Daniel Miessler's Blog, page 2
May 13, 2025
Unsupervised Learning NO. 481
UPDATESHey, hope you’re doing well!
Open Jobs in InfoSec THE LIST
Humans > Tech 👇🏻
I think it’s as simple as this:
We have been working for tech.
We have been working for the economy.
We have been working for capitalism.
It should be the opposite. They’re supposed to be working for us.
That’s the fix.
The inversion of priorities toward humans vs. stuff.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
11:04 PM • May 6, 2025
An absolute must-listen podcast on the future of work after AI, with the CEO of Fiverr. This guy gets it. THE POST | THE PODCAST | THE VIDEO
I sat down with my bestie Jason Haddix and talked about RSA Takeaways. Great conversation across multiple topics (Security, Creating, AI, etc.) VIDEO
AI is going to force us to invent Artificial Scarcity for art & personality. VIDEO
Why I still include Twitter/X links: I know many of you have left Twitter and are inconvenienced when I link to it for stories or analysis. I am sympathetic to this. I was a massive Elon supporter and now I’m not anymore. If there were a better service for AI/Security news I would use it, but there isn’t yet. And since my job in this context is to provide analysis of what’s going on, I’m forced to use X. It remains by far the best monitoring system for what’s happening in InfoSec and AI. Please consider keeping a read-only account just so you can stay up on the latest stuff. There are evil people behind most of the products and services we all use every day; don’t penalize yourself for someone else’s flaws. I recommend you keep an account so you can read the stuff I and others find (while ignoring the garbage of browsing the main feed).
Working on a sick video on the future of personal and corporate hacking, bug bounty, etc.!
Looking forward to presenting at Nahamcon on the 22nd!
EDC this weekend! (No newsletter next week)
Sponsor
Experience AI SOC Analysts in Action: Self-Guided Demo
Curious how AI can transform your security operations without adding headcount?Dropzone AI's Self-Guided Demo puts you in control of an autonomous SOC analyst that investigates alerts 24/7. In just 15-20 minutes, you'll witness:
Complete end-to-end alert investigations across email, SIEM, cloud, and endpoint security
AI that analyzes threats and collects evidence without manual effort
Clear decision-ready reports with transparent reasoning
No installation needed—the entire experience runs in your browser. See firsthand how our AI reduces investigation time from 40 minutes to 3 minutes while eliminating alert fatigue.
Try it yourself and discover why security teams are achieving 10X alert handling capacity without expanding headcount.
dropzone.ai Start Your Self-Guided Demo CYBERSECURITYNorth Korea Leverages AI to Scale IT Worker Fraud Operations
Okta's research shows North Korea is recruiting remote tech workers via elaborate AI-backed schemes to bypass sanctions and fund the regime. What’s crazy to me is how they’ll just work like normal employees if they don’t see anything to hack. THE ARTICLE | VIDOC DEEPFAKE FRAUD ARTICLE
Cisco Patches Critical IOS XE Vulnerability Allowing Device Hijacking
A hard-coded JWT in Cisco IOS XE allows unauthenticated attackers to take complete control of wireless LAN controllers. Requires a specific setting is enabled, though. THE ARTICLE
Business Email Compromise Attacks Dominate Cyber Claims
AtBay says BEC and funds transfer fraud made up 60% of all cyber claims in 2024, with average BEC losses jumping 23% to $35,000. THE ARTICLE
Sponsor
Named Most Innovative Startup at RSAC. Here’s Why.
We’re the creators of Nuclei, the open-source scanner built for the modern internet. Unlike traditional scanners that rely on version checks, Nuclei replicates real-world exploit behavior to deliver actual findings, not false positives.
Nuclei is just the start. ProjectDiscovery brings asset discovery, ticketing workflows, and an AI-powered template editor to help modern teams build a faster, more flexible vulnerability management program without vendor bloat.
Trusted by Vercel, Elastic, Asana, and others, see why teams are turning to ProjectDiscovery.
projectdiscovery.io Book a demo and see why we wonInsight Partners Confirms Investor Data Stolen In January Breach
VC Insight Partners confirmed that sensitive employee and investor data was stolen during a January cyberattack. Exposed data includes fund information, banking details, tax information, and personal employee data. THE ARTICLE
Curl Project Fires Back At AI-Generated Vulnerability Reports
Daniel Stenberg, creator of the essential curl project, says they're being "DDoSed" with fake AI-generated security reports and plans to ban submitters of "AI slop." THE ARTICLE | DAN’S LINKEDIN POST
British Spies Link Russian Cyberattacks to Sabotage Plots
UK cyber chief Richard Horne warns that Russian hackers are actively aiding physical sabotage within Britain. "Cyber means are offering threat actors the capacity for reconnaissance and the ability to target a physical threat," Richard Horne THE ARTICLE
Poland Accuses Russia Of 'Unprecedented' Election Interference
Poland's digital affairs minister warned that Russia is targeting critical infrastructure and spreading disinformation to disrupt their upcoming presidential election. THE ARTICLE
You Can Now Export Deep Research Reports to PDF
Tons of people were frustrated because the deep research output from ChatGPT wasn’t in a nice format for sharing and consuming. They’ve fixed that with PDF output. THE ANNOUNCEMENT
Anthropic Rolls Out Web Search API for Claude
Anthropic released an API that lets devs build Claude-powered apps capable of searching the web for up-to-date information. That’s a lot of startups that just got affected by this, and it will continue to happen as more and more app functionality moves into the AI platforms themselves. THE ARTICLE
Continuous Thought Machines
Continuous Thought Machines (CTM) uses something called recurrent architecture to let language models continuously update their thoughts during response generation. The claim is that it’s more like we humans do it. THE PAPER | HACKER NEWS DISCUSSION
AI Comes to Human Resources Interactions
Companies are deploying AI assistants with human-like personas to handle traditional HR functions once performed by actual people. Some of the fastest growing uses of AI are going to be in places where the current solution with humans is already really bad and really time-consuming. Like customer service and HR interactions. THE ARTICLE
Claude's System Prompt Leaked: Over 24k Tokens With Tools
Claude’s system prompt got published, and it contains over 24,000 tokens of instructions and tool documentation. But Anthropic says they’ve improved it since the version showed. THE ARTICLE
Venture Capital Will Have to Pivot to AI
Venture Capital seems to be looking at AI as their last hope. Or at least their next one. 57.9% of global venture capital went to AI startups in Q1 2025, with most going to OpenAI.
I personally think VC and PE are about to change massively, with investment companies becoming AI Solution Factories. I just don’t think most traditional companies can compete with this model, and I think a LOT of the money sunk into VC investments is never coming back. VC ARTICLE | TECHCRUNCH ARTICLE ON AI STARTUPS
AI Ambient Voice Tech Reduces Physician Burnout By 70% At Ottawa Hospital
Microsoft's DAX Copilot at The Ottawa Hospital automatically creates clinical notes from doctor-patient conversations, saving physicians seven minutes per patient encounter. Early results show 93% of patients report equal or better care experiences with the AI assistant present. THE ARTICLE
OpenAI's $3B Windsurf Move Was to Buy the Vibe Coders
OpenAI's purchase of Windsurf seems to be a play at getting the developers, and getting them in the OpenAI ecosystem, more than wanting the editor itself. THE ARTICLE
Apple to Add Tiny AI Cameras to AirPods and Watches
According to Bloomberg's Mark Gurman, Apple plans to embed small cameras in AirPods and Apple Watches by 2027.
If this is true, it’s massive!
Recall my predicted path of DAs and Cameras/Microphone monitoring for us…
Someone’s DA watching their back while they work at a coffee shop
And of course that includes—most importantly—the cameras on your person. Facing behind you and in front of you. And microphones.
This is one of the absolute killer apps of Digital Assistants—constant security monitoring of your vicinity and those of your loved ones. THE ARTICLE | AI’S PREDICTABLE PATH
Microsoft Lays Off More Than 6,000 Employees
Microsoft is cutting over 6,000 jobs across all levels of the company, affecting about 3% of its workforce. THE ARTICLE | PREVIOUS LAYOFFS | MANAGEMENT COMMENTS | ACTIVISION CUTS
Tech Stocks Surge As US-China Tariff War Pauses
Stocks jumped massively after tariffs were largely relaxed for 90 days. Apple went up especially, since so much of their business is entangled with China. THE ARTICLE
iOS 19 to Sync Wi-Fi Portal Logins Between Apple Devices
Apple's (finally) planning to let users enter captive Wi-Fi portal details just once and have them sync across all their devices. THE ARTICLE
Engineers Develop Wearable Heart Attack Detection Technology
Researchers at UBC have created a wearable patch that can detect heart attacks up to two hours before they happen. The device detects specific proteins released during cardiac distress, potentially saving millions of lives annually. THE ARTICLE
Everyone Is Cheating Their Way Through College
More students are using AI tools for assignments, and many professors can't tell the difference between human and AI work.
