Ashutosh Shanker

Ashutosh Shanker is a cloud security and infrastructure architect with 14 years of experience building large-scale distributed platforms that sit at the core of modern enterprise computing. His career spans the full infrastructure stack—from silicon-level data-path engineering and switching ASIC bring-up to cloud-native, AI security control planes—across organizations including Palo Alto Networks, Arrcus, Kzanna, SnapRoute, and Broadcom. Across these environments, Shanker’s work has been defined by a consistent engineering philosophy: translate complex distributed systems theory into production architectures that behave predictably under scale, failure, and continuous change.

At Palo Alto Networks, Shanker serves as a Senior Principal Engineer in AI Security Infrastructure, where he architects core platform services for Prisma AIRS, an AI Runtime Security platform. His responsibilities include designing cloud-native microservices that support AI workload discovery, asset intelligence, and runtime protection across AWS, Azure, and GCP. In this context, he defines service boundaries, APIs, and shared subsystems that unify policy evaluation, observability, and enforcement into a coherent control plane. The challenge is not only scaling services, but doing so while maintaining enterprise-grade security guarantees and operational reliability as AI workloads evolve rapidly in topology and behavior.

Earlier, as Co-founder and VP of Product Engineering at Kzanna, Shanker built an AI-first observability platform from inception to enterprise deployment. The platform combined real-time distributed data processing, Kubernetes-native services with secure multi-tenancy, ML-based anomaly detection, and LLM-assisted investigation workflows. This work brought modern AI techniques into operational observability, demonstrating Shanker’s ability to move from pure infrastructure engineering to AI-enabled operational intelligence—without sacrificing the architectural rigor required for multi-tenant enterprise systems.

Shanker’s most visible systems innovation emerges from his work at Arrcus, where he was one of three core architects behind the Virtualized Distributed Router—an effort that reimagined traditionally monolithic routing stacks as a cloud-native, microservices-based platform. He designed the virtualized control-plane cluster, defined state distribution and consistency models, and architected scale-out data-plane integration to support fabrics operating at hundreds of terabits per second. A standout contribution was a software-only punt-path architecture that preserved ingress-port identity while transferring control-plane traffic across distributed components—an innovation that became foundational to the platform and resulted in a granted U.S. patent, alongside corresponding international patents. Across his Arrcus tenure, he reports six granted U.S. patents and additional international grants, reflecting sustained invention in distributed networking.

Beyond punt-path design, Shanker architected a high-availability framework using etcd-based leader election, explicit failover semantics, and well-defined consistency guarantees—engineering the reliability contract needed for distributed network control planes. He also led architectural work for EVPN-VXLAN data center fabrics, translating EVPN control-plane semantics into hardware-agnostic dataplane behavior across multiple ASIC families. This included scale-critical features such as ingress replication, dynamic VTEP membership propagation, EVPN multi-homing with ESI-LAG, and robust L2/L3 VPN service support. Earlier at Arrcus, he strengthened ArcOS and IP CLOS underlay routing solutions by improving the Data Plane Abstraction Layer—enabling hardware-agnostic IPv4/IPv6 forwarding, ECMP scaling, QoS pipelines, ACL frameworks, and platform telemetry that were production-critical for open networking deployments.

Shanker’s technical roots are equally deep in network operating systems and silicon enablement. At SnapRoute, as an early engineer, he helped build FlexSwitch, a cloud-native network operating system, contributing to distributed state management, configuration frameworks, hardware abstraction layers, telemetry pipelines, and platform bring-up across multiple switching ASICs. In the Voyager project, he worked on integrating FlexSwitch with an early open packet-optical transport platform aligned with OCP/TIP initiatives—covering hardware bring-up, driver enablement for optics and DSP components, firmware upgrade orchestration with rollback safety, and operational monitoring/alerting.

Earlier still, at Broadcom, he served as a Staff Engineer II on the Tomahawk switching ASIC, developing MMU device drivers responsible for buffer management, queueing, congestion handling, and advanced QoS mechanisms—work that supported silicon bring-up and hyperscale-grade deployments. This progression—from ASIC driver stacks to distributed control planes to cloud-native AI security—illustrates rare end-to-end infrastructure depth.

Across roles, Shanker has coupled architecture delivery with professional stewardship: mentoring engineers, participating in architectural reviews, and establishing practices that emphasize correctness, reliability, and secure-by-design execution. His work reflects sustained contribution to the professional practice of infrastructure engineering—building platforms that are not only high performance, but operable, failure-aware, and trustworthy.