Kevin (00:02)
Welcome to What Matters Most, the Sands Capital podcast in which we explore the way the world is changing around us and the companies that are driving that change. Typically, on this podcast, we dive into a specific business, unpack what makes it a special company, and why it might be an interesting investment for us here at Sands Capital. But today, we’re going to take a slightly different approach. We’re going to take a little bit more of a thematic view of a very particular area.
And that area is global resilience. So the systems we depend on every day—financial networks, health care delivery, government services, global supply chains—are only as resilient as the technology that underpins them. In this episode, we’ll explore why applied AI and cybersecurity have become foundational to global resilience, how Sands Capital has invested in these areas for years, and what excites the team about where innovation is heading.
Today I’m joined by Michael Graninger, a managing partner at Sands Capital who is intimately involved in uncovering these business opportunities and building a venture portfolio around those. So, Mike, thanks for joining me today.
We’re going to throw a slight curveball in how we start this podcast, a little different than the—usually we would dive right into who are you—but let’s do this first. Let’s set a little context.
Mike Graninger (01:06)
Thanks for having me.
Kevin (01:19)
People are very familiar with this topic. Others are just coming to it for the first time. Give us a story or an anecdote, help set the stage on what resilience, global resilience, or resilience investing means to you. Is there something in your past that kind of helps set some context for us?
Mike Graninger (01:35)
It’s a good question. Resilience has become, I think, in the last year or two, quite a buzzword. But it’s something I came into, honestly, mid-career.
You know, I started—not to go back too far—but a career, typical business career, quant background, consulting, investment. But then happened, and my world—
I think much like most people’s world—changed, my worldview changed in particular. I just made a decision that I wanted a more mission-driven life. Not just the money, but something—a purpose—my work.
And I think because of that sort of change, I found my way to a company called In-Q-Tel, which is the strategic investment arm of the U.S. intelligence community. You know, we invested in venture-backed companies to help the U.S. intelligence community. In-Q-Tel was formed by George Tenet, who was the director at the time, Sue Gordon, and some others. They conceived it because, at the time, typical defense contractors couldn’t meet the technological needs to address how fast the world was changing. This is sort of early 2000s. But their view was that Silicon Valley could. There’s a big history of the intelligence community working with Silicon Valley. We can talk about that later. But generally, we were good at building fighter jets and things like that inside the Beltway, but not so great at building fast, inexpensive solutions to address a world that was different than we knew of yesterday.
And some of the interesting problems that we tackled early—what I would call early 2000s resilience problems—were things like after 9/11, or before 9/11 really, CIA didn’t talk to FBI, didn’t talk to NSA, and that created a big problem. After 9/11, radios between the agencies and law enforcement weren’t compatible, which caused a big problem. And this new data that we were collecting about the world and how to protect ourselves in a new world—
We didn’t have systems that could handle those problems. That was my first foray into the resilience world. And it was just very attractive to me. It let me apply the skills that I had built up to that time in some small way to afford the mission to build a stronger, better country. It may sound idealistic, but maybe that’s what it was a little bit.
Kevin (03:51)
That is context for this conversation. So thanks for sharing that. Let’s dive a little deeper, though, before we start into who you are. What role do you play here at Sands Capital? And maybe talk a little bit about what brought you to Sands.
Mike Graninger (04:06)
I was in In-Q-Tel for about 15 years, working on some problems—you know, some wins, some losses—you know, took a long time to get things done.
And I think coming to Sands, to be in a firm that had top-to-bottom resources from public through private, great interconnectivity, great reach, to be able to continue to work on some of these issues and problems and make some great—and service clients in a way that I hadn’t been able to do before—was very attractive.
Kevin (04:32)
And how did Sands kind of fit into the picture? Are you finding it a place where you can kind of explore, express your curiosity in this?
Mike Graninger (04:43)
When I came to Sands on the venture side, we had a broader mandate than just resilience that we have now. AI and cybersecurity are going to be our primary focuses, as we’ll talk about. But we had a broader lens. The thing about Sands is that we interact with companies all along the, if you will, of their existence. I explore young private companies. We invest in early-stage entrepreneurs and help them build companies. We have a later-stage private fund that invests in things that already have a lot of momentum—things like Databricks and OpenAI. And then, on the public side, we’re invested in all the top companies in the world in the AI and cyber spaces and beyond, really. And so to have a reach from early stage all the way through the Googles, the Amazons, the Metas, the NVIDIAs of the world really gives me a lens to look at the world that I can’t get anyplace else. And that makes Sands fairly unique in that fashion and function.