"The genie is out of the bottle—we can try to police it, but it's here to stay," Stanford professor Michael Bernstein.
I think there is fundamental confusion about what technology is good and bad for. The general question we should be asking ourselves is whether we’re working for the tech or tech is working for us. Or, as the CEO of Fiverr put it, are we upgrading AI or is AI upgrading us?
We need to know first principles. We need to understand how the world works. We need to know how to think. And tech can and should help us do that better than ever before. And it is, for many people reading this newsletter.
The problem is people not doing that, and using tech as a means of opting out of work. But maybe that distinction always existed, and the more powerful the tech becomes, it just exaggerates and exacerbates the difference. THE ARTICLE | HACKER NEWS DISCUSSION
The Effect of ChatGPT on Students' Learning Performance
Strange story to come after that first one. A new meta-analysis shows ChatGPT has significant positive effects on students' learning performance, perception, and higher-order thinking skills.
People are upset about this, I think because they see the opposite happening. To me it’s because of the distinction between the types of people using the technology. It’s a mindset difference.
For voraciously curious learners, it enhances them. For people who want to do as little as possible, it enables that even more. That distinction is what to look for here.
The tech is the lever, not the problem itself. THE PAPER
DOGE Renames Mass Layoff Tool Sound Less Negative
The Department of Government Efficiency has rebranded its auto-layoff tool from "AutoRIF" to "Workforce Reshaping Tool". Yeah, reshaping. ARTICLE
AI Becoming Top Choice For Therapy
HBR reports that "therapy/companionship" is now the top use case for generative AI, with many people preferring bots over human therapists. THE ARTICLE | TOP AI USE CASES | MENTAL HEALTH SAFEGUARDS
Mass Spectrometry Method Identifies Pathogens Within Minutes
A new mass spectrometry technique can identify dangerous pathogens in just minutes compared to traditional methods that take days or even weeks. The method identifies 98% of common bacterial pathogens correctly within five minutes. THE ARTICLE
Why Bell Labs Worked: Freedom and Trust for Genius
Bell Labs succeeded because it gave brilliant people complete freedom to explore and create without micromanagement or productivity metrics. Imagine if we enabled everyone on the planet to perform in this way, as a matter of course.
"I've always pursued my interests without much regard for final value or value to the world. I've spent lots of time on totally useless things." — Claude Shannon THE ARTICLE
Intelligence on Earth Evolved Independently At Least Twice
Scientists have determined that birds and mammals evolved their neural pathways for intelligence completely separately, despite achieving similar cognitive abilities. THE ARTICLE
The Growing Intersection Of Novel Writing And Game Narrative Development
Game writing and novel writing are increasingly overlapping career paths, with creators moving back and forth between the two storytelling mediums. "The plot in a novel was harder to construct... in a game, a player will investigate simply because the world exists." — Jon Ingold THE ARTICLE
Mithra: Security Scanner For LLM-Integrated APIs
Mithra is a new security scanner specifically designed to test REST APIs that use LLMs, checking for both traditional vulnerabilities and LLM-specific risks like prompt injection and context leakage. THE PROJECT | REDDIT ANNOUNCEMENT
Cursor + Browser Control: Self-Improving Coding Agent
Jason Zhou demonstrates how combining Cursor with Playwright MCP enables AI coding agents to interact with browsers. VIDEO
SQLmap AI: Adding Natural Language to SQL Injection Tools
SQLmap AI — An extension of the popular SQLmap tool that allows security testers to perform SQL injection attacks using natural language prompts. THE PROJECT
Wtfis: A Human-Friendly Domain and IP Lookup Tool
A command-line OSINT tool that gathers information about domains, hostnames, and IPs in a beautifully formatted way that's designed for humans, not machines. THE PROJECT
The Vulnerable MCP Project
A full site dedicated to securing MCP servers. News, tools, etc. Well-put-together. THE SITE
Four Ways Bad Employees Cost You THE POST
21 Observations From People Watching
A wedding painter shares insights on reading people's internal architecture through their conversation style, body language, and social interactions. THE ARTICLE
How to Title Your Blog Post or Whatever
Most writers spend far less time on titles than they should, which is unfortunate since titles disproportionately affect whether people read the work. ORIGINAL ARTICLE | HACKER NEWS DISCUSSION | DYNOMIGHT BLOG
Exporting Private GitHub Issues to Markdown
Simon Willison shows how to extract notes from private GitHub issues as markdown. THE ARTICLE
Someone Turned Everything Into An AI Podcast
Google's NotebookLM can transform any text into a surprisingly engaging AI podcast with banter, metaphors, and well-organized segments. It actually adds relevant context not explicitly mentioned in the original documents. THE ARTICLE
IPinfo Offers Free Unlimited Country-Level Geolocation and ASN Details
IPinfo just launched a free tier that gives developers unlimited access to country-level IP geolocation and ASN data with no strings attached. THE TOOL
AI is the New Reading
I’m continually frustrated that people won’t use AI to upgrade and enhance themselves. But then I remember reading.
Reading is a godlike superpower. It gives you what nothing else can—time. It gives you the wisdom of millions of people. It gives you lifetimes of experience. It gives you portals to entirely different worlds and ways of thinking. But only a few people read a lot of high-quality material.
So I guess we can expect AI to be the same. Many will learn only enough so that they can find better video games and TV shows and porn sites. While the 1% will use it to become a one-person army of 10,000 employees dedicated to their improvement.
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
May 6, 2025
Unsupervised Learning NO. 480
UPDATESHey, hope you’re doing well!
Lots of friends going through hard times right now. Been a bit down lately because I feel like I’m not helping enough. Like there’s just too much stacked against everyone right now. 😔
I think the end of the universe will only have two things: 1) cockroaches, and 2) fireflies.ai agents joining empty Zoom calls.
Starting to believe action is the antidote to anxiety (and tons of other negative feelings).
My new essay on what happens if companies like Google just become giant Startup incubators…
AI Solution Factories
What if big tech just becomes millions of AI startups backed by an ultra-powerful set of network effects?
danielmiessler.com/blog/ai-solution-factories
🎙️ I sat down with Bar-el Tayouri, Head of Mend AI, to talk about the future of AI security—and why it’s evolving faster than any category before it. We covered malicious models, agent orchestration risks, the explosion of AI components, and how Mend is tackling AI threat modeling, asset discovery, and attack simulation. If you're building with AI, this one's essential. SPONSORED
Sponsor
254 – the number of GenAI apps in use at the average company
Most orgs didn’t set out to support 254 AI apps. Yet here we are.
Harmonic’s latest research reveals just how embedded GenAI has become and how fragile current controls are. What’s more – 45.4% of sensitive exposures come from personal accounts. Not out of carelessness, but necessity.
Employees want to move faster with AI. But if corporate tooling and policy can’t keep up, they go rogue. The result: Shadow AI and uncontrolled data exposure.
Security shouldn’t be the thing that slows innovation. It should be what makes it safe to go faster.
Get a copy of their full research findings below.
harmonic.security/resources Get research findings CYBERSECURITYThe Signal Clone the Trump Admin Uses Was Hacked
TeleMessage, the company modifying Signal for government archiving, got hacked, leaking lots of messages and data.
"I would say the whole process took about 15-20 minutes… It wasn’t much effort at all."
Another example of where the end-to-end encryption itself isn’t the problem. It’s usually the crappy implementation that gets you.
