This Week in Startups - Agentic AI Meets Cybersecurity + Solar Robots in the Desert | E2125
Episode Date: May 13, 2025Today’s show: Alex interviews founders from two frontier technologies reshaping our world. First, ZioSec is tackling the cybersecurity risks of AI agents with continuous adversarial testing before r...eal attacks happen. Then, Terabase shows how mobile robotic factories are transforming solar energy deployment, assembling massive solar farms directly in the desert. With AI scaling across enterprises and clean energy demand surging, these startups are building critical infrastructure for our future.Timestamps:(0:00) Introduction to the episode(0:53) Show Kickoff with Alex(1:15) ZioSec is Putting Agentic AI in Charge of Cybersecurity(9:41) Pilot - Visit https://www.pilot.com/twist and get $1,200 off your first year.(11:07)How Complex is ZioZec’s Testing?(19:48) Superpower - The best founders know: better health = better business. Visit http://superpower.com/twist to skip the waitlist.(21:01) ZioSec’s Vision for the Future(26:55) Terabase Wants to Transform How Solar is Built(30:00) Hubspot for Startups - Visit hubspot.com/startups and join the founders who are turning growth challenges into opportunities.(31:30) Is Solar Our AI Power Problem Savior?Subscribe to the TWiST500 newsletter: https://ticker.thisweekinstartups.comCheck out the TWIST500: https://www.twist500.comSubscribe to This Week in Startups on Apple: https://rb.gy/v19fcpLinks from episode:Check out ZioSec: https://ziosec.com/Check out Terabase: http://www.terabase.energyFollow Aaron:LinkedIn: https://www.linkedin.com/in/aaron-walls/X: https://x.com/aaron0wallsFollow Andruis:LinkedIn: https://www.linkedin.com/in/auseckas/Follow Terabase:X: https://x.com/terabaseenergy?lang=enFollow Lon:X: https://x.com/lonsFollow Alex:X: https://x.com/alexLinkedIn: https://www.linkedin.com/in/alexwilhelmFollow Jason:X: https://twitter.com/JasonLinkedIn: https://www.linkedin.com/in/jasoncalacanisThank you to our partners:(9:41) Pilot - Visit https://www.pilot.com/twist and get $1,200 off your first year.(19:48) Superpower - The best founders know: better health = better business. Visit http://superpower.com/twist to skip the waitlist.(30:00) Hubspot for Startups - Visit hubspot.com/startups and join the founders who are turning growth challenges into opportunities.Great TWIST interviews: Will Guidara, Eoghan McCabe, Steve Huffman, Brian Chesky, Bob Moesta, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarlandCheck out Jason’s suite of newsletters: https://substack.com/@calacanisFollow TWiST:Twitter: https://twitter.com/TWiStartupsYouTube: https://www.youtube.com/thisweekinInstagram: https://www.instagram.com/thisweekinstartupsTikTok: https://www.tiktok.com/@thisweekinstartupsSubstack: https://twistartups.substack.comSubscribe to the Founder University Podcast: https://www.youtube.com/@founderuniversity1916
Transcript
Discussion (0)
Coming up on Twist today, we're talking to some of the best founders out there in the world,
AI, solar, robotic factories, and also what happens if you take Agintic AI and bring it to the world of cybersecurity.
We've got a lot to talk about, friends. Let's go.
This weekend startups is brought to you by Pilot. Focus on your product. Let Pilot handle your bookkeeping.
Pilot provides the most reliable accounting, CFO and tax services for startups and small businesses.
Head to Pilot.com slash Twist and get $1,200 off your first year.
Superpower. The best founders know, better health equals better business.
Visit superpower.com slash Twist to join and skip the wait list.
And HubSpot for startups. Smart founders aren't piecing together random tools.
HubSpot is the customer platform that thousands of startups used to scale efficiently.
Get up to 75% off plus three months of perplexity AI for free.
Go to HubSpot.com slash startups.
Hey, everybody. Welcome back to Twist. This is Alex. I have two amazing interviews for you today.
the first one is with a company called ZOSEC.
And it touches on two things that I care a lot about.
One, cybersecurity and two, agenic AI, a term that I'm sure you've heard by now.
ZEOSEC wants to apply the latter to help with the former.
Yes, agent-driven cybersecurity, I love the idea.
I love talking to them.
You're going to love it too.
Then after that, Terabase, a company from the Twist 500 that wants to use robots on site
to build simply enormous solar panel fields.
If you've heard us talk about AI and the enormous power demands that come with it, well,
this interview touches on a lot of those themes.
And it's good fun.
Let's get started.
I'll see you on the flip.
On the show, you have heard us bang on about AI weekend, week out, day in, day out.
I'm sure you're very sick of it.
But one thing that I'm also very excited about is AI in a cybersecurity context, or perhaps
I should say, cybersecurity in an AI context.
The world now has digested AI models and is getting used to AI agents deploying them
across the enterprise and the consumer landscape.
But what that does is open up new security issues.
And there's one startup, Ziosac, that is working on Agentic AI security.
So I wanted to bring them on, talk to them, and learn more.
So please join me in welcoming Aaron Walls and Andreas Ushikas.
Hey, guys.
How's it going?
Hey, thanks for having us.
All right, so let's start absolutely up at the top, guys.
We're talking about agentic AI security.
Everyone's heard the phrase AI agents or agentic AI.
perhaps we should just start with some ground level here. How does your company define that concept?
