David Ulevitch is General Partner at Andreessen Horowitz, where he leads the American Dynamism practice. In this capacity, he focuses on investments relating to American interests in categories like aerospace, national security, and logistics. His notable investments have included Anduril, Radiant, and Erebor Bank. An early internet entrepreneur, he developed a specialization in Domain Name System (DNS), the internet’s “phone book,” which translates legible website names into numerical IP addresses. His first company, EasyDNS, was sold to Dyn in 2010. In 2005, Ulevitch founded OpenDNS, serving as CEO for ten years before it was acquired by Cisco for $635 million in 2015. Afterwards, he was General Manager of Cisco Security, a $2.4 billion annual revenue business with over 5,000 team members.

I sat down with David to discuss his early entrepreneurial career, the rapidly evolving defense technology sector, and Silicon Valley’s shifting investment landscape. What follows is a transcript of our conversation.

CB: The period in which you started your career — the late 1990s and early 2000s — must have been very exciting with the tailwinds of the dot-com boom. What was it like to be an internet entrepreneur at that time?

DU: I was very lucky that I started working early. I’ve had a 1099 or a W-2 every year since the eighth grade. I started working for people that were some of the early internet networking pioneers — people who popularized this idea of peering on the internet, which is where networks come together and exchange traffic. I learned a lot about routing, networking, Unix, Perl, programming, all these things that really gave me a strong foundation for how the internet worked. But also a philosophy of people having access to more information, people being able to build and create solutions to problems, people having an engineering mindset. I think the internet was the first time in my life where I felt like, if you had an idea, you could make it a reality. It’s similar now with AI, where, for people that are not technical, all they need now is an idea and the agency, and they can turn an idea into reality. The internet was the first time in my life I had that same feeling, that if you wanted to learn something, you could find information and learn it. If you wanted to put something out there for other people to learn about, you could publish it on the internet. It was a very exciting time for me, and it really paved the way for the rest of my career. I was very lucky to get exposure to that from 14 or 15 years old.

CB: Tell me about DNS. It’s Domain Name System, right? That’s the acronym? So what exactly is it, and how did you come to specialize in it?

DU: The DNS is the system that connects names to numbers on the internet, like a glorified phone book, but it’s the only truly distributed system we have on the internet. It’s very distributed. People can publish their own DNS records. Every country gets to sign their own country code, top-level domain. I loved it because it was very loosely coordinated. DNS only works through agreement. There’s no government that runs DNS. There’s no multinational government. There’s no UN or WTO for DNS. It really only works through coordinated agreement. I really fell in love with that aspect of it. It felt very apolitical, but it’s this fundamental infrastructure layer of the internet — that without DNS, there would be no way to find resources, to find things on the internet. Nobody’s going to navigate by IP address. It just also felt like such a fundamental technology — there had to be a lot of room for improvement and innovation.

Before I started OpenDNS, the most popular DNS server on the internet was something called BIND, which was notorious for also being one of the least secure pieces of software on the internet ever published and widely used. It constantly had security vulnerabilities, constantly had exploits. It was written at a time when people didn’t really care about security on the internet, and nobody actually wrote a better version of it, until I came around. Now there’re a lot of robust implementations of DNS, but I basically decided to create a DNS service that would be much faster, much more secure, much more reliable, much more robust, and really, designed for scaling to the modern internet. DNS is just this foundational component of technology that powers the internet.

There’s another one out there called BGP. I didn’t want to create a BGP company, but DNS is one that we all use. It’s a constant source of headaches on the internet, and I just felt like it could be much better. In 2004 I moved to the Bay Area, and in 2005 I started OpenDNS to build a better DNS. And by the time we sold it in 2015, the whole internet networking world had woken up to the idea that DNS could be much more secure. Fast forward another 10 years — there’s a ton of really robust and secure DNS implementations. But at the time, OpenDNS was really revolutionary.

CB: Could you walk me through the process of — over the course of 10 years — building a company that you end up exiting for over $600 million?