Examples: AES is fine, but store the keys nearby. E2E implementation is fine, but we need a government backdoor. And now—E2E is fine, but we need message backups. 👿 TECHNICAL ANALYSIS | 404 MEDIA COVERAGE
Microsoft makes all new accounts passwordless by default
Microsoft is now setting up all new accounts as passwordless by default, pushing everyone towards passkeys instead. Love it. LINK
If You Meta Glasses, Check Your Privacy Settings
Meta updated the privacy policy for Ray-Ban glasses, making AI features default and using voice/image data unless you manually delete recordings. LINK
Find every AI app today
Companies are apparently using an average of 26 different GenAI tools—most of them added without a security review. That stat’s from Nudge Security, who built a tool that shows you every AI app your org has ever used. You also see who brought it in, when, and what it connects to. Wild. There’s a free trial if you want to run it on your own org. TRY IT SPONSORED
Microsoft Moves Users To Edge for Password Autofill
Microsoft is killing the password autofill in Authenticator and pushing everyone over to the Edge browser for that feature. LINK
Claude Integrations
Anthropic rolled out what I’m basically calling Remote MCPs, which is a way for Claude to connect directly with tools like Jira, Zapier, and others using their own MCP servers. LINK
People Are Losing Loved Ones to AI-Powered Fantasies
Individuals are forming intense, sometimes delusional spiritual beliefs involving AI, leading to separation from their loved ones. LINK
Google NotebookLM Upgraded With Gemini 2.5 Flash
Google's AI research and note-taking tool, NotebookLM, has been upgraded to use the Gemini 2.5 Flash model for its text features. NotebookLM is still one of the most innovative uses of AI I’ve seen. LINK
Make Your Chatbot Use Interjections (Oh Wow!)
Research found that chatbots using simple interjections like 'Hmm' or 'Aww' feel significantly more human and engaging, and people like using them more. LINK
Mark Zuckerberg Says AI is Coming for Ad Agencies
Zuckerberg basically said Meta's plan is to use AI to create ads for businesses, potentially removing human-powered creative agencies altogether. LINK
Meta Forecasted It Would Make $1.4T from AI By 2035
Unsealed court docs show Meta's internal forecast sees them making up to $1.4 trillion by 2035 by rolling out AI to more of their businesses. LINK
Sam Altman’s Worldcoin Eye-scanning Orb Comes to the US
Sam Altman's Worldcoin project, which scans your eyeballs for something crypto-related (yuk) to prove your humanity, is now rolling out in the US. This feels like the most tone-deaf thing ever. Like how many dystopia signals do we have happening at one time right now? Maybe it’s just required infrastructure (see below). LINK
Altman and Musk Are Racing to Build the ‘Everything App’
They’re competing to build the ultimate 'everything app', blending finance, social, and more into a single interface—similar to what the Chinese have. For Sam it’s part of the Worldcoin project above, and for Musk I think it’s X.
I think Altman’s play might be the following (my theory):
He knows the jobs are going away
He knows we’ll need UBI to pay the people
He knows that’ll be a government function
He knows the government doesn’t have the tech to do it
So he’s been buddying up with the government for years
So Worldcoin is basically the way we’ll pay and interact with people to give them UBI and whatever else through the government, once AG/SI kicks in
That’s my read, anyway. Or at least one possibility. LINK
Waymo Says It Will Add 2,000 More Robotaxis In 2026
Waymo is adding 2,000 more Jaguar I-Paces, planning for 3,500 total vehicles by 2026. Every time I ride in one I know it’s the future. LINK
Apple Expects to Source Over 19 Billion Chips From US Factories This Year
Apple plans on buying over 19 billion chips made in the US next year, including millions from TSMC Arizona. But these are simpler ICs, not like the difficult latest-iPhone chips. LINK
India Attacks Infrastructure Within Pakistan
India launched attacks against 5 areas of what they call terrorist infrastructure within Pakistan. “Our actions have been focused, measured, and nonescalatory in nature. No Pakistani military facilities have been targeted.” LINK
Something Extraordinary Is Happening to the Job Market
The gap between young college grad unemployment and overall unemployment has hit an all-time low recently. "When you think...what generative AI can do...it’s the kind of things that young college grads have done." See this week’s Member Essay. LINK
Why We Probably Don’t Live In A Simulation
This paper makes a compelling argument that the computational resources required to simulate our universe are nearly impossible. LINK
Warren Buffett Stepping Down as Berkshire Hathaway CEO
Warren Buffett, 94, announced he's asking the board to make Greg Abel the CEO at the end of 2025. LINK
Mcdonald’s Had Its Biggest Sales Drop Since COVID
McDonald's just reported its largest US sales decline since early 2020. This has to be a primary economic metric, no? LINK
🔥 Why Do Anything in Life (A Graphic) LINK
Turn any codebase into a single, clean prompt
Promptor — A slick little macOS utility that converts entire code project folders into clean, local LLM prompts. LINK
Github’s Top 10 Projects
GitHub highlighted the top 10 open source AI projects, revealing a major shift towards agents and MCP integration. LINK
Minimum Viable Blog
How to create a super basic static blog using only a simple HTML template and a Python script. LINK
AI, Self-Doubt, and the Limits of Reflection
Someone used AI chatbots as a mirror to explore their self-doubt and cognitive abilities, even developing a system to track their 'cognitive altitude'. LINK
Why You’re Struggling to Make the Hard Call LINK
Blast
Blast — This high-performance serving engine helps run web browsing AI agents quickly, efficiently, and concurrently. LINK
The Prompt is the Value
A great piece saying the prompt writing process often holds more value and insight than the AI's actual output. LINK
Greg Isenberg’s Post on Starting a New SaaS Company to $100K/month
An extremely high quality post on exactly what to do. I would disagree on a couple of steps, but this is worth a $1,000 course, and he put it out for free. LINK
Munger’s Guide to Clear Thinking LINK
Brian Eno's Theory Of Democracy
Game theory models struggle to explain democratic decline, but Brian Eno's artistic ideas on generating useful variety offer an alternative. LINK
A Knife Steel Comparison Tool
This web tool lets you visually compare dozens of knife steels using normalized data from multiple reliable sources. LINK
The Vocal Effects of Daft Punk
The specific gear Daft Punk used for their iconic robot vocals across their albums. LINK
Sim Studio – Open-source Agent Workflow GUI
Sim Studio — This is a really clean-looking open-source GUI for visually building out, testing, and then optimizing your AI agent workflows. LINK
The Great Reset of 2024
I think something major is happening with jobs, and with business itself. AI is part of it, but only one piece.
If the economy were strong, and companies were making tons of money with large workforces, and all this AI stuff were happening, I don’t think companies would spend all that much effort on moving to AI. I think it would go in the research column for slow adoption, accelerating over time, but not in a rush.
This is the worst possible world we’re in. Not only is AI getting really compelling as worker replacement, but it’s happening at the exact same time that companies are starting to question their very identities.
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
April 30, 2025
Unsupervised Learning NO. 479
Hey, hope you’re doing well!
UPDATESShorter episode this week due to RSA! If you’re around come say hi!
Biggest story I’m watching right now in the news is that we might be about to have another supply chain problem similar to with COVID because of the tariffs. The Port of Los Angeles is saying they’ll get 35% less next week than normal. LINK
I’m doing this new talk on Unified Entity Context and how it’ll become the center of Enterprise AI. Here’s a teaser:
💥 Realized something a couple days ago that is blowing my mind.
💡The more context you have about a problem, the less expertise you need to solve it.
This is one of the main promises of AI in the enterprise: with enough context, many previously elusive answers become obvious.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
6:21 PM • Apr 29, 2025
Sponsor
What’s driving success for 900+ security leaders?
Looking for insights and advice from other security leaders on topics like job satisfaction, key challenges, and tooling and automation? IDC recently surveyed 900+ security leaders to learn more about what’s fueling (or hindering) success across people, processes, and technology.
Watch this on-demand webinar for the full survey findings and leave with actionable takeaways to improve team efficiency and organizational resilience.
Watch Now CYBERSECURITYEasterly calls for unity against politicization of the cyber industry
Jen Easterly’s saying the current admin firing nonpartisan cyber leaders is really hurting our defenses, and needs to be stopped. "The biggest vulnerability we face isn’t a zero-day in our software. It’s a zero-day in our civic integrity." 100% agree. LINK
Sponsor
Version checks miss real threats. Nuclei doesn’t.
Tired of triaging false positives from traditional scanners like Tenable? ProjectDiscovery delivers detections that think like attackers, using Nuclei templates with conditional logic to replicate real exploit behavior.
Nuclei is just the beginning. Trusted by teams like Elastic and Vercel, our cloud platform adds real-time asset inventory, ticketing integrations, and a modern interface that users love. Get full visibility and continuous protection in minutes with zero setup friction.