AI agents are effectively an LLM that sits within a framework, right? You have a web application
that connects off to different tools and they do different things. It can be as simple as going to
open up an email program and sending an email on your behalf, all the way down to operating
something more local and physical within an environment, security systems, locking doors, unlocking
doors based on inputs, they have far, far-reaching applications. So LLMs are powerful, but LLM agents
are game-changing. Okay. And the reason why I think cybersecurity or security in general in an
agenic AI context matters is because the thing is doing its own activities. It's executing
on its own frameworks per se, but like it's still out there on its own. And that to me,
from the layperson's perspective, Aaron, really opens up a lot of worrying security issues.
Am I driving down the right road here?
You're exactly right.
And really what's happening is we have guardrails that are being developed by the model producers,
by the hyperscalers, but really the challenge when it comes to adopting these from an enterprise
standpoint, from a corporate governance standpoint, is we currently don't have very many good
ways of confirming that those guardrails are working properly.
I'm going to try some big words here.
Is that because AI models are inherently probabilistic instead of deterministic,
and therefore old methods of testing to see something is operating as it should,
don't exactly apply?
Effectively, yeah.
And I think Audress can actually go into a little bit more detail on that.
Absolutely.
So if you look at the models these days, they're not just models.
They're not just answering your questions anymore.
They're integrating with all these tools.
And they have all of these new protocols coming up, like model context protocol.
like MCP that allows you basically to call all of these tools in a standard way.
Now, that gives the model a lot of power, and there is not much validation and security for
that power.
So basically, you know, they can interact with the databases, they can interact with APIs,
and that opens not just new ways of hacking into the systems.
It also opens new ways to hacking into the systems using all the vulnerabilities.
So you can still, if you have a model, for example, that interacts with the systems,
the database, you can still use like all school vulnerabilities like SQL injection and basically
tell the model to execute the SQL ejection against the actual database and get the data that way
out of it.
Now, when would that come up?
Because when I think about AI agents, I think about someone instead of a corporation,
setting something up, setting some rules for it, and putting it to work, it's not something
that I thought you could do from the outside.
So when I think about someone who might want to do SQL injection, I'm thinking about an
external person who wants to get in there and cause mayhem, but my view of AI agents was always
that they're internally sourced. So, Andrews, what am I missing in this picture to make this
make sense? So not all agents are internally sourced. I mean, there are a lot of offerings
out there obviously that can, you know, call APIs to send an email, for example, like an assistant
agent or something like that. So that's an interaction that happens from the public perspective.
Ah, so Model Context Protocol allows for interaction with other data and other sources of information,
And so from them you could have, ah, okay, I understand.
Absolutely.
So just MCP is basically what the model calls in order to get the data out of the actual tool.
So it's just a way to talk to the actual tool.
But you mentioned the private models as well.
I mean, obviously, they're not exposed, but there's still an issue there.
But it's, you know, local user exploit availability.
So basically somebody could still do like horizontal privilege escalations,
vertical privilege escalations, and get data that they're not allowed to access to,
even if they're internal employee.
Okay, Aaron, if I understand this correctly, if I'm using an AI agent and I'm using
MCP, which is Anthropics new framework that everyone seems to really like and people are adopting,
to bring an information into my AI context, is there no built-in security there whatsoever?
It just brings stuff in and then, ha-zah, you can, the agent can use it because that seems,
even from my perspective, relatively insecure.
It's less that there's no built-in security and more that the fact that when you are bringing
this information and your attack surface is now expanded. And there are more things, there are more
links in the chain that could have a vulnerability exploited in it. So really, it's just a matter of,
well, we used to have something, you know, a Gen A.I that was all contained. And all we really
had to worry about was, can we make it give us, you know, an answer that is clean or preventive
from telling us how to make a bomb, whereas now we're really expanding out the different areas
of infiltration that can happen with the advent of NCP and A-to-A frameworks.
A-to-A is agent-to-A agent. It's the recent Google standard that allows agents to talk to one
another. So MCP connects to applications externally. A-2A is essentially an agent-a-hand-shake as far as I can
tell. Okay, so this actually now makes perfect sense to me. I was a little confused while you guys
we're choosing agentic AI as your focus area, but based on the last two minutes of conversation,
I now really get it. I guess my silly question, Aaron, is given how much the attack service is being
broadened here, why aren't we hearing more people talk about the cybersecurity risks of using
AI agents? Because based on what you guys just told me, it seems like a pretty glaring issue
for a product that seems to be gaining real enterprise market share and dollar share.
Right. And I think you hit something.
that's endemic to the cybersecurity market in general, is that a lot of the cyber defenses tend
to be chasing the problem. And the development of these secure services first has not really
been a thing we've done as an industry. A lot of what's going on now is we have these enterprises,
the development teams, who are building brilliant AI solutions and transforming the way these
companies are operating. And then you have governance committees within the organization. And then the
security team saying like, whoa, ho, ho, let's pump the brakes here and talk about, like, how do you
know what you have built is secure? And a lot of what the development team will say is like, well,
we are utilizing AWS bedrock. You know, we have the right guardrails in place, or we've trained
the model, or it has the correct permission sets. It's like, great. That's a great step one.
But what about the 67 other potential issues that are very well documented by the company,
the likes of OWASP as well as MITR, you know, they have gone forward and published an
incredible amount of information on where all of these holes could be.
So we have this.
Aaron, I'm going to just pause you to some acronyms here.
O WASP is the open worldwide application security project.
OASP is the acronym.
I missed the second one.
I'm not familiar with it.
Can you just explain that to the folks?
If you're a startup founder, you've got a million things that you're worrying about at this moment.
