Frank Wang @ffwang2

Your security startup is chasing the wrong customer profile. Most founders still define a "Tier 1" enterprise buyer by employee headcount. They are completely ghosting the real money. Next-gen AI-native companies are flat, lean, and hold massive budgets that rival legacy enterprise giants. If your software can’t survive the scrutiny of an AI-native customer, it won’t survive the decade. Here is why the frontier buyer is your ultimate product crucible: 1️⃣ The Build vs. Buy Threshold: AI-forward companies can build internal tools at machine speed. If your product is just a surface-level UI wrapper or solves a purely bureaucratic organizational problem, they will disintermediate you with a homegrown script over the weekend. They only buy when you act as an infrastructure partner toward a complex outcome. 2️⃣ The Return of Forward-Deployed Engineering: Founders are obsessed with building pure SaaS companies from day one. But frontier tools are still highly complex. Organizations don't understand model nuances or how changing a prompt taxonomy alters a security outcome. To win, you need forward-deployed engineers to embed context directly into the customer’s runtime. 3️⃣ The Palantir Playbook: When you eventually take an AI-native security product down-market to legacy enterprises, a SaaS login isn’t enough. You have to deploy services to actively transform their outdated workflows. Look at Palantir—they dominated legacy industries by using elite services to bridge the architectural chasm until their software became foundational. Focusing on the AI-native segment forces you to skate where the puck is going. As legacy enterprises are forced to flatten their orgs to compete, they will inevitably adopt the exact tools you built for the frontier. Full breakdown: open.substack.com/pub/franklyspe…

The "AI SOC Analyst" is a band-aid on a broken leg. A ton of security startups are dropping autonomous agents into legacy SOC queues to speed up triage. It’s a waste of budget. You are just optimizing a workflow that shouldn't exist in an AI-native world. Think about factory electrification in the 1920s. Early factories just swapped massive steam engines for large electric motors and saw zero productivity gains. It was only when they threw out the blueprints, put tiny motors at individual workstations, and changed the floor layout that productivity skyrocketed. Cybersecurity is stuck in the steam era. Legacy SIEMs force you to pay an insane markup on basic data storage while your team wastes finite engineering cycles tuning noisy alerts. The future isn't a faster SOC. It's a decentralized security data lake. New platforms like @RunReveal and @scanner_dev are cutting out the middleman by running directly on top of cheap infrastructure like S3 and ClickHouse. Meanwhile, tools like @cotoolai are perfecting the AI blue-team application layer. The real win here isn't autonomous code remediation; it's fixing the tuning loop. Most alerts are false positives. When an alert hits, tools like RunReveal can run an immediate background investigation, auto-close the noise, and hand the human generalist the exact context needed to tune the rule in seconds. You don't need a dedicated SOC or an army of analysts anymore. You need elite data infrastructure and software that lets a single generalist focus on outcomes, not implementation details. open.substack.com/pub/franklyspe…

it’s not that AI “doesn’t work.”companies struggle to use it and are afraid to admit it.

Garry Tan @garrytan

2 weeks ago

Educating people on how to use the AI tools has become a serious bottleneck

153 55 912 228K 426

GDP.pdf measures whether models can read the messy professional documents - wiring diagrams, rocket schematics - that run the world. Riemann-bench measures research-level math, written by ivy league profs and IMO medalists in the course of their work. ...and climbing them both?... the stuff of fables 😎 congrats anthropic!

keyboard_arrow_left Previous keyboard_arrow_right Next

if you're an AI company and your CTO writes code but your CISO doesn't, you have a problem.

it's pretty obvious those who enjoy it vs. don't. career ladder climbers do it for the money.

Neeraj @neerajjj6785

2 weeks ago

be honest. are you building because you enjoy it or just for the money?