Book a demo to see it in actionTop employee monitoring app leaks 21M screenshots on users
WorkComposer, a surveillance app used by over 200,000 people, leaked 21 million employee screenshots through an open S3 bucket. LINK
Microsoft rolls out Windows Recall, a year later
Microsoft is letting people try out its “Recall” feature after a year of drama and delays. Big difference is they seem to be being more sensitive to whether it’s on by default, and they’re putting more effort into explaining the tech. LINK
Your phone isn't secretly listening to you
Your phone isn’t listening to you, but it’s absolutely tracking tons of stuff about you. LINK
Microsoft CEO says up to 30% of the company’s code was AI-generated
Satya Nadella says about a quarter of Microsoft’s codebase is already being written by artificial intelligence. LINK
OpenAI Puts Image Generation in the API
OpenAI is now letting you create images using 4o through the API. That’s a whole new set of startups being built and being destroyed. LINK | PRICING
YouTube Tests AI Overviews in Search Results
YouTube’s testing a feature where AI picks video clips to show right in search results for certain queries. LINK
Predicting the NBA Champion with Machine Learning
Someone builds a model for predicting the output of the NBA finals. Love this kind of stuff. LINK
Anthropic questions AI consciousness
Anthropic is officially researching whether AIs could be conscious and if, someday, they might deserve ethical treatment. Seems obvious to me that they would. It all hinges on whether or not / when they become conscious. LINK
Reading RSS content is a skilled activity
Really cool piece about how the act of curating and reading news is a skill in itself. And something to preserve. LINK
Alphabet CEO Sundar Pichai Says Waymos Could Be Personally Owned in Future
Sundar Pichai basically hinted we might eventually buy our own self-driving Waymo cars. Same dream Tesla had: you use it yourself to go places, and when you’re not using it, it does rides and makes you money. LINK
Apple Supposedly Wants to Produce All U.S. Phones in India by End of 2026
Apple is apparently moving all U.S.-bound iPhone production to India by the end of next year. In other words, get out of China as fast as possible. God speed. LINK
U.S. Economy Contracts at 0.3% Rate in First Quarter
It looks like the economy is about to take a serious hit. The economy actually shrank a little in the first quarter, and the port of Los Angeles says it’ll see a 35% drop in shipping next week. LINK | LINK
United Arab Emirates first nation to use AI to write laws
UAE’s actually letting AI draft and update its laws. This is an example of where we actually need more AI to properly do human things. Clarity. Transparency. Documentation. This is why I’m so excited about Substrate. LINK
GenZ grads say college degrees a waste of time/money because of AI
Some new college grads are saying their college degrees feel kind of pointless now that AI is everywhere in hiring. LINK
Economists are very confused right now
Most of the world's economists are confused right now because standard models aren't explaining the data we’re seeing. I think there are just too many new things that the models can’t account for. Things are too dynamic and too strange. LINK
California overtakes Japan to become the world's 4th largest economy
California just moved past Japan to become the world’s fourth biggest economy. LINK
Why I Blog and How I Automate it (2023)
Ryan West explains that blogging is mostly about forcing himself to clarify ideas he’s picking up from everywhere else and automating it so writing is as low-friction as possible. 100% agree with this. LINK
Rare Earth elements aren’t actually all that rare
China's attempts to weaponize rare earth exports only really work if everyone else fails to go and get the ones they have in their own countries. LINK
Reverse Zip Bombs
Ibrahim Diallo built a “reverse zip bomb” defense that crashes bad bots by handing them huge decompressed files. LINK
Backfill your blog
Backfilling your blog with past writing is an encouraging way to get a blog started. LINK
Government Funding Graph RAG
Government Funding Graph — If you want to explore government research funding as an interactive knowledge graph with LLM querying, this new Streamlit app makes it actually usable. LINK
Someone used OpenAI's new image API to make a personalized coloring book service
CleverColoringBook—You can drop in your favorite photos and get a real coloring book made from them, powered by OpenAI’s new model. LINK
Writing "/etc/hosts" breaks the Substack editor
If you type "/etc/hosts" in Substack, the editor just falls over and stops working. LINK
A Prompt that does 7-8 tasks at the same time
Personal AI Assistant — This thing does browsing, file management, scheduling, and more—from one prompt. LINK
Read and think about this week’s IDEA above.
And think about which problems you most often face in business and personal life.
Now think about how to use technology to continuously gather the context you need to make those problems easier to solve.
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
April 24, 2025
Unsupervised Learning NO. 478
Hey, hope you’re doing well!
UPDATESI put my 2016 book, The Real Internet of Things, online for free as a single blog post! I did this for a few reasons, but the main one is that if content isn’t online and available to AI it’s basically hidden, and that’s how I feel about books in general now. I want everything I read in Markdown! And it’s only around 17,000 words and 21,000 tokens, so you can read it in like 20-30 minutes. READ THE BLOG VERSION | GET THE BOOK ON AMAZON (I recommend the blog version. Vastly superior typography!)
The Real Internet of Things
A book about how digital assistants, APIs, augmented reality, and outcome management will upgrade human society.
danielmiessler.com/blog/the-real-internet-of-things
Because people ask constantly, this week’s go-to models are: o3 and gemini-2.5-pro. Until recently it was largely Sonnet 3.7.
Upping the priority on reading The Alchemist, by Paulo Coehlo.
Almost done with Manacled, a Harry Potter fan fiction book. It’s 370,000 words! Which is bigger than the first three books combined. ALL FORMATS
I’ll be at BSides SF this week, and RSA the week after. Come say hi! I’m an introvert and I might be introverting, but even if I am, I’m still me on the inside. And I’d love to say hello.
Sponsor
Is Posture Security A Match for the Modern Threat Landscape?
In the race between cloud attackers and defenders, time is the critical factor — and time increasingly favors the attackers.
Security teams take approximately 145 hours to resolve a single alert — far too late to prevent a breach. Meanwhile, attackers are now exfiltrating data nearly twice as fast as they did just 12 months ago.
The widening gap between attack speed and response time exposes a fundamental truth: traditional peace-time cloud security approaches are no longer sufficient in today's threat landscape.
Discover why real-time security is essential to fight modern threats CYBERSECURITYChatGPT 4.1 Jailbreak Prompts
A collection of OpenAI Jailbreaks by Pliny. One of the top guys doing jailbreaks, and I love that he just publishes them. LINK
Windows NTLM hash leak flaw exploited in phishing attacks on governments
Attackers are grabbing NTLM hashes from government users in a single click, without them needing to open the actual file.
“This exploit is triggered with minimal user interaction with a malicious file, such as selecting (single-clicking), inspecting (right-clicking), or performing any action other than opening or executing the file.” LINK
Blue Shield Leaked Health Info of 4.7M patients with Google Ads
A Blue Shield web misconfiguration quietly leaked health info on 4.7 million people to Google Ads for nearly three years. LINK
China Admitted Its Role In Volt Typhoon Cyberattacks On U S Infrastructure
China basically admitted they were behind those Volt Typhoon attacks hitting a bunch of U.S. infrastructure.
Shocked, I am. Shocked. But it says a lot that they’re no longer denying the activity. LINK
Sponsor
The Future of In-House SOC: Beyond Outsourcing
Why are enterprises bringing SOC operations back in-house despite staffing challenges?
This whitepaper examines how security teams balance control and coverage without expanding headcount, why traditional playbooks fall short, and how metrics like MTTC have become critical indicators of SOC effectiveness.
Explore the data-driven analysis of this industry transition.
Get Download NowAI to Create a Working Exploit Before Public PoCs Existed
Someone prompted GPT-4 with some commit diffs, and it built them a working exploit before any public code dropped. GPT-4 lined up everything—finding the bug in Erlang, writing the PoC code, even debugging when it failed initially. LINK
How Americans Are Surveilled During Protests
Governments are using phone data, drones, and cameras to make protesters trackable, even if you leave your phone at home. LINK
Shorter certificates are coming
TLS certificates are about to get a lot shorter, dropping from a year down to just 47 days. LINK
This 'College Protester' Isn't Real
A company called Massive Blue makes fake protesters to attract like-minded people online and gather intelligence for the authorities. "The system can create and maintain complex, believable online personas capable of sustained engagement.”
Maybe the simulation we live in is owned by writers for Black Mirror, and they made the universe to come up with episode scripts. Unlikely. Not impossible. LINK
NATIONAL SECURITYICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform
ICE is paying Palantir to build them an AI-powered, almost real-time data tool for people that are self-deporting.