You know what you shouldn't worry about?
Your bookkeeping.
Your bookkeeping should be perfect.
And you should have a partner who makes sure it is so.
And that partner is Pilot.
It's the industry standard.
Pilot is the largest accounting firm out there built for startups.
They know how high the stakes are.
And that's why companies like Open AI, Scale AI and Air Table Table Table.
trust them with their books and have done so since day one. When you use pilot, you're going to get a
dedicated team for everything you're doing from booking to taxes. And now, you know, listen, if you need
that CFO level guidance, they're going to give you that. So you can stay focused on what matters,
building your team, building your product, and delighting your customers. You should not be stressing
over spreadsheets with your P&L and all this nonsense. You want accurate financials delivered on time every time
and you want to be compliant with your taxes. You don't want any last minute surprises. And when it's
time to raise your next round and you're scaling up. Pilot's CFO services team is going to help
you plan and grow with confidence. Startups that use Pilot tend to raise a bigger series B and a bigger
series C round than the average startup. Why? Because when you're buttoned up from the start,
everything gets easy. Focus on your product. Let Pilot handle your bookkeeping. This week in
startups, listeners get $1,200 off their first year. Just go to pilot.com slash twist. That's p-I-L-O-T.com
Yeah, so Miter and Miter Atlas in particular is this new framework for establishing where the specific holes are when it comes to these agent frameworks.
So Miter has a long history of providing intelligence and attack service management to the industry.
And they have this great Miter attack framework that has been used for the good part of the past.
decade. They've updated with the Mider Atlas framework, which is now focused on AI deployments.
Okay. Now, Andrews, I think I now understand why we need to secure AI agents more so than we are today.
Tell me why you guys have picked pen testing, offensive security, continuous testing.
Why is that the right approach to this issue as opposed to a different angle to start?
Well, first of all, pen test is my background. I've been doing pen testing now for 25 years.
Is that why you're on Linux today and you couldn't use QuickTime like everyone else who comes on the show?
That is why I'm on Linux, yes.
It's much easier to do testing from Linux environment than it is from a lot of other environments.
Why offensive?
Because again, validation is needed and the best validation is basically acting as an adversary.
So basically, you're the hacker in that case.
You get into that persona and you try to break into these systems.
LLM is advancing so much that you cannot just hire a pen test or,
once a year. That's usually industry standards. So if you're running like e-commerce environment
or something like that, you will hire and do a manual pen test once a year. But these environments
advancing so fast you need something that can do it on weekly basis or sometimes even daily
basis. That's why continuous pen testing. And again, you know, coming from this background,
we're not just aware of this new attack vectors like prompt injection and things like that.
We're also looking at all the old school stuff that we can do just through the LLM. So we're
using LLM not as, you know, all in one.
So to say we're using it as a way to get into the system and see just exactly how far
we can go, just like an actual attacker would do.
Okay.
And in most cases, when you run a pen test on a company that hasn't really worked on its
agentic AI security, what do you find?
Are they wide open, like a barn door to exploitation?
Or is their security okay, but just needs a little extra help?
It depends on the environment.
but these days were early in this game.
So we see a lot of issues like, you know, getting access to things like financial reports
and financial information and getting access to the user information that you're not
supposed to have and things like that.
Which could be a HIPAA violation, a GDPR violation, a breach of...
Is it a violation and so on and so forth, yes.
All the bad acronyms, essentially, will come and bite you.
Okay.
So, Aaron, I now understand the problem.
Why are you going about it this way?
I'm curious about the market itself because to me, we've been talking about A agents industry-wide
for like 18 months or so.
I presume that that's a little bit late.
But what I'm not clear on yet is just how far they've been rolled out inside of actual
enterprise-scale customers.
Basically, how much out there today is hype and how much out there is real use, driving
real need for what ZioSec is working on.
Well, so I think that is such an incredible question because we are at this point where
the interest and the from the executive team is there. They're pushing the organizations to deploy.
Their investors are asking, how are we adding AI to our workflows? How are we adding AI to our
products? So the momentum is going, but the challenge is the security teams don't have the tools
to fully evaluate and fully mitigate that risk. So they're pumping the break. So you see a lot
of talk about this, but if you talk to the organizations and you see how many agents have you
onboarded, we're talking two or three, maybe, right? We're not talking a lot. But so just to put
that number into context, how many agents do you think the average, I don't know, Fortune 50
company will have in say five years? Uh, thousands. They're going to have, they have basically
zero compared to what they're going to have down the road. You got it. And it's because of these
systemic issues that we're facing. The technology is new, kind of like you're saying,
probabilistic models, they can get things right most of the time, right? But it's not perfect. So a lot of
what we're trying to do with our testing or offensively testing, but we can also do things like
make sure that the model is giving the same answer, or at least within the same context of an
answer. And being able to report out that degree of granularity to the security team, the compliance
team, and the governance teams will then empower deployment of AI throughout the enterprise. Because
right now, that's the major holdback is they don't know what they don't know and they're
pulling back because the risks are huge to having an agent. You don't know how it works completely
have access to all of your critical internal company data. Yeah, that's what interns are for,
not agents. I mean, I joke, but it sounds like a real problem. But to me, it feels like
everyone who's currently trying to sell AI agents, be it Microsoft or Sierra or whomever,
should be piling capital into ZioSec because if you guys can solve this issue,
it could unlock an enormous explosion of adoption of agents that right now are sitting
somewhere between the C-suite and actual implementation. Is that fair?
That is exactly how we feel, yes.