DU: People always think these things are overnight successes. My overnight success took 10 years, and people forget that it’s really a hard journey. The path to success is non-linear. We started out as a consumer company trying to sell a cybersecurity service to consumers, but it turns out that while we built a great product, consumers would rather go buy a $5 Starbucks than pay $5 a month for cybersecurity. They really just don’t put a value and premium on cybersecurity. They do once they’ve been breached or compromised — then they value it — but they don’t value it ahead of time. Five years into the business, we were really struggling. We had lots and lots of users. We had a free service that was very successful, but we really had trouble making money. So in 2010, five years after we started the company, we did a complete hard pivot on the business and really shifted to the enterprise. We kept the same product, kept the same service. In fact, we had realized at some point that a lot of enterprises were using our service but just not paying us, and so we just started offering more and more enterprise features: better reporting, better access and account control and account management, better security controls. Then the business really took off. But it really took us five years to pivot into that business. We never would have gotten there if we hadn’t started with the consumer business, because we leveraged all the data we learned and all the data we’d collected to do our security research. It really does take a long time, and that experience set me up probably better than anything to be an investor and even to understand the journey that entrepreneurs go through. You’re not going to have every quarter be better than the last one. You’re going to get punched in the face, you’re going to have all these things that happen to you — but if you believe in your mission and the product, and you have a good team, and ideally, you have investors willing to stay with you and support you, you can ultimately build a great company.

CB: How have the upheavals of the last couple of years impacted the cybersecurity sector?

DU: It’s a really exciting time to be refocusing on cybersecurity. I took a break from it on the investing side for my first five or six years at the firm. One of the issues with cybersecurity has always been its asymmetric nature, meaning that the attackers have unlimited tries. It costs them nothing to try to attack you. They only need to be successful once to have a breach. On the cyber defense side, you need to constantly protect against every way in. You need to constantly pay for the best talent, the best solutions, the best tools. Most organizations fall below that cybersecurity poverty line — they can’t afford the best people, and can’t afford the best tools, and have difficulty deploying and managing those things. AI finally gives the defenders a better fighting chance and really helps to level the playing field against that asymmetric dynamic. With AI agents and tools and continuous monitoring and continuous vulnerability assessment and all these capabilities, you can have much more robust defenses, much more robust network visibility and controls, see what’s actually happening, and better manage your access control on firewalls. AI allows you to get the benefits of the best intelligence when it comes to cybersecurity, as well as to have much more capability on the offensive side. It’s an exciting time, because companies are starting now that really give all organizations — not just the ones who can afford to spend an unlimited amount of money on cybersecurity — the ability to have a fighting chance against adversaries. That required a technological step-function change to happen, and AI has given it to us. For the last 10 years, cybersecurity on the defense side has been very challenging, and now I think it’s really a new era to really rebalance the scales.

CB: You also have these emerging quantum technologies. How do they interact with cybersecurity?

DU: For us, from an investment standpoint, quantum still presents as a research effort — but one worth pursuing. If it happens and if it works, a lot of what we take for granted around encryption and encryption capabilities may end up turning out to not be as secure as we thought. So it’s important research to be doing. We haven’t focused on it from the investment side, mostly because we think it’s still too early to be commercially viable. But once quantum unlocks that, it really changes the way people think about encryption, about encrypting data on the network, and about information security. In theory, if a working quantum computer really exists and has enough capability, it will be able to break a lot of the common encryption used today.

CB: What would need to happen, from an investor’s perspective, for quantum to become viable?

DU: I’m not an expert in that. It mostly still feels like a science project — It’s hard for us to follow. What I find is that even the most advanced technologies, when they’re real, they’re not that hard to explain. Take nuclear fission, for example. We know how nuclear fission works. We know how fission reactors work. We have a lot of them. They’ve existed for seventy years. It’s very complicated, but not that complicated, right?

CB: Where do you see the greatest upside in the defense sector?

DU: There’s no shortage of opportunities right now as we think about how to reinvigorate and rebuild the defense industrial base – as folks in the Department of War say, rebuild the arsenal of freedom. We are at this technology watershed moment where we now have the ability to do commodity manufacturing of low-cost and atrittable systems. Low-cost drones, low-cost missiles, and things like that. We have now seen people shift from building larger and larger systems to building smaller, more agile, and more expendable systems.

We also have this technology watershed moment with computer vision and autonomy and electronic warfare, where we can now send small systems out autonomously to acquire the target and try to intercept or attack it without any human intervention. Even without radio communication in an electronically contested environment or an RF-contested environment. Because we have those capabilities, we’re seeing rapid innovation — and because we’ve had the benefit of learning from recent conflicts. We see what that looks like in Ukraine. We see what that looks like in the Middle East and the Iran war. Things like Shahed drones were not part of the calculus of what people thought the fight of the future was going to look like. But they are clearly part of the calculus now, with entire regions GPS-denied, or denied other positioning systems. You need other ways of finding your position and figuring out where you want to go. Because of all these things, we’ve rapidly seen innovation in the software side of the defense industrial base — the small, credible systems side of the defense industrial base, and the autonomy side. All of that creates opportunities that are, I would say, upstream of those products. Upstream is one word for it.