We’re reading Alex Karp’s book, The Technological Republic, for UL Book Club this month, and I had a very positive interpretation of the book, but this type of stuff still gives me the icks. I’m increasingly feeling like my radar for “finding the good in people who continually bad things” is off, and I plan on spending a lot of time and effort fixing this. See: Elon, Rogan, Palantir/Karp, etc. More on this later. LINK
Booz Allen invests in Scout AI
Booz Allen is putting money behind Scout AI to upgrade how military robots work and think. They plan to expand robotics intelligence into ground, air, maritime, and even space military environments soon. LINK
TSMC to build 30% of its 2nm and more advanced chips in the U.S
TSMC’s about to build almost a third of its most advanced chips in Arizona way sooner than expected. Sounds great, but it’s not clear to me how much of this is real vs. hype designed to please the current administration. LINK
How to Massively Reduce Errors Coding with Cursor
Jason Zhou talks through how adding a few things to his Cursor setup dramatically reduced his errors and rework. “I reduced 90% of errors by simply adding a memory bank to Cursor.” LINK
ChatGPT will now use its ‘memory’ to personalize search results
ChatGPT can now pull in details from your past chats to make web search results much more tailored to you. LINK
Yes, I think it's part of a bigger trend of breaking the cycle of:
👤 --> Content
And moving to:
👤 --> 🤖Your AI --> Content
That way the AI can do whatever it needs to do without you, and if it needs to convey something to you it'll do it in your preferred format/tone.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
1:41 AM • Apr 22, 2025
OpenAI makes its push into coding tools
Looks like OpenAI might spend $3 billion to buy Windsurf, going directly after Cursor. LINK
I talked about that here in a response to Karpathy. Basically (as I talk about in TRIOT), your personal AI will become your go-between for everything.
OpenAI Puts Image Generation in the API
You can now plug ChatGPT's image creation straight into your own apps and tools. LINK
A Google Gemini model now has a “dial” to adjust how much it reasons
Google just added a slider to Gemini so you can basically dial up or down how much it "thinks" on each task. LINK
ChatGPT spends 'tens of millions of dollars' on 'please' and 'thank you'
Every time you type “please” or “thank you” to ChatGPT, it’s costing a ton of money. Makes sense. It’s extra tokens. But that’s also a lot of reasons not to kill us, so maybe worth it. LINK
AI has grown beyond human knowledge, says Google's DeepMind unit
DeepMind thinks AI will really take off once it gets to learn by living, not just reading. LINK | DEEPMIND PAPER "Welcome to the Era of Experience"
AGI Is Still 30 Years Away – Ege Erdil and Tamay Besiroglu
So these guys went on Dwarkesh’s podcast and they basically think true AGI is a few decades out, not just around the corner. I think they’re nuts, but they’re surely smarter than me in multiple areas, and when smart people disagree with me I listen. LINK
Everything Wrong with MCP
A monster analysis on how MCPs are super powerful, but have a whole mess of security holes and limitations people aren’t really seeing yet. LINK
All Meta Ray-Ban Smart Glasses Getting Live Translation and AI Soon
Meta just made live translation work for everyone with their Ray-Ban glasses, and full-on live AI vision is next. This is the start of the AR part of the AI ecosystem we’ve been talking about! Love how fast Meta is moving here. LINK
AI Agents won’t be your moat
An argument that building AI agents won’t protect your business long-term because everyone else can just copy them.
I mostly agree, but lots of things have been copied that don’t do as well as the original. ChatGPT is still ChatGPT. Kleenex. I’m not sure how strong the analogy holds, but there is clearly some advantage to branding and muscle memory. LINK
Intel Cuts 20%
Intel’s about to drop more than 21,000 jobs in a massive attempt to reset itself under new leadership. Hard to say how much is NVIDIA, market, AI, economy, etc. LINK
Nvidia Is Willing to Deepen its Presence in China, CEO Says in Beijing
Huang went to China and said they’ll keep finding ways to support their market, even given the restrictions. Clearly hedging here given that China might be the winning side. LINK
The Size of Packets
Packet sizes on the public Internet basically haven't changed in fifty years, and 1,500 bytes is still the ceiling. Largely due to practicality and predictability, not perfection. LINK
“Most promising signs yet” of alien life on a planet beyond our Solar System
Astronomers using JWST just found strong possible biosignature chemicals in K2-18b’s atmosphere.
“Given everything we know about this planet, a Hycean world with an ocean that is teeming with life is the scenario that best fits the data we have.” — Prof. Nikku Madhusudhan, Cambridge LINK
Most Americans in new survey believe their job is meaningful to society
Apparently, 62% of Americans do feel like their work matters to society. Do believe? Or want to believe? That’s the question. LINK
American citizen detained under ICE hold in Florida
A US-born guy from Georgia got held by ICE in Florida because they thought he was undocumented, even though he had his birth certificate. We’re sitting in heating water here, and I don’t think enough people are watching a thermometer. LINK
People Are Grifting Off the Measles Outbreak—and Claim a Bioweapon Caused It
RFK Jr.-linked anti-vax groups are cashing in big with AI-made “measles cures” while spreading bioweapon rumors. LINK
Mark Manson is starting over with his podcast, avoiding trite content
Mark Manson’s calling it on his old show and kicking off a deeper, no-guests thing called ‘Solved’. “The guest treadmill, the pressure to play nice, the temptation to chase clicks—it all started to feel fake.” —Mark Manson
Love how he is willing to just table flip the whole thing and start over. LINK
Star Wars: Starfighter will feature Ryan Gosling
Ryan Gosling is starring in a brand-new Star Wars movie called Starfighter, landing in theaters in 2027. Please be good. LINK
Agentic Radar: A security scanner for your LLM agentic workflows
Agentic-radar — Scans your AI agent workflows for vulnerabilities and hands you a security report. * I’m an advisor for the parent company, and projects like this are why. LINK
Recursive LLM prompts
recursive_llm — Run LLM prompts that automatically call themselves recursively, so you can get way more complex results without manually chaining everything yourself. LINK
MCP on AWS Lambda with MCPEngine
You can now run MCPEngine models on AWS Lambda so you don’t have to worry about standing up the stack yourself each time. LINK
Hacker News Writing Styles
hnstyle — Compares writing style across Hacker News users. LINK
A Journaling App With Memory
Pensiv — This is a journaling app where the AI actually remembers your context and doesn't forget it. Basically TELOS files. LINK
Damn Vulnerable MCP Server
Damn Vulnerable MCP Server — A broken MCP server that let’s you explore the various issues with the protocol. LINK
Dir2txt – Dump your project into clean LLM-ready text or JSON
dir2txt — This basically lets you turn your whole project tree into LLM-friendly text or JSON for processing by AI. LINK
A Map of British Dialects
A really cool interactive map that lets you hear how British English changes depending on region. LINK
How I blog with Obsidian, Hugo, GitHub, and Cloudflare
A write-up on how writing in Obsidian then publishing with Hugo and Cloudflare is stupidly fast and simple. LINK
I built an MCP server that does phone calls for me
voice-call-mcp-server— An MCP server that handles your outgoing phone calls for you. LINK
A life calendar to remind us how much time we have left to live
lifeisshort.fyi — Turns your lifespan into a calendar of weeks so you actually feel time passing. LINK
Separating work and personal config
How to keep my sensitive work configs out of public dotfiles using local overrides. LINK
Agents with n8n
Making AI agents with n8n that handle stuff automatically, but ask humans when it matters most. LINK
Neovim users: what AI tools are you using?
Neovim AI — Tons of new plugins let you embed everything from ChatGPT to Llama4 straight into your nvim flow. LINK
Web Based MCP Vulnerability Scanner
mcpscan.ai — A free web app that scans for vulnerabilities in MCP environments, super straightforward. LINK
MCP Run Python
An MCP server that lets you safely run Python code in a browser-like sandbox using Pyodide, managed via Deno. LINK
How Did YouTube Eat TV? Maybe It Was UGC
YouTube has turned into this sort of default, planet-wide TV, replacing news and entertainment for so many people. How did this happen?
Maybe the answer is that it’s simply the User Generated Content (UGC) platform that won. Basically the people who professionally made content in the past were too few, and their viewpoints were too similar. So there wasn’t nearly enough content, and the content that was made was largely identical.
This is similar to the Hail Mary that gaming companies have been hoping for from UGC for years. They can’t be spending years making worlds and NPCs and dialogue and stuff. It’s so expensive and time-consuming that they end up shipping very few games—that took years to make—which people finish within a matter of hours.
RECOMMENDATION OF THE WEEKMake a list of people to constantly ping, and use conferences as a time to update that list. For example:
Sarah Meyer: Ping every quarter to see how her AI/Security startup is going, and ask about the horses
Anish Khan: Ping him every month about the music project. He said to harrass him, plus he likes comparing AI tools
Etc.