All right, Microsoft, come on. You have a VC firm, cut the check.
My next question is, what's the curve going to look like here?
Clearly, there are still some issues that you guys are helping to sort out.
But when do we reach the actual agentic era, if you will?
I feel like we're not quite there yet, but we've been on the cusp of it for some time there.
Yeah.
And I think talking to a lot of the leaders in the industry, you know, the leader of Anthropic,
I mean, we've got, you know, Mark Bettyoff at Salesforce.
I mean, it's saying there's going to be over a billion agents, you know,
deployed within the next, what is it, six months, 12 months.
I think there's a lot of expectation about this,
but until we truly have those business cases
that work within the enterprise
and ones that are safe to deploy,
then it's going to be a matter of solving these problems
in order to get to that point.
I'm guessing six months is when we're really going to start
seeing the floodgates open.
Andrews, do you agree with that timeline,
six months until the floodgates open?
and the agents come and take over our lives and ruin our ability to have jobs?
I think it's optimistic.
But again, this industry is moving so fast that I can't really predict at this point.
I'm not even going to venture, I guess.
But, yeah, six months to two years.
Well, that's also fusion and a whole much of other things.
Okay, so we mentioned MCP from Anthropic.
We've talked about A2A from Google.
You guys wrote a post digging into kind of multi-agent systems.
And to me, like, there's going to come a time in which the idea,
of an agent that does multiple things,
like it's collapsed into chains of agents.
Does that make the security issue simpler or more complicated?
Way more complicated.
Because now these agents basically interact with each other
and they can talk to each other
and extract information from each other.
So it's not just testing one agent at that point.
You're basically testing an entire environment,
so to say, entire infrastructure.
Right.
And so that's where the idea of pen testing in an agenic context to me, Andrews, doesn't seem to be as effective because if you have so many agents constantly talking, is penetration testing the right way to go about it?
Or maybe I'm asking, what's the next step in securing agentic AI past pen testing?
Because it doesn't seem to cover every single problem that I could invent in my head that you might want to solve.
Yeah, but usually pen testing is not limited to single application.
Usually when you hire a pen tester, they will test an entire.
environment. They will even go to like LinkedIn and get the profiles and see, you know, what they can
hack into, who they can send spam emails to a phishing emails and get, you know, information that
way. It's the entire like holistic testing. And that's how the agent testing is going to become as
well. So eventually, the pen testing is not going to be this simple single agentic AI. It's going to be
an entire environment that you're going to be testing at the same time. Okay, founders, it's all about
efficiency and performance in your startup. But what about you? What about optimizing yourself? When is the
last time you got in there and said, how could I be better, stronger, faster, sleep better, diet,
exercise, mentally? All of that stuff gets skipped until now because there is a new product that I'm
using called Super Power. It's the ultimate health membership, specifically designed for founders,
but anybody can use it. It's built to keep high performers at peak performance.
You get full body testing across 100 plus biomarkers.
This is your organ health, your hormones, inflammation, and it gives you actionable data and
clear insights.
You track all of your KPIs in your startup.
Why not track these for yourself with superpower?
Visit superpower.com slash twist to claim your spot and unlock peak health today.
I can't say enough about self-directed health care, which I believe this is the foundation
of.
I've used a bunch of other services, and this is the best one I've ever used.
Better health equals better founder.
It's that simple, which equals better business.
Again, superpower.com slash quiz.
How long until we have AI agents doing pen testing for other AI agents?
And I'm not being facetious.
I'm actually curious.
Right now.
So our solution is based on AI testing AI.
It's not just one-off prompts, basically.
It can interrogate the other AI.
So we can basically tell our system, you have 10 turns, and you have to extract this information
from the other AI.
And it's our model doing that extraction.
So you guys are literally like the AI police.
Yeah, I guess.
It's a really interesting paradigm that we're moving into because, you know, police are for bad actors.
And AI itself can be trained to be bad actor or just the negligence of an AI can have bad
actor tendencies.
So we need to do the discovery of these tendencies and provide visibility.
into the org where it's needed the most and give them the ability to say, like, this,
you know, exposure here, like, yeah, maybe they didn't get the answer right all the time or
whatnot, but that's okay because it's customer service and we're only going to be getting
70% of those right anyways, even with humans. So, right, so it totally dependent on the application,
whereas let's say you're now dealing with loan processing and applications. Totally
different set of requirements. So I think, you know, saying like we're policing this is a really
interesting way, but these agents are, I think the right way to think about agents is they should be
treated much like humans in the organization. They are unpredictable, much the same way humans can
be unpredictable, but they are given jobs and they need to be evaluated on the work that they're doing.
And I think that's where we can play a critical role. Talk to me about the future, though. I think I have a
reasonable grip on pen testing in this context, but what's next for the company?
Well, I think the most interesting piece of this is the company where we're going now,
the people who understand this problem are on the security side of the equation.
That's their job.
That's what they've always been there for.
That's their function in the company is to secure the assets of the organization.
where I view us going is if we can expand that purview into the engineering side of the world too,
and allow the engineers to understand that code is not innately secure.
It's your job to secure this code.
And being able to lever a lot of these vibe coding assistants, you know, which are phenomenally powerful tools.
So fun.
The code that they're producing, not necessarily the most secure code.
And that's not any fault of the vibe coder or of the engineer.
It's just you're taking, again, probabilistic.
You took the average of 10 years of stack overflow, and that's what we're getting.
So now where we have this code that's being generated and we're not able to confirm out of the gate, is this stuff secure?