Kevin (05:40)
I think, Mike, it might be helpful if we stepped back and just gave us a quick description on your team and the strategy that you’re working on.
Mike Graninger (05:50)
We generally invest from seed stage to Series B. So early-stage companies, if you will. And we focus in North America, the United Kingdom, and Europe primarily with our investments, roughly split mostly in the U.S., 40 or so percent in Europe. And each of our funds has about 15 to 20 portfolio companies. We have a very experienced team—I think combined 30, 40 years-ish of investment experience. I personally spent 15 years at In-Q-Tel investing in deep tech, including AI and cyber. Plus, I have a group of technical experts and also folks with government expertise. So, people with expertise at the CIA, also colleagues from In-Q-Tel have come to help, one in AI and one in cyber. And in total, our team is seven dedicated to building businesses, investing in businesses, and helping them grow.
Kevin (06:50)
Excellent. Okay. Well, let’s get into the topic then. You kind of started at the top with a definition, but maybe go a little deeper on how do you define global resilience?
Mike Graninger (07:01)
We picked global resilience—resilience primarily—because it is the ability to operate at a high level in times of uncertainty, fragmentation, and change.
We purposely picked global because we felt that working with partners across the world with our allies is important to addressing the challenges of the next 10 to 15 to 20 years. And really coming through all that, we felt that AI adoption and cyber defense are foundational to the success of companies, governments, and even individuals.
And what I mean by that—you might say, well, why? Why is that? Why cyber and defense? And, you know, look, I think if I’m to boil it down, all of us can feel it all around us. There’s this massive uncertainty in the world right now. The world order, if you will, from business to trade, technology, and even political alliances—perspectives are fragmenting. I think if you were to encapsulate it, it’s Pax Americana’s frame.
And the rate of change in technology and the increasing capabilities we’re seeing of technology creates a lot of risk. But I think most importantly, it creates a lot of opportunity for investment. I give this speech a lot of times—people look at me and say, are you selling fear, uncertainty, and doubt? And the answer is, it sounds like it a bit, but I’m really not. I’m an optimist at heart.
And I really honestly believe this is the biggest opportunity to move forward—whether you’re a person, a company, a society as a whole—in my lifetime. And I think all this change has created an investment opportunity of a lifetime, which is why we focused on resilience. We feel like resilience is the key to success at this moment in time.
Kevin (08:36)
Yeah, let’s hang on that for a minute. Just the current state that there’s a lot of emphasis right now on natural resources. I was reading an article the other day. I thought it’s kind of interesting. Basically, paraphrasing that in the long run, nations don’t become rich by hoarding natural resources, I think the term is hoarding rocks. They become rich and safe by building habits that turn knowledge into production and production into strength. Knowledge is—if I’m reading correctly—what you’re focused on. You mentioned 9/11. It was solving a problem, identifying a problem and solving a problem. Natural resources are consumed one and done. Burn one barrel of oil and that’s it. Knowledge and ideas are reusable. They scale. Is that what you’re looking at generally in terms of global resilience and how you’re thinking about that? Or is it way off base?
Mike Graninger (09:30)
We have to take more of a focus than that. You’re basically going from the ground up, right? I think of it like this new stack is—you go all the way from power, resources, generation of power. Then you have chips and data centers, and then you have these LLM models. Where we’re really going to focus is at the application layer—how all these trillions of dollars of investments that are happening right now are going to focus into sort of the applied functionality of the future to exist in the world, right?
And I think what we’ve done is we’ve focused on a few topics in AI, themes in AI, if you will, that we’re going to focus on, and a few themes in cyber that we’re going to focus on that we feel are foundational and necessary here to roll out over the next five years. So we’re going to be a little more focused on that.
But you are—everything is changing. I think our thesis is everything is changing from the ground up, including the things that we pull out of the ground to build the new systems that we’re going to rely upon.
Kevin (10:24)
I think this is a great opportunity to talk more specifically about why applied AI, and why cybersecurity. Those are sort of the core of this theme. So why do you view these as enduring frontiers?
Mike Graninger (10:35)
Good question. So, I get a question a lot of times in different ways. is there an AI bubble? And many others. But fundamentally, to answer your question, the proof—trillions of dollars are being spent right now on the new technology stack. Just to simplify it, at the bottom you have the chips. You have the NVIDIAs of the world.
