitive Data Masking: Automatic detection and suppression of sensitive information
Their new product, Anapurna, aims to let enterprises âfocus on your business use case, focus on your workflow, focus on building the right kind of agents, but donât worry about the data.â
Internal AI Adoption: Legal-Led Innovation
Rubrikâs internal AI adoption strategy offers a fascinating case study in organizational change management, particularly because itâs led by their VP of Legalâan unconventional choice that has proven highly effective.
AI Governance Committee
Rather than treating AI adoption as purely a technology initiative, Rubrik established an AI governance committee including InfoSec, Legal, and business stakeholders. This committee evaluates AI tools and use cases for security and compliance before deployment.
The AI Summit Approach
Recognizing that grassroots adoption was happening regardless of top-down initiatives, Rubrik held an internal AI summit to:
Consolidate Tools: Reduce the proliferation of different AI tools across teams
Share Best Practices: Enable cross-functional learning about what works
Platform Strategy: Prioritize building on Rubrikâs own platform where possible
Education: Provide basic education on generative AI, RAG, and implementation approaches
Adoption Challenges
Despite providing tools and training, Arvind notes that âeven if you put these tools out there, people just donât adopt it easily. They try it once, doesnât work, theyâre like, âoh no, Iâm not going to go there.â So youâve got to keep pushing people to go adopt it.â
This highlights a critical insight: AI adoption isnât just about tool availabilityâit requires ongoing change management and support.
Measuring AI ROI: Business Metrics Over AI Metrics
Perhaps the most tactical insight from Arvindâs approach is how Rubrik measures AI success. Rather than focusing on AI-specific metrics, they prioritize business outcomes.
Engineering AI Metrics
Primary Business Metrics:
Roadmap Delivery: Reduction in net delay for planned releases (measuring if Q3 deliveries actually happen in Q3 vs. 15-30 days later)
Quality Index: Defects per account and support cases per account to ensure speed doesnât compromise quality
Secondary AI Metrics:
Percentage of code generated by AI
Mean Time to Resolution (MTTR) for defects
Other technical efficiency measures
The Business-First Philosophy
âAt the end of the day, we measure ourselves by: did these business metrics actually go down? If they didnât, then it doesnât matter. I can do 100% AI code. If we donât meet those business metrics, it makes no difference to the business.â
This approach ensures AI initiatives stay grounded in actual business value rather than getting caught up in technology for its own sake.
Key Takeaways for SaaS Leaders
Rubrikâs journey from startup to $1B+ ARR platform offers several counterintuitive lessons for SaaS leaders:
1. Enterprise Strategy: Say yes to large customers, then figure out how to deliver efficiently
2. Innovation Process: Systematic hackathon-to-product pipelines can drive meaningful innovation
3. Go-to-Market: Use dedicated incubation teams before scaling to core sales
4. Customer Success: Radical transparency builds stronger relationships than over-promising
5. AI Product Strategy: Consider both product enhancement and platform enablement opportunities
6. AI Adoption: Legal and compliance stakeholders should be partners, not obstacles
7. AI Measurement: Business metrics matter more than AI-specific metrics
As enterprises navigate the intersection of cybersecurity and AI, Rubrikâs approach demonstrates that success comes not from choosing between these priorities, but from systematically addressing both through disciplined execution and customer-centric innovation.
The companies that will lead the next decade of enterprise software wonât just be AI companies or cybersecurity companiesâtheyâll be the ones that solve real business problems at the intersection of multiple technology trends, backed by the operational discipline to scale efficiently while maintaining extraordinary customer satisfaction.