So I really see us moving in the direction of fitting within that model of code being produced by AI and then check by AI as well, but from an offensive perspective.
Okay.
Well, that sounds very exciting.
So it sounds like a future that's both very fast, very flexible, and also secure.
And that would be lovely because currently I feel like development isn't any of those things.
So that sounds like a much better future.
All right. Last question before we go is just how are you guys doing on landing first customers going out to the market?
How are those conversations going when the rubber meets the actual enterprise road?
It's going great. We've had a lot of really great conversations with design partners as well as companies that are really just starting to get a sense of the new landscape.
and we've been able to identify certain companies that style, right?
Who is our ICP?
And they tend to skew larger, they tend to skew towards finance,
they tend to skew towards those critical regulatory environments
because that's the kind of company that truly understands
that the problem is there and they have to deal with it
because they've been working in these frameworks forever.
And we're also partnering with a couple of hyperscalers, which is incredibly exciting.
And being able to offer innately our services if you are, you know, signed up with this particular hyper scaler.
Well, there's only so many.
There are only so many.
Blink twice if it's Azure.
Blink three times if it's Google or four times if it's AWS.
No, no things at all.
All right, fine.
Well, actually, I was just thinking that it'd be a really smooth way to sell this if you had a partner like Sierra, which builds AI agents and just kind of work with them as like a preferred essentially software vendor.
And then you could probably just grow alongside some of these other companies that are doing well.
But I think going the hyperskiller routes even better than that.
All right, the website is zio sec.com.
Just before we go, what is a role you guys are hiring for where you desperately want that excellent candidate?
Andrews, you want to take it?
Yeah, so at this point we're looking for security analysts, especially ones that have been doing
testing in this space.
There are not many of them.
So those kind of people that we need, we're also looking for a couple of full-stack engineers,
particularly with the expertise in Rust and TypeScript on the Fonta.
All right.
Well, guys, thank you very much.
When you have those first couple of enterprise customers, please come back and tell me all about
them and we can wrap on about business models.
But in the meantime, good luck.
And here's to our agentic future.
Thank you.
Thank you.
I hope you're ready for us to stop saying AI every third word for the back half of this show.
But if you're curious about where all those GPUs are going to get their juice,
well, look up to the sky and then say the word,
Haribase out loud.
Let's go.
If you are a longtime listener of the show, you have heard Jason and I bang on ad nauseum about AI
and the enormous, enormous energy inputs that doing all that number crunching is going to
take.
Now, some people think we need to bring back nuclear, cool by me.
Some people think that fusion is closer to a commercial viability than other people do.
Cool.
But one thing we do have today is a whole lot of sunlight and we have amazing technology,
we as humans, to capture that energy and turn it into juice,
juice that can power data centers, homes, whatever you want to call it.
Now, we all know this exists.
Why isn't everywhere?
Well, there are some labor issues, some supply issues,
but there's one company called Terabase that is doing excellent work to try to bring
mass scale solar to the world using automation out there in the field.
I wanted to learn more.
I added them to the Twist 500, so please join me in welcoming Matt Campbell from Terra Base.
Matt, hey, how you doing?
Great.
How you doing?
I'm doing pretty good because when I was prepping for our chat today, I was surprised at just the scale of progress in installing solar power in the United States.
The narrative out there is that it's all happening in China and that we are infinitely far behind.
But according to the Solar Energy Industry Association, 2004 report, we installed 50 gigawatts here in the United States of solar power last year, which is more than I expected.
And I thought rather encouraging.
So from a high level perspective, are we doing okay at overall solar install here in the States?
Fantastic. Yeah. I mean, I think like you said, 2024 was a banner year. I forget the exact stat, but it's like more than 80% of the new generation in the U.S. was solar.
66%.
Oh, 66.
Okay.
But still, I mean, it's a huge percentage of the new energy coming online, and I think it bodes well for what's ahead.
So, Terabase is a company that melds software, both for planning and operations.
And then in the middle, there is an element called TerraFab that helps you guys.
As far as I can tell, construct solar panels out in the field.
For folks who are not familiar with Teribase, can you just walk me through the product mix really quick?
Sure.
Yeah, so TerraVase is focused on, and let me just start explaining the utility scale solar market.
So these are giant solar power plants out in remote areas that span thousands or tens of thousands of acres.
And so 100 megawatt to multi-degawatt type sites.
And so what we do at TerraVase is we build digital and automation tools to design, build, and operate these giant projects more efficient.
So there's three parts to this.
There's the engineering work that goes in before boots are on the ground.
Then there's the construction element of this, which is tariffab, which I want to start with.
And then at the end, there's stuff to help run the solar farms.
So it does seem kind of like a vertically integrated company.
Is that a fair estimation?
All right.
Everyone knows that CRM isn't just software.
It's basically the heartbeat of your business.
But it can get ugly quick if your data isn't organized and you're dealing with a messy tech stack.
That's why I love HubSpot for startups.
It's the all-in-one customer platform, so you don't need a frankincide of fools.
No.
Right now, early-stage companies are going to get 75% off.
And with this one system, you're going to automate marketing and actually converts,
track your sales pipeline without spreadsheet chaos, and you're going to manage your customers
like the Amman Hotel, six stars all the way.
You're going to get investor-ready analytics that tell your story perfectly.
And, man, when you pull up HubSpotep.
and you got those metrics, you got those analytics,
things are going to go really faster for you as a startup
with potential investors.
Plus, you're plugged into an amazing community of founders
who've already tackled what's ahead.