Right, basically a monopoly—not quite, but almost a monopoly. Then in the second part of the stack, you have the LLM models—just fabulous, new, advanced technology. It’s an oligopoly, five, six credible providers spending hundreds of billions of dollars to build out better models. And then at the top of the stack, you have applications—what I call the diffusion layer—which is where all of this new technology infrastructure—power, power plants, data centers—all of that’s applied at the application layer. This is what’s going to deliver useful technologies to the end users.
And when I look forward—if people ask me, a bubble or is this enduring—you know, I say all this investment is the base for all these new applications that are going to come over the next 10 years. And if I look 10 or 15 years forward, this will be sort of the new stack, the new way to work, the new way to compute. Where we’re going to focus is applied AI—how you apply that in the diffusion layer—so effectively driving things like accuracy and safety in complex workflows. And that’s where we’re going to focus on an investment thesis here going forward.
Kevin (11:56)
So there’s a lot of talk about those themes outside of Sands Capital—AI and cybersecurity—you hear AI bubble talk, that kind of thing. So how does Sands Capital differentiate its approach to finding ideas and investing in those businesses?
Mike Graninger (12:12)
Sure, it’s a good question. I’m sure everybody’s selling AI, and some are selling cyber.
Look, I think we do it in a few ways. Number one is focus. Obviously, we all—myself and my team—we have a lot of experience in AI investing over the last 20 years. Effectively, what we’re going to use is the experience, connections, other companies we’ve invested in over time to hone our focus on, I would say, about four different focus areas on the AI side.
The first being government and national security applications. Obviously, my background at In-Q-Tel for 15 years investing in similar things. Some of my colleagues also worked with me at In-Q-Tel and also at the CIA before. We’re going to focus on government and national security-type technology investments—effectively mission-critical technologies that are dual-use. You can use commercially or use for the government, where we have connections and sort of insight on what’s coming down the pipe.
And I think the belief case here for us is that—and there’s probably somewhere between 1,500 and 2,000 AI use cases across U.S. agencies right now that are active—and that’s not including defense and intel. I think those probably don’t get specific numbers on those—but I would guess that those are much higher than 1,600.
And so effectively, you’re seeing a reinvigoration of the old connections between CIA and Stanford Park that happened in the late ’60s, early ’70s and helped build the chip industry.
You’re going to see that again. So things like the government investing time, resources, money—early adoption—you’re sort of intervening with regulation where needed or getting rid of regulation where not needed. Having insight into that will be critical, and it gives us a really nice leg up to invest there, the intersection of government, national security, AI, and cyber.
The second is much more of a common theme. We’ve done a lot of this at our investments here, which is the enterprise. So, think of the cloud and SaaS market, $2.2 trillion-ish-a-year market.
It’s ripe for AI-era challengers. We talked a little bit about the new stack. Well, that new stack is going to affect everyone. I hate to say it, but you’re going to see some giant companies falter, and you’re going to see some brand-new companies take their place.
You’re already seeing evidence of that. I don’t know where we are in the lifecycle of deployment of AI, and some people might question how real it is. I don’t question that at all. I just look at some areas in the economy—like already since 2022, language translation and localization services, customer support and call centers, online learning and tutoring. If you look at some of the public companies in those areas, they’ve just been decimated over the last four years because AI is basically replacing them. And that will continue over time, and I think that’s soon to come for pretty much every sector in the economy based on what we’re seeing out of the capabilities of LLMs. So the enterprise is ripe. I think that’s where a lot of the money is going to go, and there’s going to be a lot of opportunities to invest in that space.
Third is enterprise robotics, the intersection of the physical and the digital. So how AI lets robots navigate the world, influence the world. We probably won’t be investing in or looking at the next generation of robotic arms, but really at the control systems that allow you to manage them in an automated fashion.
Then finally, we have a lot of expertise in the health care sector. And people say, how is that resilience? Well, look, I mean, I think they’re projecting $2.3 trillion of projected cost to administer U.S. health care by 2035. So, over the next 10 years, we’re going to grow to $2.3 trillion in spending in administration. So that’s just pushing paper. That doesn’t include doctors or care or medicine or hospitals, that’s just administration. I’ll say it again—that kind of number is what breaks a system. And AI really is the only way to control those costs and to make this something we can support.
And look, it’s ripe with regulation. The government is all over health care and so sort of understanding how government is going to interact makes us a great fit for investing in that space. So those four help us whittle down and really focus where we’re going to apply our time and money and give us a leg up on folks doing much more broad things.
Kevin (16:31)
How about cybersecurity? Is it as narrowly focused as AI?
Mike Graninger (16:35)
Yes, I thought you were going to ask that. Really, we’re going to focus on the problems that AI creates in cybersecurity defense.
