Execution Over Everything with Varun Badhwar

Hey folks - Firas here.

This week’s PMF Playbook comes from my podcast episode with Varun Badhwar, Founder and CEO at Endor Labs.

There’s a moment in my conversation with Varun Badhwar that perfectly captures what it takes to build something that lasts.

He says: if you can share an idea with someone in five minutes over a beer and they go build a better company than you… that’s on you. Not because ideas don’t matter, but because execution is the only thing that turns an idea into a business.

And in today’s market where AI is compressing time, copying is easy, and narratives travel faster than products; execution isn’t just the differentiator. It’s the entire game.

Varun has lived this from every angle. He’s built and sold companies. He’s sat on both sides of acquisitions. He’s scaled a cloud security business from zero to hundreds of millions. And now, at Endor Labs, he’s building in the middle of one of the biggest platform shifts we’ve ever seen: software moving from “written” to “assembled.”

This edition is about what he’s learned - what founders misunderstand about exits, why most acquisitions fail, what integrity looks like when money is on the table, and why AI is creating a new category of risk that most teams aren’t ready for.

A lot of founders quietly build with an outcome in mind: “We’ll get acquired in two years.”

Varun doesn’t just disagree with that mindset - he thinks it creates weak companies.

Not because acquisition is a bad outcome. But because you can’t engineer it.

You can be doing everything “right” and still miss the window because the market changes, the buyer changes priorities, the category shifts, or the acquirer decides to build instead. If your strategy is built around being bought, you start cutting corners without realizing it. Product decisions are made for the demo, not for scale. Go-to-market becomes a sales story, not a repeatable engine. The company becomes optimized for a moment instead of a decade.

Varun’s alternative is simpler and harder: build the greatest company you can in your category. Build a brand that people trust. Build the kind of culture that attracts the best people. Build operationally in a way that scales without breaking. When you do that, you don’t chase outcomes, you create leverage.

And when you have leverage, you get options.

That’s the part founders forget: the goal isn’t to “get acquired.” The goal is to become the kind of company that can choose what happens next.

Varun says something that should reshape how every founder thinks about acquisition conversations: nine out of ten acquired companies die within two to three years.

They don’t die because the product suddenly becomes bad. They die because the operating system changes.

A startup with 150 people gets absorbed into a company with 10,000. The five-person marketing team becomes a tiny part of a thousand-person function. Engineering gets pulled into roadmaps they didn’t write. The pace changes. The spirit dissolves. The people who were building with urgency find themselves living inside process.

So Varun asks a different question: what are my odds of success post-acquisition?

With RedLock, what made the deal work wasn’t the number. It was the structure. Prisma Cloud stayed intact. The business kept its own operating rhythm. It wasn’t “integrated into a machine.” It was allowed to function like a company with autonomy, accountability, and speed while benefiting from the scale, brand, and resources of Palo Alto Networks.

That’s the difference between a deal that becomes a footnote and a deal that becomes a platform.

If you’re a founder evaluating acquisition interest, Varun’s framing is a good north star: don’t negotiate like you’re selling a product - negotiate like you’re protecting a mission.

The most powerful part of this episode wasn’t tactical. It was moral.

Varun talks about founders who exit in a way that leaves employees behind - people who built the foundation of the company but don’t participate in the outcome. He’s blunt about it: it’s unethical.

And beyond ethics, it’s also strategically foolish.

Silicon Valley doesn’t forget those stories. Your next company is built on your last reputation. The engineers you’ll want later, the executives you’ll need later, the investors you’ll rely on later - they all remember how you behaved when you had leverage and when you didn’t.

Varun contrasts that with the messages he still receives years after RedLock - employees telling him they bought homes, created security for their families, and changed their lives because the acquisition worked for the whole team.

That’s the kind of detail people never put in a press release but it’s what defines leadership.

In a world obsessed with valuation, this is the quieter truth: integrity compounds.

Varun’s phrase is one I keep coming back to: software development is becoming software assembly.

Most modern codebases aren’t written from scratch. They’re stitched together - dependencies, open-source packages, snippets from the internet, internal libraries, and now, AI-generated code. And that shift changes everything, because it increases the speed of creation without automatically increasing the quality or safety of what’s created.

Varun doesn’t think developers disappear. He thinks the number of people producing code explodes.

Your marketing team writes code. Your ops team writes code. People who would never have learned a programming language can now “build” by prompting. That’s not a distant future - it’s already happening.

But the hidden cost is that velocity creates risk. AI has learned from the entire internet, which means it learned the good patterns and the bad ones. And without guardrails, code becomes easier to generate than to trust.

Varun shares a reality that should make every founder pause: a majority of AI-produced code can be insecure by default.

So the bottleneck shifts. The problem is no longer “can we write code fast enough?” The problem becomes “can we ship software that’s safe enough to rely on?”

Varun started Endor Labs before ChatGPT, anchored on a thesis: open-source software and third-party dependencies would become one of the biggest security fault lines in modern engineering.

Then Log4j happened, and the world saw what that thesis looked like in practice.

Now AI amplifies the same issue: more code, more dependencies, more unknown provenance, more risk, shipped faster than teams can review.

The old approach - scanning everything and dumping a mountain of alerts on engineering doesn’t work anymore. If you drown teams in tens of thousands of findings, one of two things happens: they stop shipping, or they ignore security. Both are catastrophic outcomes.

Varun’s view is that the future is precision and remediation. Fewer false alarms, more meaningful signals, and systems that help fix issues inside the workflow - not as an afterthought at the end.

In an AI-driven world, security can’t be a tax. It has to be a default.

I asked Varun what he’d tell a first-time founder who has an idea, term sheets, and momentum.

He didn’t start with product. He started with life.

First, make sure your family is genuinely on board. Startup building isn’t just a professional commitment - it’s a mental occupation. Even when you’re home, the company follows you. The people closest to you feel that, and you can’t talk your way around it. You have to align early, honestly, and explicitly.

Second, treat the first hires like the company’s DNA, because that’s what they become. Varun deliberately avoided building a “clone army” from his past companies, even though he could have hired faster. He wanted diversity of thinking and experience, because speed without depth creates fragile cultures.

Third, stop romanticizing stealth. Varun believes building in the open - talking to customers, iterating your message, refining the problem - is the only way to stay aligned with reality. And he returns to the line that frames this entire edition: if someone can hear your idea and beat you, the issue wasn’t the idea leaking. The issue was your execution.

Varun didn’t describe success as a payout. He described it as building something enduring.

He’s arguing for a founder mindset that feels almost countercultural right now: greatness first, leverage second, outcomes last.

Build the company you’d be proud to run even if nobody ever bought it.

Because if you build it that way, you’ll be the one holding the cards when the options show up.

If there’s a single sentence that sums up this conversation, it’s this: the hard thing isn’t raising money or getting acquired - it’s building something great without taking shortcuts.

Until next time,

Firas Sozan
Your Cloud, Data & AI Search & Venture Partner

Find me on Linkedin: https://www.linkedin.com/in/firassozan/
Personal website: https://firassozan.com/
Company website: https://www.harrisonclarke.com/
Venture capital fund: https://harrisonclarkeventures.com/
‘Inside the Silicon Mind’ podcast: https://insidethesiliconmind.com/