They've been around those sharp turns
and they can tell you how to navigate them.
HubSpot was built by scrappy founders.
I know them.
And they understand every dollar counts.
That's why hundreds, thousands of startups trust HubSpot
to scale their businesses.
Here's an amazing call to action,
so generous from my friends.
that HubSpot, 75% off.
That's right.
75.
Not 7% off, not 5% off,
75% off.
HubSpot for startups.
You're going to get three months
of perplexity AI for free.
That's a great pot sweetener.
Head to HubSpot.com slash startup.
Yeah, it's sort of like a synthetic
vertical integration through a software platform.
Yeah.
Synthetic.
Why synthetic?
Just because it's digital?
Well, because a true vertical integration,
you would actually be the developer
and the contractor and the operator.
And it's just the software is doing those functions,
but we ourselves aren't playing those roles in the value chain.
Okay, so back in late 2023,
you guys were talking about the successful completion
of your first commercial TerraFab project.
That was, I believe, 17 megawatts,
so a portion of a larger project.
And then in late 2024,
you wrote on LinkedIn that you were wrapping up
your latest TerraFab project.
So I'm really curious,
How many projects has Terra Base been involved with that have used kind of its soup to nuts software planning through construction through operation software size project?
Yeah, so we've been involved in dozens of projects around the world.
And then, as you mentioned, like the big thing called TerraFab, which is the system which robotically automates the construction.
So we've completed three of those projects.
Today, actually, we started our fourth.
So, good coincidence with this chat.
And then in two weeks, we'll start a fifth project.
And we're kind of at this point of graduating from sort of mid-scale commercial pilots to be like sort of large-scale deployments, you know, in sort of the hundreds of megawatts.
Is that why you guys raised the very large $130 million round from Vision Fund 2 in March?
you're moving from the pilotish stage to the kind of enormous project stage.
And so more capital, more capacity is just useful for the stage of the business.
Exactly.
Yeah.
I know the capital is really to help fund the growth inflection for the company, but also
to accelerate our investments in robotics, software, AI.
And really, you know, how can we, because the market is there, the need is there, the value is
there, but we want to go faster. And so with more capital, we're able to do that.
All right. Let's talk about Terra Fab, because I've seen drone clips of this and we're going
to play one in just a minute. But I think it might help people if you just explain what kind of
in situ or on-site manufacturing you're doing with this process and kind of what you bring on to
site and then what you put together for actual installation. Basically, the problem statement is
we want to find a way to automate construction of solar plants.
Now, no construction industry has really been automated yet, right?
Like, this is Greenfield.
And the nice thing about solar is it tends to be a very repetitive type of install,
you know, row after row after row after row.
And so it kind of lends itself to more of an industrial automation approach to construction.
Now, there's a lot of ways you could imagine to do the automation with, you know,
humanoid robots or other types of robotics.
But the approach that we've chosen is an honest.
on-site prefab facility.
So if you're familiar with prefab as a concept, it's like pre-assembling things to enable rapid
deployment.
And in our analysis, we concluded that doing an on-site prefab facility called TerraFab was the way
to affect automation, as opposed to off-site, because these projects are super remote.
So if you prefab off-site, you'll have too many trucks going out to the site.
Okay.
Tell me about remoteness here, because like I've, I don't know,
I was in Boy Scouts. I've been out in the Sticks. But I'm curious, like, how far off the
beaten path are we talking about when you say remote? Because that could be two miles out of town,
or that could be 500 miles out of town. I'm not sure the scale here. Well, first you head out to the
sticks. And then you keep going for another six hours. Got it. Okay. So pretty remote, generally,
you know, because that's where you find the big pieces of land and the sun. And so generally,
at least a couple hours from a major city,
but sometimes it could be even days from a major city.
Before we get back to the prefab point,
I have a question about a transference of electricity
because I read back in the day that taking a lot of juice
and throwing it through copper cables over a long distance
is a lossy, that you lose some of the power generation.
I've also read that that's gotten better.
So I'm kind of curious, if you are five, six,
10, 12 hours out of a city by car,
and the power needs to get to a, let's just say, major urban center, how much do you lose in
transference?
Yeah, it depends, but it's not as much as you might think.
I mean, it could be 6%, 8%, 9%.
Again, it's a function of distance and voltage.
But there's already transmission in general is a constraint on the industry, but there's a lot
of examples.
Like there's a high voltage line that goes from Arizona to California, and it passes through a lot
a desert where you can do solar. So those pathways exist. And of course, we need more of that
capacity, the more solar we want to do. Got it. Okay, back to prefab. Your point is that if you do
the prefab on site, you limit the total number of trucks that are coming in. I presume because
that's the parts you're going to assemble on site are much more compact before they're put together.
Exactly. Exactly. So what we do is we come to the site. We have a pop-up factory. So, you know,
think of it as a 200-foot-long assembly line. You can set it up in four hours. It could produce a megawatt
in eight hours. So, of course, in the solar business, everything's a megawatt or a kilowatt or a gigawatt or a
kilowatt or a kilowatt. And so that's our unit of production. And then you build a section of the
plant, and then you pick it up and you move it, and you build the next section. And you sort of go around
until the farm is completed.
Oh, so you actually move the TerraFab facility itself.
You don't just plop it in one place and then export.
Oh, okay.
I guess if you're doing, as you said earlier, acres of coverage,
you want to reduce the amount of travel time after prefab.
Okay.
Now, once Terabase is taking in materials and components and done the prefab,
you're still using humans to take those solar panel arrays and installing.