If you look at the news, Microsoft here recently reported the first AI cyber espionage campaign. I think what they were saying in their report is 80% to 90% of the campaign was automated. This is to spy on countries and things like that, and it could be applied to companies, and it can be applied to people. And so that presents a rapidly expanding attack capability and is going to demand a rapidly expanding defense capability.
These AI-driven attacks are going to need a whole new cybersecurity playbook because AI supercharges the attacks, the attack barriers collapse, and the cost of delay goes up and up and up. And look, the government—the CIA, NSA—are going to be core in helping sort of test and deploy a lot of these technologies. So, our background there, our investment history there—we invest well there.
You know, it’s interesting. So, we’ve got four spaces. The first—I’m a movie buff—this is the space I say there is no fate but what we make, right? This is directly from The Terminator. Machines talking to machines, doing machine things at machine speed is the way I like to talk about it.
And when that happens, things happen so fast there’s no chance for human intervention in those spaces. Typically, when you think about cybersecurity, you think of digital SOCs—people sitting around a bunch of screens, monitoring things, doing things, fixing things. Well, when we have an autonomous digital workforce of agents, there’s no time to do that. And the danger of an attacker getting behind that system and sitting between those agents and being able to do things—the stakes are much higher. So our first focus area is on the autonomous digital workforce and how to protect it.
I think the second is securing the AI ecosystem, if you will. AI can be a black box, and protecting black boxes is difficult, especially when you don’t know exactly how they work or how they make decisions. So, focusing on technologies that can do that are important.
And then previously I mentioned people sitting in SOCs—AI-native security services. Right now, major budgets are split roughly 50-50, maybe slightly less than 50% on staffing. So when you think of cybersecurity budgets—JPMorgan, I think, spends $1 billion a year on it—and about half of that, just a little less than half of that, is on people. As threats grow, are you going to hire more people, or are you going to implement technology to better leverage the resources and people you have? So focusing on reducing the number of people in the process will be important also.
And then the final one is anti-fraud and financial crime. So, if you can hack somebody, the purpose for that a lot of times is just to steal money, and the ability to distinguish between human- versus machine-generated content is important, and fraud really scales with AI. So I think sort of anti-fraud and financial crime will be a place that we focus pretty heavily.
So those four areas are all very closely interrelated, very, very focused. Protecting our new AI systems is where we’ll focus in the cyber area going forward.
I think if you combine—deploy new intelligence to take advantage of the opportunity that’s in the world right now—that’s our AI thesis—and then secure that new technology—that’s our cyber thesis. They’re intertwined, they’re both foundational, which is why we put them both together.
Kevin (20:07)
Yeah. I mean, if you want to stay up at night, just kind of sticking on the idea of machines talking to machines and then all those threats encompassed in that—I don’t know if you’ve read it, but Mustafa Suleyman’s book The Coming Wave—it’s fascinating in that he talks about how machines will be ripping us off in ways that we would never—we’ll never be able to figure out as humans.
Mike Graninger (20:21)
Mm-hmm.
Kevin (20:31)
And they’ll be communicating with each other in language. There’s no reason why machines need to communicate in a language we could understand.
Mike Graninger (20:37)
Yeah, it’s the Superman III problem—you know, it’s the fractions of a cent. Nobody notices, and it adds up overtime. What little pieces do you shave off society? What can they do, right? And it might not even be malevolence. It might just be—they’ve deemed it the most efficient way to do something—but it disadvantages humans in some way. It’s a really interesting problem and one government and responsible AI is going to have to figure out.
Kevin (20:47)
You’re listening to Sands Capital’s What Matters Most podcast series. Subscribe wherever you get your podcasts to stay up to date on new episodes and join us as we explore the companies and ideas shaping our future.
Kevin (21:30)
So let’s dig a little bit deeper into the process, portfolio construction, the research that you’re doing. So when you’re evaluating applied AI and cybersecurity companies, what tells you that the business is truly building resilience?
Mike Graninger (21:30)
Yeah, it’s an interesting question, and I think it’s not an easy one to answer. I think that’s one of the things that has changed about the business. You asked me, how can we differentiate? How do we compete in the market? A lot of people are looking at similar companies. And the formula has changed.
And I think as early as three or four, five years ago, I could go out to Cambridge or Stanford, find a couple of doctoral candidates who had an interesting technical product that would fill a white space in a technical stack or solve a problem in a unique way. They raise some money, build out the technology, build a technology moat, hire some marketing people, go sell that technology, and win. And, you know, it sounds easy. It wasn’t.