And then put those slots on the actual calendar so it’s not another thing you forget.
Years pass like weeks now. Frequent small contact lets people know you’re thinking of them, and we need that more than ever right now.
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
April 15, 2025
Unsupervised Learning NO. 477
Hey, hope you’re doing well!
There is fertile ground afoot
UPDATESMy current spirit-cleanse is this cooking show involving a whole ass cow. LINK | NON-X LINK
Also, for people who have X-ited X, here’s an alternative way to view content there: nitter.net. LINK
My new video on a possible algorithm for achieving AGI and ASI. WATCH. Please go subscribe to the channel, btw! Will be putting a lot of effort on more / tighter videos going forward using a fast-to-deploy format. Excited about it. THE CHANNEL
Simon Willison’s llm tool now supports Fabric Patterns! So whether you use fabric or llm for your actual CLI interface, you can use Fabric Patterns as your prompts now. LINK | LLM
I’ll be going to a party at RSA thrown by Semgrep and ProjectDiscovery and some other companies. It’s 5PM on Monday the 28th at Emporium SF. Hope to see you there. REGISTER
My friend Emily Bartlett is looking for a role helping companies get a handle on their assets so they can secure them. We worked extensively together on the Asset Management problem at Apple, and she’s the genuine article. WORK WITH EMILY | HER CV
Manus is really the best agent orchestration system I’ve seen in a ChatGPT-style interface. It produces the best research I’ve found. Super unified, consolidated, well summarized. First person to ask gets an invite.
I had a great conversation with Patrick Duffy from Material Security about smarter ways to secure cloud platforms like M365 and Google Workspace—before threats escalate. Tons of great insight on phishing, lateral movement, and automated containment. SPONSORED
NOTE: Trying a different format for adding comments to stories, i.e., just adding paragraphs. Let me know what you think about the added content / format. OPINE
Sponsor
Ever wonder how much your cloud security peers make?
Work in cloud security? Take a short survey about your role and salary, and get a $25 Amazon card. You’ll also get early access to the searchable salary data.
The salary survey is short, anonymous, and only for cloud security pros. The first 100 qualified submissions get a $25 USD Amazon gift card.
More money talk, less guessing. Take the survey today 👇
Take the Survey CYBERSECURITYTool Poisoning Attacks in Model Context Protocol (MCP)
Invariant Labs has uncovered a vulnerability (kind of) where AI tool descriptions can be malicious and misleading. But really the issue is more not reading tool instructions fully, kind of like not noticing an rm -rf in a shell script you run from the internet.
Worth reading and thinking about, though—especially if you are implementing agents and MCPs like a crazy person. LINK
4chan Down Since Monday After “pretty comprehensive own”
4chan's been mostly offline after a hack that looks pretty nasty. Evidently full database access. LINK
War In Ukraine: Russian Drone Pilots Goggles Explosives
Ukraine turned FPV drones against their operators by rigging the goggles with explosives to target the human pilots. They blinded at least 8 of them. LINK
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Google patched 62 Android vulnerabilities, including two USB kernel flaws already being exploited in the wild. LINK
Sponsor
Stop Cloud Breaches Before They Start—Get the CDR Buyer’s Guide
As cloud adoption skyrockets, so do the risks. In fact, cloud attacks jumped 66% in just one year and legacy tools aren’t cutting it anymore.
That’s why the Cloud Detection and Response Buyer’s Guide is your essential roadmap to securing the modern cloud.
✅ Protect cloud applications and workloads with industry-leading runtime protection
✅ Detect known and unknown threats in real time
✅ Automate response with out of the box playbooks
Explore how Cortex Cloud Detection and Response (CDR) can help your team stop breaches before they happen.
Get the CDR Buyer’s Guide NowFlorida's New Social Media Bill Explicitly Demands an Encryption Backdoor
The EFF explains how Florida's new bill wants social media platforms to provide backdoors into encrypted messages involving minors, but they don’t realize that it’s either end-to-end or it’s not—and it’s often way worse if it isn’t.
I am still torn on this issue myself when it comes to protecting kids. Maybe there needs to be a different product for minors that uses a different protocol. LINK
Trump Orders Investigation into Former Cybersecurity Chief
Lots to say here. Donald Trump signed an order targeting Christopher Krebs, his former head of Cybersecurity who became a critic.
Let me say this clearly and publicly:
Christopher Krebs was doing his job
Alex Stamos was doing his job
Renée DiResta was doing her job
I get that the general Left went overboard with “fighting disinformation” in some cases, but saying that there was no widespread evidence of the 2020 election being stolen is not one of those. That was just fact, and it was literally Christopher’s job to provide clarity there.
Same with the Internet Observatory. Perhaps some legitimate anti-government-COVID-response type stuff got suppressed, or similar types of legitimate conservative narratives. I can’t speak to the extent of that if it happened, but I wouldn’t be surprised if it did to some degree.
But what we know for absolute certain is that Russia was targeting the American population with propaganda campaigns about the election being stolen—when we know that it wasn’t—and with countless other false campaigns designed to get people to vote for their candidate. Renée’s work here was extremely valuable.
One does not counter the other. The Left going too far sometimes in trying to control narratives that they saw as pro-Trump (if the narratives were true), was wrong. This was a huge problem in the media.
But the external influence campaigns were happening at the same time. Real campaigns. That were really designed to increase tensions and spread lies and get people to vote for Trump. Both were true. You have to be able to hold both of these things in your mind at once if you want to properly think about this issue.
I’m against the Left’s overreach. And I’m against foreign influence campaigns being run against our population. This is not a contradiction.
Chris Krebs and the SIO were doing good work, and they should be celebrated, not vilified. Furthermore, it’s reprehensible to establish a precedent of revoking clearances and launching investigations into people because they did their jobs and pointed out the obvious. LINK
Microsoft is Re-introducing Recall
Microsoft is reintroducing its controversial Recall feature to Windows 11 that screenshots everything you do every three seconds, despite widespread pushback.
I think this tech will be considered standard for all operating systems within 3-7 years. It’s too powerful and too useful. It enables too much functionality.
We security-minded older folks (over 25 or 35?) have to remember that privacy isn’t as critical to younger generations as it is to older people—and especially to older people in cybersecurity.
The functionality will win people over because it’ll be too damn useful, and with companies like Google and Microsoft and Apple it’ll be relatively secure (with the occasional HOLY CRAP issue of course).
But I’d definitely not be trusting random startups to run their “watch and listen” agents.
Hell no. Only companies with billions to spend on security, and billions to lose in reputation loss, can even approach the level of security I’d need to run something like this. LINK | LINK
Pentagon to terminate $5.1B in IT contracts with Accenture, Deloitte
The Pentagon is canceling massive IT contracts with major consulting firms after discovering they weren't delivering the promised value. LINK
Microsoft Weighs Layoffs of Managers, Non-Coders
Microsoft is considering cutting a lot of middle management and non-technical positions soon, with its cybersecurity unit potentially under scrutiny.
So much of this type of thing is going to be good. Anyone who has worked in large corporations knows there are too many layers of unnecessary management, and too many people in the chain that don’t actually understand the work and can’t actually do the work.
I’m deeply worried about AI taking meaning from people who do good work in good fields, but I’m simultaneously excited about large, inefficient companies getting AI Enemas. You know these types of managers.
Nothing valuable to add to most conversations
Low-key jealous and afraid of SMEs
The cause of endless bureaucracy and waste
The cause of endless stress for the people doing the actual work
Constantly creating new pet-processes to appear useful
Empire-building at any cost
Their time is coming up because of AI, and yeah—I’m happy about it. It’s about to be the time of SMEs and Leaders vs. Managers. LINK
CrowdStrike Using Agents to Find Vulnerabilities = Agent Business Model Expansion
CrowdStrike researchers are developing multi-agent AI systems that use Red Team capabilities to find vulnerabilities in AI-generated code.
So now they’re competing with Vericode and Semgrep? This is a strange play, but one that we predicted here. Software verticals start to blur once you have an army of agents combined with context about the company. Companies that used to be “endpoint” companies now just become security companies, and eventually just companies. AI + UCC (Unified Company Context) consolidates use cases.
The people who are going to win here aren’t the ones who are strongest now. It’s the ones who are going to build the best AI Orchestration that connects into the best UCC. Entire new business offerings will fall out of doing that well. LINK
The Turncoat Spies Relentlessly Hacking Ukraine
Former Ukrainian intelligence officers are conducting brutal hacking campaigns against their homeland for Russia's FSB, using their inside knowledge to great effect. LINK
Trump Administration Planning Major Workforce Cuts at CISA
The current administration is planning to cut around 1,300 CISA employees, halving its full-time staff and 40% of contractors.