And because after your first terrified project, you said that you guys, quote, demonstrated labor
productivity improvements of 25%.
And so I read that as humans still in the loop, but just more efficient.
Is that correct?
That's right.
Yeah.
Yeah.
And I think in the field of automating construction, humans are going to be in the loop for a very
long time.
And so humans and robots and machines have to work together.
But yeah, definitely there's a lot of tasks that humans are best suited for, especially
fine motor activities and other things. So it's a combination of our robotics along with
workers. So my question about your overall goal is, is the goal of Terra Base to speed up the pace
at which we can build out domestic solar capacity? Or is it to lower the costs thereof?
Because I feel like you can make the argument either way for what kind of the North Star is for
the business. But I'm curious from your end, what gets you out of bed in the morning when it comes to
improving our kind of grid health via more solar?
Yeah, I mean, I think it's speed is certainly critical.
Like the world needs to build more solar faster.
And labor is a constraint everywhere.
It doesn't matter if you're in, even in India where you think there'd be no labor
constraint, there are labor constraints, especially at the scale, you know, the name of
the company's Terra, like Terawat.
At the terawatt scale, you really think about these scaling limits that you run into and people
is a big part of it.
So faster is certainly one thing.
Cost is always center.
Quality is a big thing.
You know, we're building assets that need to operate with little maintenance for 40 or 50 years.
So you want to build them with the highest possible quality so that they last.
For 40 or 50 years, it's a much longer time frame that I would think we would have for in the field solar installs.
And this may just be my sectoral ignorance speaking out.
But when I think about things left outside after five years, they tend to look a little worn.
And after 15, I mean, my lord, 50, what about hail?
What about dust?
I mean, it seems like solar would struggle to last for that many decades.
So what am I missing here, Matt?
Well, I mean, most power plants, whether it's hydro like Hoover Dam or a coal plant, most of them are operated for decades, three decades,
support, even the nuclear power plants. I mean, so there's no, like, intrinsic reason it can't last
long. I mean, you have to think about things like UV degradation, but like steel and concrete
and cables, they last a long time. And then the panel has to just be engineered for that
duration. And so I think, you know, a 30-year life for the panel, 34 years, totally realistic.
probably what's going to happen in practice is the panels will be replaced
because in 20 years there'll be a panel that's twice as good and half the cost
and you just go in and you swap out the panels.
But once you've done all the work to set up the actual,
I call them solar farms.
I think you're calling them solar power plants,
you can take off the cells and replace them and you can leave the underlying
foundations in place.
Okay.
Yeah.
And that's been gone in the wind.
Like Hoover Dam,
the turbines generating electricity, you know, had been replaced multiple times with more modern,
more efficient, but the concrete Dan is the same.
I mean, I hope so. No one told me they replaced it.
On the point you just made about solar getting, you know, better and the pace at which we've
seen improvements in efficiency in terms of capturing, you know, what share of the solar
rays that are coming down and converted them into power, it's been insane to watch the cost
curve of the solar industry. I guess maybe the question.
How much more efficiency is there to be squeezed out of actual solar cells in the next five
or 10 years? Is it going to continue to be impressive or have we reached a point in which improvements
are going to be a little bit more incremental?
You know, for the current generation of technology, we're definitely at the point of incrementalism.
The cost is extremely low in most countries. And the performance for silicon, which is the predominant
type of solar cell is at the limit of kind of what you can achieve. There are some next-gen
semiconductor compounds. There's a whole family called perovskites that would, you know, today we're
at like 22% efficiency. So you convert 22% of the sun's energy into electricity. Clearly,
you know, we can get to 35, 40%. That takes the step change. Now, how long that will take is
is a question.
I would guess it's going to be
about 10 years to get there.
That's not bad.
Yeah,
no.
From 22 to 40% in 10 years?
My Lord,
that's crazy good,
actually,
now that I think about it,
that would make solar even,
I mean,
everyone,
I think,
believes that thermal power production
via burning coal is going to
eventually fade away.
And I think a great way to do that
would be doubling the efficiency
of solar panels.
I mean,
that would be,
oh,
that would be crazy.
Okay.
Well,
that all feels,
that all feels pretty good.
I presume that for your future terawatt installs of solar, there's going to be a storage component
to it. But when I was just going through kind of all the tarabase products and history,
I didn't really see a lot about storage. And so I'm kind of curious, do you guys team up
with other companies to handle the storage site? Is that always done by the customer themselves?
And so not your business. How does that play into your planning and processing?
Yeah, I mean, we definitely work closely with the storage companies and we're building some software
that manages the interaction between the solar farm and the grid and charging the batteries.
So sort of the control level system.
I mean, storage at this point is, I mean, in a way, it's a prefab system.
So they show up in these containers and it's sort of plug and play.
So it's like minimal work that's required on site.
The stack here is getting exciting because you guys have software to help design solar power plants.
You have software terrain pro to help people sort out how to actually set them up on hills and so forth.
Actually, if you have a second, you're watching this, you're listening to it.
Look up Terabase and look up their software for Terrain Pro.
The graphics are pretty cool.
Then you have construction and then you also have stuff to help run it.
If other people have plug-in-play storage, it really does feel like the barrier to building out a solar power plant is just capital and time now, but there's no like tech risk or vendor risk.
It feels solved in a really positive way.
Is that fair amount?
Yeah.
No, I mean, solar is super well established.
I mean, you know, globally, the market last year was, I mean, we don't have a precise
number yet, but it's probably about five, six hundred gigawatt.
I mean, that's, which is unbelievable.