To some extent, it has changed in that a lot of advanced technology, if you will, is now being embedded and developed inside the large LLMs. And so, the real differentiation that’s going to allow a company to win are the ancillary technologies built around the LLMs—how they access data, how they do that more quickly, and then very base-level things is how easy is it to integrate into an enterprise? How easy is it for an enterprise to adopt it?
Services, right? I think that’s why Palantir has been so successful, is they are very, very good at deploying advanced technologies in big organizations with lower touch from the organizations. They make it easy for their customers to adopt.
Which I think has become a much bigger opportunity if you do that well in the current marketplace. So how does a young AI company differentiate itself? How do we identify and find those? And it’s become more of an art than a science again, I think.
And so number one, what we’ve always done is find big markets, white space, opportunities. Are we replacing a product? Is this something new? Identify that, and then figure out the teams that are able to actually build something easy to use. Even though AI seems fairly easy, to actually deploy it and solve a business problem and trust it is a lot harder than you think. So effectively identifying those teams that can do that are super important.
And I say AI, but that’s even more important on the cybersecurity side. The cybersecurity world, if you will, the typical CISO—chief information security officer—is inundated with products. We even know some CISOs who potential vendors have called their mother to try to get in touch with them.
So it’s a very, very competitive marketplace. There’s a long line outside the CISO’s office trying to sell products. And how do you differentiate? Well, good technology—lots of people have that—but making it very easy to adopt and deploy and make sure it solves a very specific problem is super important. And so we work with our teams to not only vet the technology and what they can build, but also how they’re going to sell and deploy it. I think identifying that is critically important in this new market.
Kevin (25:24)
What excites you most right now?
Mike Graninger (25:52)
It’s all super exciting right now.
Not to be hyperbolic, but I really do believe—I’m an optimist at heart—and I do believe that while we’re going to have a lot of challenges over the next 10 years, we’re really at the beginning of a changing world. Just from a base level, as a person, as a company, you have at your fingertips the ability to do pretty much whatever you want. I mean, even if you’re a— you can go into Anthropic or something else and you can have it build an application. It might take a little time, but you could do every piece of information you want is at your fingertips.
The world is wide open, and it’s just waiting for young companies and young entrepreneurs with great ideas to go take advantage of it. I’ve never seen an area of opportunity like this before on the positive side. That’s the AI side. I guess the cyber is the balance of that because I guess the bad guys have access to these tools also.
But, you know, I think that we’re going to see just some amazing things over the next five years. And I think honestly, it’s a fantastic opportunity for investors to be at the forefront of this—to be early on the internet cycle, to be early on the cell phone cycle. To be early on this cycle is going to be just the same, if not better. And that is super exciting.
Kevin (27:05)
Great. Well, I think we’ll wrap it up from here. It clearly made a strong case for applied AI and cybersecurity, playing an increasingly central role in global resilience and did an excellent job defining global resilience. So, I think it’s clear that understanding how these technologies are deployed in the real world is critical to long-term growth investing and certainly critical to the way you’re doing it and at the stage of that growth that you’re investing in. So, thanks, Mike, for spending time with us—really interesting conversation.
Mike Graninger (27:35)
Thanks, man. Happy to do it.
Kevin (27:39)
As today’s conversation highlights, the strength of the systems we rely on ultimately comes down to the technology behind them. Applied AI and cybersecurity are playing an increasingly central role in global resilience and understanding how these technologies are deployed in the real world is critical to long-term growth investing.
Thanks for joining us. In future episodes of What Matters Most, we’ll dive deeper into specific companies building mission-critical technologies that improve reliability, security, and safety across essential systems.
Disclosure (28:10)
The views expressed are the opinion of Sands Capital and are not intended as a forecast, a guarantee of future results, investment recommendations, or an offer to buy or sell any securities. The views expressed are current as of the episode date and are subject to change. This material may contain forward-looking statements, which are subject to uncertainties outside of Sands Capital’s control. There is no guarantee that Sands Capital will meet its stated goals.
The companies identified represent a subset of current holdings in Sands Capital public and private equity strategies and were selected to illustrate the views expressed in the commentary. The specific securities identified do not represent all of the securities purchased, sold, or recommended for advisory clients. There is no assurance that any securities discussed will remain in the portfolio or that securities sold have not been repurchased. Mr. Graninger’s prior government work with In-Q-Tel informs his perspective; it does not imply privileged access to material nonpublic information or special regulatory treatment.