289 2 231 18K 4

those who say using AI isn't great probably don't have great harnesses

real instructions aren't lists of independent rules. they're entangled. introducing ComplexConstraints — our new IF benchmark testing the kinds of IF constraints that show up in real work: 1. conditional constraints (fire only when specific conditions are met) 2. planning constraints (many reqs must be satisfied simultaneously) 3. multistep constraints (each step feeds the next) 4. implicit constraints (a competent colleague would just know) models score from 0% to 40% we also trained a 4B model on 1k examples -> it matched a model 60x its size, and the gains transferred to other IF benchmarks like MultiChallenge and AdvancedIF. blog post: surgehq.ai/blog/complexco… leaderboard: surgehq.ai/leaderboards/c…

AI agents aren't just suggesting code anymore—they are autonomously running privileged actions in local terminal shells. This completely upends endpoint security. All it takes is a single logic error for a local agent to pull down a malicious open-source package and run it on a developer’s laptop because it thought the dependency was legit. In my latest newsletter, I look at the future of the endpoint market and where the real opportunities sit for incumbents and startups: 🔹 The Agent Architecture: Building endpoint software is brutal on battery and kernel stability. But just like @Cloudflare Warp or @zscaler did with SWGs, you can get away with a lightweight local agent if you route the heavy compliance and policy lifting to an elite global infrastructure. 🔹 The IT Operational Trap: Enterprise IT is stuck. Bloated companies have hyper-specialized teams doing manual tasks that AI will eliminate, making re-allocation highly political. The real market is lean startups where engineers moonlight as IT admins and need autonomous agents to patch and monitor fleet health out of the box. 🔹 The Platform Dark Horse: I’m cautiously optimistic about new plays like @Tanium Atlas. Complex, feature-heavy legacy platforms that are historically hard to use might actually benefit the most from AI. If you have 20 years of deep feature telemetry, you can use a natural-language interface to completely hide the plumbing and deliver immediate value. The endpoint checkbook is going to split. AI-forward shops view budget as one big efficiency blob. Older enterprises are facing a massive political battle over the consolidation of IT and security responsibilities. Full deep dive on the last mile of agentic security: open.substack.com/pub/franklyspe…

hiring talent is a lot like vc investing. the top firms get access to the best deals with high likely of high ROI. the other ones have to settle or find a diamond in the rough and take on more risk

@0xAlcibiades @rauchg then a lot of companies are prob in a bad place

@paulg agreed. what happens to the people leader CEOs who don't know how to build products, just orgs?

@garrytan this is the best use of AI. but you've also wiped out huge a segment of security :P

i like this take

Can Vardar @icanvardar

3 weeks ago

ai won’t replace builders it will expose people who were never really building anything in the first place

7 2 21 957 0

@hetmehtaa have taste

@gregisenberg probably AI generated

@badcryptobitch @nikitabier that's true. the takes are better here, but we need to bring back hashtags

Trying to block enterprise AI adoption is a losing battle. The real engineering challenge is building the guardrails to secure it in real-time. 🧵 Enter the AI Proxy. But if you want to know if a tool in this space is legitimate or just agent-washed marketing fluff, look at how it handles the streaming token problem. Traditional web proxies (like legacy CASBs or SWGs) inspect static HTTP payloads. They hold the request, scan the text, and pass it along. That architecture fails completely with LLMs. Developers expect instantaneous, millisecond-by-millisecond token streaming in their terminals and IDEs. If a security gateway adds even a 200ms hiccup to an autocomplete function, engineers will instantly find a workaround to disable it. A real AI proxy has to process massive, high-volume concurrent requests and inspect data streams on the fly—evaluating context windows and masking secrets without breaking the connection. This is exactly why owning your own global infrastructure is the ultimate moat. It’s why @Cloudflare and @Zscaler came to dominate the web gateway market—they understood that raw performance and low latency are the ultimate product features. Right now, startups like @joinformal have a massive head start because they treat security teams like developers who want programmable, policy-as-code controls. But to survive the traffic load long-term, the next-gen players will have to migrate away from self-hosted models and build out their own distributed global infrastructure. Full deep dive on why infrastructure is the defining moat for AI security: open.substack.com/pub/franklyspe… #Cybersecurity #Infosec #AIProxy #Cloudflare #Infrastructure #SecurityEngineering

@ThePrimeagen probably bc it's just as good opus

@badcryptobitch @nikitabier im going back to linkedin