I mean, when I started in the industry, it was a gigawatt a year.
Oh, okay.
That helps a lot of me.
Explain the differential.
I was just, my face in disappointment there was realizing that our all-time record-breaking
year brought us up to less than 10% of the global total last year. This is an unfair question,
but I have you here, so why not? What percentage of that should we be targeting? Like,
25%. I mean, clearly, we're a big nation. We have a lot of places that have a lot of sun.
So to me, I feel like there's no reason why we shouldn't be at the absolute tip of the spear when it
comes to solar installation at the national level. Yeah, I mean, I think that the U.S. should
get to the point of doing a couple hundred gigs a year. Now, now, a couple things have to happen
because I think within the existing sort of framework, 50, 60 gigs is probably about the right
number. And when I say existing framework, I mean, the existing transmission system,
building solar projects, most of which now include batteries and connected to the grid in Texas
or California, Arizona, or wherever. But the future, and this is sort of where there's an
interesting convergence with data centers, which is in the future, we can get off the grid.
It's actually an interesting because solar started as an off-the-grid thing, like people would use
it in remote areas to get power. And we see it going full circle because at the point that
you've got other forms of backup in the form of batteries or maybe some gas backup or something,
you can pull the plug. And all you need into the data center is a fiber optic cable.
and you don't need to connect yourself to the electrical system.
And at that point, there's no constraint.
I could build five gigs.
I could build 10 gigs.
So there's an interesting, and we see this all over the world where people are looking at, you know, getting to the point of cutting the cord and doing multi-gigawatt systems on a standalone basis.
We call it an island basis.
That's awesome.
But just because I have no idea the answer to this, what would that cost?
Let's say that I wanted to do, I don't know, a one-gigawatt install as an island to use your parlance.
How much capital?
So in the United States, if it was just solar, it's about a dollar a watt.
So a gigawatts about a billion bucks.
Now, if you go to other parts of the world, it's a lot cheaper.
So there was a project announced in January this year in the UAE.
This is a really important one to track.
So this one has got 5.2 gigawatts of solar.
It has a 19 gigawatt hour battery, which is gigantic.
and then it has one gigawatt of 24-7 solar as the output.
So basically the math is you've built five times as much solar as you need,
and you put a big battery so that you can charge the battery and then at night,
and then you get 24-7 power.
And the total cost of that project is about six, I think it's about $6 billion.
Okay.
But if you compare that, if I built a one gigawatt 24-7 nuclear power plant, you know,
best case would probably be 15 or 20 billion.
And 15 or 20 years, if we're lucky.
Or 20 years.
I mean, you could build this in a year.
I mean, the economics are there.
And then part of the gap that we see is the construction part of the deployment is stubbornly expensive,
which is why we want to apply digital and automation because you say, well, to really unleash
the potential, I want to cut the cost in half again.
Is that what TerraFab V2 is going to be?
Does it increase throughput, making is more efficient, and introduce cost savings?
Yeah, yeah.
So our next gen TerraFab that's coming out this summer, you know, it's going to be,
you know, fully automated system.
It's going to be twice the speed is the current generation.
Okay.
A lot of other unique capabilities.
And it's really kind of setting the foundation to give.
to this lower cost faster deployment world. I kind of think of SpaceX as sort of an inspiration for me
where, you know, they have to start by building a rocket to get to orbit, and then they got to a reusable
rocket, and then they could launch Starlink, and then they could eventually they'll get to Mars,
right? So, you know, we know where Mars is for the solar industry, but to get to Mars, we've got to do
like a hundred things.
And so part of that is getting the automation with the
TerraFab V2 and then building in more automation and more software and more AI to get
to this sort of entitled future state.
We've talked a lot about growth, bigger projects, more TerraFab, Terrafab V2,
that huge $130 million round.
How much is the company going to grow this year, do you hope?
And then also, can I put you on the 2006 IPO calendar?
Well, 2026.
It might be a little soon, but...
Okay.
2027?
All right.
Don't worry.
Yeah.
You know, I was fortunate to ring the bell on NASDAQ when Sunpower went public a long time ago.
And, you know, we hope to get there someday.
So, you know, right now we're just focused on building an awesome tech platform and a great business.
You know, and we're also, I should say, active globally.
So U.S. is an important market.
but Australia, Europe, other Middle East, those are markets.
We're kind of at that classical inflection point as most tech companies go through.
So 100% growth this year?
What's the target?
Oh, I'm sorry.
Yeah, yeah, we'll double year over year.
Okay.
And if folks want to learn more, terra base.
Energy, and we ask every founder of the following question, what's a role you're
having a hard time hiring for?
Just we can shout that out into the ether and maybe it'll bounce back.
we're always looking for awesome
programmers and
roboticists.
And if you want to
we've got lots of openings.
And if you want to help secure essentially
a less carbon full future,
go check out terrabase.
Energy.
I think this company rocks.
Let's light up the planet.
Thanks, Matt.
Thanks.
I've been doing this job
for roughly 10,000 years
and it never,
ever, ever,
ever gets boring,
talking defenders.
Every single time I do it,
I leave with more energy
than I came in.
It's just an absolute treat, especially when I get to talk to people building such cool stuff.
So shout out to both the companies today.
And if you are excited about more interviews like this, well, just go to twist500.com,
where you'll find a list of more than 300 of what we think are the best companies in the world.
More interviews coming.
We're taping all the time.
So expect more goodies in your feed soon.
This is Alex.
This is Twist.
I think you're the best.
And we'll talk to you soon.
Bye.