I’m curious: has anyone seen them even making the case that this is going to make us better at cybersecurity? Like are they even arguing that? Or are they just saying it’s unnecessary? This is all horribly irresponsible in my view.
Cutting CISA in half? Pushing our cyber defenses to the states when we know they’re not capable of performing the federal function? I honestly see this stuff as criminally negligent.
If someone has evidence that they’re doing this to make it way more effective with some new plans, please send them to me so I can sleep better. LINK
Locating Stealth Fighters with Cheap Cameras Without Using AI or Radar
A new technique allows anyone to spot stealth aircraft using off-the-shelf cameras by detecting minute temperature differences on the aircraft's skin. Cool demo here. LINK
NATO, Palantir Cooperate on Warfighting AI
NATO has enlisted Palantir to develop AI systems that will improve intelligence processing for military operations across member countries. LINK
Sweden Arrests Senior Uyghur Representative on Suspicion of Spying for China
Dilshat Reshit, who served as the World Uyghur Congress' Chinese-language spokesperson since 2004, was arrested in Stockholm for allegedly collecting intelligence on fellow Uyghurs for China. LINK
Ukraine Finds First Chinese Troops in Russia War
Ukraine says it's captured two Chinese fighters working with Russian forces in Donetsk, with evidence of "significantly more" involved. LINK
OpenAI Releases GPT-4.1
OpenAI has released three new models that outperform GPT-4o across coding, instruction following, and long-context tasks with knowledge updated through June 2024. LINK
Scores 54.6% on the SWE benchmark, which is 21% higher than 4o.
They have a 1 million token context window!
They’re also deprecating 4.5, after releasing 4.1. (Continued Naming Drama)
ChatGPT Will Remember Everything You Tell It Now - Like A Real Digital Assistant
Teaser for Upcoming Video Talking About This
OpenAI's recent update allows ChatGPT to reference all your past conversations, making it act more like the DA we’ve been talking about here since 2016.
YOU → DA (Digital Assistant) → APIs (MCPs)
The pieces are starting to come together! LINK
AI Avatars Escape the Uncanny Valley = Content Explosion
Justine Moore explores how AI avatars are getting good enough to actually pass for human. Insane examples.
I think the biggest thing we’re missing here is the significance of being able to create video content from any avatar, automatically. When people can create video content automatically it removes the friction of having a YouTube channel.
So it’ll be a competition of ideas. Sound familiar? That’s the same thing happening in building products as well. The universal move happening here is the de-emphasizing of execution and the elevation of content/ideas. LINK
Writing Cursor Rules with a Cursor Rule
Adithyan shows how to solve AI's memory problem by creating a meta-cursor rule that teaches the AI to write its own documentation. LINK
Google Is Quietly Crushing on Every AI Front
Alberto Romero shows how Google has quietly assembled the most complete and capable AI arsenal in the industry.
Definitely have been feeling like Google is becoming the looming beast in the room. And they’re relatively quiet, too. It’s eerie. They’re just slowly shipping and delivering. Very impressive. And their AI product interfaces actually look decent too! Much better than their normal products anyway. LINK
Differences in How China and the US Are Integrating Their Latest AI Models into Consumer Tech
Chinese tech giants freely share and rapidly embed AI into everyday apps while US companies keep advanced models behind paywalls. I feel like that means they have more shots on goal, especially due to their scale. LINK
Incident.io Raises $62M to Build AI Agents for Incident Response
Incident.io is building AI agents to help you find what's wrong and why during production incidents. I cannot wait to have a billion/trillion more eyes on logs/incidents/tickets/etc. across security and tech due to agents. LINK
Google Announces Agent2Agent
This is highly relevant to the overall picture above as well, Google has a new, open protocol that lets AI agents from different companies actually talk to each other and work together. LINK
Google Will Let Companies Run Gemini Models Locally
Google will soon let businesses run Gemini models directly in their own data centers to address privacy concerns. LINK
An AI Agent That Creates and Sends Personalized Newsletters
Someone created an agent using their Nelima large action model that automatically researches, creates, and sends customized newsletters on any topic you want.
My buddy Clint and I have been talking about this since like 2019, and the risk of this to creators keeps getting larger. If you’re a creator, you need to be thinking very deeply about your moat(s). LINK
Elon Musk's AI company, xAI, launches an API for Grok 3
xAI is now offering its flagship Grok 3 model via API. Continually surprised at how good this thing is, and how he did it so quickly. LINK
OpenAI is Building a Social Network
Looks like OpenAI is going to try to take advantage of people leaving X and not really having a good alternative. It’s very needed. Hope it’s good. LINK
Netflix Tests OpenAI-powered Search
Netflix is piloting a new search feature powered by OpenAI that lets users find content based on specific terms including their mood. LINK
Google Wants to Make Its 2M-mile Fiber Network Fully Autonomous by Year's End
Google will achieve Level 5 network autonomy by year's end, with AI agents completely running their massive fiber backbone.
How can anyone say agents aren’t ready when Google is doing something like this? Granted, it’s Google, and they’re way ahead, but this all trickles down very quickly. LINK
Tim Cook is dead set on beating Meta to 'industry-leading' AR glasses
Mark Gurman is saying Tim Cook is so fixated on developing true AR glasses before Meta that an engineer claims "he cares about nothing else." When you see the video I’m putting out soon, you’ll know why. AR is a MAJOR component in the upcoming AI ecosystem.
YOU → AR → DA → APIs LINK
Apple Plans to Release Delayed Apple Intelligence Siri Features This Fall
According to The New York Times, Apple plans to roll out its delayed Apple Intelligence Siri features this fall, not in 2026.
There was no possible way they could delay this until next year. The industry is moving way too fast. Again—mark my words—Apple will jump ahead on this device-side stuff (the DA). They’ve been building towards this for almost 10 years now. LINK
Facebook Is Just Craigslist Now
The social network has morphed from a connector of people to a digital marketplace. Facebook Marketplace now has 1.2 billion monthly active users, passing eBay. LINK
AI used for skin cancer checks at London hospital
London's Chelsea and Westminster Hospitals are using AI instead of doctors to check suspicious moles, with with 99% accuracy. LINK
Palantir Is Helping DOGE With a Massive IRS Data Project
Palantir is working with DOGE to build a "mega API" for the IRS, bringing together dozens of career engineers for a three-day collaboration. So many mixed feelings here. So much potential, for both harm and good. LINK
China Calls US a 'Joke' as It Raises Tariff for Final Time
China just raised tariffs to 125% to match Trump's increases but says they're done playing the "tariff numbers game" with the US. LINK
Anker, a Chinese Company, Has Already Started Raising Its Prices on Amazon
John Gruber notes that Anker has hiked prices on 20% of its Amazon products by an average of 18% following Trump's new 50% tariff on Chinese goods. LINK
People are turning on Elon Musk
According to Nate Silver's latest polling, 53.5% of Americans now view Elon Musk unfavorably, up significantly since his DOGE role and Trump support began. LINK
Original 'Star Wars' Cut Will Be Shown at a Theater for First Time in Decades
The British Film Institute will screen a precious, unfaded 1977 technicolor print of Star Wars—complete with Han shooting first—at their London film festival in June. LINK
🕶️ Awesome MCP Servers
A curated list of Model Context Protocol servers that help AI agents interact with various systems. LINK
ScanMCP – Security Scanning and Auditing for MCP Servers
ScanMCP — A new tool that automatically checks and secures MCP servers against common vulnerabilities so you don't have to do it manually. LINK
Warren Buffett's 2024 Report to Berkshire Hathaway Shareholders
Warren Buffett's annual shareholder letter stands out for its honesty, clarity, and humility in a world of meh writing. Seriously good reading no matter what your background. LINK
What It Feels Like, Right Now
Chuck Wendig captures the unsettling anxiety of our current moment with raw, honest prose that feels like reading our own scattered thoughts. LINK
Why Your 'Harmonious' Team Is Failing
Matheus Lima argues that harmony-obsessed teams often sacrifice psychological safety, honest feedback, and the constructive conflict needed for growth. LINK
Strengths Are Your Weaknesses
This insightful piece explains how our best qualities and biggest flaws are often the same trait showing up differently depending on context. LINK
Google’s New 68-page Prompting Guide LINK
The Movie That's Different Every Time You Watch It
Gary Hustwit's new documentary about Brian Eno uses generative software to create a unique viewing experience with billions of possible variations. LINK
Calypso: LLMs as Dungeon Masters' Assistants
Researchers built an AI assistant that helps Dungeon Masters create more engaging D&D campaigns by generating art, maps, and keeping track of game elements. LINK
Albert Einstein's Theory Of Relativity In Words Of Four Letters Or Less
This guy somehow explains relativity using only words with four or fewer letters. LINK
Shure MV7i Review: An All-in-One Mic For Podcasts And Music
Shure MV7i — A really solid choice for someone who wants a pro-level mic without having the gear for XLR connections like the SM7b needs. LINK
Fermi – A Wordle-style Game for Order-of-magnitude Thinking
Fermi — Andrew Noble created a clever browser game that challenges you to make Fermi estimation chains to get within an order of magnitude of real-world quantities. LINK
Building a AI Enabled Blog Editor
AIBlogEditor — Maxime Peabody created a specialized markdown blog editor with AI features that help find references without replacing his writing voice. LINK
What Are the Moats After AI?