Another way I usually talk about it is shifting left. What are all the things you need to make drones, to make autonomous systems? You need computers and guidance systems. You need low-cost motors — motors for drones, whether high-end motors like you might see on a Shahed or very low-end motors you might see on a quadcopter. How are you going to make those? Where are they going to come from? You’re going to need optical systems — where are you going to get the optics? If they’re made in China, and we have a conflict in the INDOPACCOM region, we’re probably not going to be getting those shipments. We’re probably not going to get the shipments of our computer chips that we need for the guidance systems. Where are we going to get rocket motors? Where are we going to make rocket fuel? And what about all the chemicals needed to make propellant? All these things just create more and more opportunities— left of the industrial base: the manufacturing base, all of the supply chain components that are needed.

I think we’ve ventured into a realm of unlimited and unbridled opportunity. We can’t replicate what they’ve done in Shenzhen, China. We can’t do this the same way we did it in World War II, by just repurposing an automotive factory line. We have to do it in a way that is representative of the time we’re in — leveraging factory automation, leveraging as much software as possible. It’ll rhyme with the past, but it won’t be exactly like the past. And so we’re working with the founders who really have a view and a vision for how to capture this opportunity and deliver what the aerospace and defense market really needs today.

CB: As someone who’s allocating capital to companies which ultimately aim to sell to the government, how does the defense procurement model work?

DU: We’re coming on the tail end of a procurement system that has become incredibly calcified and is finally being decalcified — for lack of a better term — calcified through bureaucratic rule-making and all kinds of things designed to prevent mistakes. That means that we have a process that over-specifies requirements. The government should say, “we want a missile that can go 1,000 kilometers, carry this kind of payload, and fit into this kind of a launch tube.” That’s what they should describe. Instead, they get very, very specific on exactly what kind of propellant it needs. Is it a liquid propellant or solid propellant? They might even call it by a certain name — you have to be able to make the Tomahawk. This contract is for a Tomahawk. Well, what if somebody makes something that works like a Tomahawk but isn’t one? That should be allowed to be bought too.

The over-specification of requirements has really bogged down the R&D and innovation side. You have companies today, like Anduril, that are building before the requirements are fully set — and as a result, they get to help shape them. We have a process that over-optimizes for compliance, making sure that nobody can protest an award or a contract, that nobody can say any rules got broken. A lot of the existing rules really favor the incumbents. They take a long time. I read recently that there’s something like $2 trillion worth of awarded contracts that won’t be delivered to the Pentagon for over a decade. That’s just too slow and too long. Those processes favor the incumbents, who are equipped to deal with such a slow process, when our warfighters need capabilities quickly. They need iteration.

We’ve entered an era where everything from the procurement process to the appropriations process is finally being changed to enable a much more nimble defense industrial base that produces things quickly. One of the big success stories of Ukraine is that they’ll work on a drone capability, put it in the field the next day, get feedback, iterate, and a week later have another version of the drone out in the field. That is so far removed from our process historically here in the US. To have the best capabilities and the best technologies, we need procurement processes — and the ability to field new equipment — that focus on iteration and feedback, not on calcified bureaucracy. We’re putting compliance way ahead of capability and speed.

CB: Much of the procurement in Ukraine is coming from the battalion level as well, which is so much closer to the source.

DU: They have a sense of urgency we don’t have. In a crisis, a lot of rules get thrown aside. But we are in a very slow-moving crisis right now in the US. We have expended a massive amount of our ordnance and missile capabilities in the war in Iran, and our resupply time is on the order of years, not months. We cannot operate in that kind of environment.

CB: Erebor has recently received its banking charter. What kind of impact will this new bank have on the hard tech industry?

DU: I think with the loss of Silicon Valley Bank, it’s become very clear that startups — particularly startups in the manufacturing, defense, energy, space, and supply chain categories — need a banking partner that understands their business. One that understands that they’re not going to have five years of financial records that they can share, because they’ve maybe only existed for a few months. When you’re dealing with everything from inventory to tooling to all the working capital needs that you have, you need a banking partner that understands that dynamic and is willing to work with you. And traditional banks, I would say, really do not. Historically, Silicon Valley Bank filled that void. But as Silicon Valley Bank went away, it exposed a huge gap in the market. The idea that startups need a partner is not novel. We had that, and we lost it. A dedicated bank like Erebor for the hard tech community, the national security community — a bank that, frankly, is very focused on supporting US companies, one that will not just seize your assets if the EU sends you a demand letter, the way a very large, established bank might — an American bank focused on the innovation economy is just a critical need, particularly in the hard tech, defense, and national security space.

CB: How long does it take to actually get the factories up and running?

DU: It takes a long time, which is why we need to act like we’re in a crisis right now. We are, but we just don’t feel it. Take the government shutdown. We’ve watered down what a crisis feels like. We actually need Congress to act with urgency. They have the power of the purse, and we need to behave like there’s a real crisis. Because it can take years. We have a company, Radiant Nuclear, that’s building a factory to build nuclear reactors, and they have so many orders that they really could put together the plans for a second factory. There’s so much demand out there, but that means they need to have the fuel supply chain built. They need a regulatory environment that’s clear. They need to have multi-year commitments from the DOE and the NRC to know they are actually going to be able to do these things, and that requires real government support and partnership.

For far too long, the government regulators have become these “no” people, when really they should be partners and enablers. In many countries, the regulator is an enabler. They support businesses. They help you build your business, get the licenses you need, operate in compliance with the law. Regulators in the US focus way too much on bureaucracy, too much paperwork, too much CYA behavior. Thankfully that is starting to change, and that is essential, because it does take so long to stand up these factories. I’ll give you one example. You might have a 10-year contract to field missiles for the United States military, but if the dollars that fund that only get appropriated to you annually, when Congress passes a budget, why would you ever buy more than one year of inventory at a time? You have no guarantee you’re actually going to get your order the next year or get paid the year after that? Why would you buy the inventory? That’s one of the reasons why our supply chain is so slow. Once the government says, “Okay, we’re ready now we want to buy it,” it then takes time to order the inventory, get the inventory, spin up manufacturing, rehire all the people in your factory. We need a Congress that understands those problems and is focused on multi-year commitments to fund programs — on multi-year commitments to award dollars that motivate the private sector to build these factories and the supply chain resiliency we need in this country.

CB: From a funding perspective, could you walk me through how this sector is different from the software that you’ve traditionally invested in?

DU: If you’re going to be an investor in the American Dynamism categories, you have to be prepared for a much, much slower J curve to revenue growth — meaning these companies are going to focus on R&D for a lot longer. They’re going to have to deal with more dynamics than a traditional sort of enterprise software company might. They have to deal with regulators. They might have to deal with hardware. Most of our companies sit at the intersection of atoms and bits, where hardware meets really advanced software, which means you’re going to have inventory needs, machining needs, factory production line needs. The capital needs are much more intensive. The revenue might get pushed out. But then once these things start working, the revenue catches up very, very quickly and grows much faster.

When investing in these categories, you have to make sure you understand the business. Oftentimes, we have to institute financial discipline much earlier in these companies, to really think about what fundraising looks like, how you make sure that these companies don’t run out of money. That’s one of the biggest things that’s changed in the last few years. We won’t take all the credit for it, but with American Dynamism, we’ll take a lot of the credit: we’ve unlocked a lot more downstream capital. There’s a lot more equipment financing. There are more investors excited about these areas, which makes it a much safer area to invest in. It means there’s going to be more capital after the seed round; after the Series A, there’ll be more capital available to support these companies and help them get through that part of the J curve — until they can really get into the market and get real revenue. If the government’s their customer, getting real programs of record; if other folks are their customers, getting real contracts and delivering real solutions.

CB: Agentic AI has seen widespread adoption in the last couple of months. What’s the tangible impact of that development on the software industry from an investor’s perspective? It looks like there’s also been a considerable downstream impact on Private Equity.

DU: It’s a profound change. As I mentioned earlier, as related to cybersecurity — or even my experience on the internet, AI and large language models, especially as they relate to coding, are now unlocking the ability for people with ideas and agency to manifest those ideas into reality in a way that was very, very difficult before. I think it’s actually very exciting for the hardware companies in the venture ecosystem, because it means they can now very rapidly take these hardware prototypes and introduce much more advanced software, much faster, without having to spend months and months tooling up an entire software stack that can be automated and generated very quickly. That means people can go work on other problems. They can hire people to work on the much more difficult factory problems, the hardware problems. And software is just going to get much, much better. I think it’s very exciting.

In the private equity world — and here we’re primarily talking about the enterprise SaaS world — I think we’re going to see that things that were previously valued at one price are now revalued at a new price. It doesn’t mean a lot of these enterprise SaaS companies are going away. I don’t think they’re going to go away, but it certainly means their growth may not be what we thought, and it may mean some of these products will go away. But lots of other things will stick around. Take a company like Samsara, which gets punished in the public markets. I don’t think Samsara is going away. They sell enterprise software into large fleets. They have an IoT solution and hardware component with it. There are lots of companies that have been unfairly punished, and maybe in the private equity world, the buyout world, they overpaid for some things they’re going to find out they overpaid for. But that’s life in the big leagues. They’re going to have to deal with that. Thankfully, that’s not my problem.

This interview has been lightly edited for length and clarity.