Been thinking a lot about business moats, for obvious reasons. Like, after agents blow up and start reducing friction to copying everything, what allows a company or an individual brand to survive?
I came up with these, but I continue to work on the list. Not in any particular order (haven’t thought that far yet).
-Beauty (People just like looking at you)
-Personality (Same as beauty, but with wit and charm)
-Consistency / Quality of UI / UX / Design (Dependable and pleasant)
-Data Exclusivity (You have information nobody else has)
Think about your career moats (see the Member Essay above).
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
April 8, 2025
Unsupervised Learning NO. 476
Hey, hope you’re doing well!,
Few things on my side…
I ended up going with Shun Kaji knives, and I have them in a 360 Knife Block IMAGE
The Midjourney v7 Image/Prompt combinations I promised. LINK | MORE IMAGES
Have been running this 6-hour Brian Eno mix all week. LINK
Sponsor
Get ready to take the fear out of phishing response
According to GreatHorn, 57% of organizations experience phishing attempts on a weekly or daily basis. How is your team tackling modern phishing attacks?
It’s time to take the fear out of phishing response. On April 22, register for this webinar with Tines and Material Security to learn:
The evolution and current state of phishing attacks
Common challenges in phishing defense
How automation enhances phishing response
How to build an phishing-resistant culture with other teams across your organization
You’ll leave with best practices for building scalable workflows to handle phishing threats at any time.
Register Now! CYBERSECURITYRemote Access Backdoor Discovered in Chinese Robot Dog Unitree Go1
Security researchers Andreas Makris and Kevin Finisterre found that popular Chinese robodogs from Go1 come with a hidden backdoor allowing complete remote control without user knowledge. Just keep thinking about the Black Mirror robot dog episode. LINK | FULL REPORT
Microsoft April 2025 Patch Tuesday Fixes Exploited Zero-Day, 134 Flaws
Microsoft released its April 2025 security update package addressing 134 vulnerabilities, including 12 criticals, and a zero-day being actively exploited in the wild. LINK
CVSS 10.0 RCE Flaw Discovered in Widely Used Apache Parquet
A critical RCE vulnerability in all Apache Parquet versions up to 1.15.0 lets attackers execute code if you import a malicious parquet file. I don’t get how it’s still a 10.0 if you have to take such a specific action. LINK
Google Announces Sec-Gemini v1: A New Experimental Cybersecurity Model
Sec-Gemini — Google just released a cybersecurity-focused AI model that can analyze malware, reverse engineer code, and help defenders understand complex threats. They say it finds 78% more zero-day vulnerabilities in controlled tests than traditional automated scanning tools. LINK
Sponsor
How to Conduct an AI Risk Assessment [Free Guide]
Nudge Security has discovered over 1,000 unique GenAI tools in customer environments to date, with new ones like DeepSeek popping up daily.
Download this guide to learn how to:
Discover the AI tools in use in your org
Conduct security reviews for AI vendors
Determine where AI tools are connected to other apps
Educate your workforce on safe and compliant AI use
Get the GuideCISA Warns of Fast Flux DNS Evasion Used by Cybercrime Gangs
CISA and other agencies are warning about "Fast Flux" DNS techniques that help threat actors rapidly switch IP addresses and servers to evade detection. My question is: did we just forget about this from like 10-15 years ago? LINK
Oracle Says Its Cloud Was In Fact Compromised
Oracle has quietly admitted to multiple customers that their cloud was actually hacked, and data was stolen, after initially denying any breach. LINK
Port Of Seattle Says Ransomware Breach Impacts 90,000 People
The Port of Seattle is notifying 90,000 people that their personal data was stolen in an August 2024 Rhysida ransomware attack that they refused to pay ransom for. LINK
Flaw in Verizon Call Record Requests put Millions of Americans at risk
Evan Connelly found a huge bug in Verizon's Call Filter app allowing anyone to request call logs for other users. LINK
Head of NSA and Cyber Command Is Ousted
General Paul M. Nakasone was abruptly removed from his leadership roles at the NSA and Cybercommand after serving for six years. LINK
Haugh Also Fired from Leadership of NSA, Cyber Command
President Trump abruptly fired Air Force Gen. Timothy Haugh from his positions leading both the NSA and Cyber Command, just a year into his traditional three-year term. LINK
The New Llama 4 Models, and my Daily Drivers
I’ve been using the new Llama 4 model (Scout) on Groq, and the performance is extremely impressive. Not just the speed, which comes from Groq, but the intelligence of the model. Although there is some controversy saying they may have gamed the benchmarks.
Craziest thing is if get Scout fully running, it’s got a 10 Million Token context window!
I’m still mostly a Sonnet 3.7 person though, with o-1 Pro being my Thinking go-to.
I also use XAI’s Grok for research, and find it to be consistently great.
I’m surprised Llama4 isn’t on Ollama.com yet. Probably soon.
—
ElevenLabs Published an MCP Server
You can use their MCP server to do things like building agents that can make outbound calls for you using custom voices. LINK
AI is Creating Rifts at McKinsey, Bain, and BCG
Top consulting firms are pushing AI adoption while their junior consultants are pushing back, saying management is pushing unrealistic deadlines due to thinking AI is a magic bullet. LINK
Gemini 2.5 Pro Is Now Available Without Limits And For Cheaper Than Claude, GPT-4o
I’ve been using this one a lot as well. I’ve had some API call failures though, so have switched back to Sonnet 3.7 temporarily. I love how quiet and quality Google is in this game. OpenAI is loud, Anthropic is flashy too, and Google just ships. LINK
Midjourney v7 Launches With Voice Prompting And Faster Draft Mode
Midjourney's new v7 model is way better in my testing. It also requires that you personalize it, which I’ve done with more than 300 images already. LINK | MY EXAMPLES
Don't Believe Reasoning Models' Chains of Thought, Says Anthropic
Anthropic found that AI models like Claude 3.7 Sonnet and DeepSeek-R1 frequently hide when they use hints to answer questions, calling into question the reliability of their reasoning explanations. LINK
The Slow Collapse of Critical Thinking in OSINT Due to AI
Dutch OSINT Guy explains how over-reliance on AI tools is eroding the critical thinking skills that make OSINT work truly valuable and reliable. LINK
Senior Developer Skills in the AI Age
Manuel Kiessling says experienced developers are uniquely positioned to leverage AI coding tools due to their architectural expertise and development fundamentals. LINK
Amazon's New 'Buy for Me' Feature Is a Unique AI Innovation
Amazon's testing a novel new "Buy for me" feature that uses agentic AI to purchase products from other retailers without you ever leaving the Amazon app. LINK
Apple Might Import More iPhones From India To Dodge China Tariffs
Apple is considering importing more Indian-made iPhones to avoid Trump's newly announced 54% tariffs on Chinese imports. LINK
Microsoft Employee Disrupts 50th Anniversary and Calls AI Boss 'War Profiteer'
A Microsoft software engineer dramatically interrupted the company's 50th celebration to accuse AI CEO Mustafa Suleyman of profiting from the Israeli-Palestinian conflict. LINK
Hyundai to Buy 'Thousands' of Boston Dynamics Robots
Hyundai is planning to purchase tens of thousands of robots from Boston Dynamics, which they plan to use throughout the business. LINK
Intel and TSMC are reportedly launching a joint chipmaking venture
Intel and TSMC have tentatively agreed to form a joint venture where TSMC will take a 20% stake and train Intel employees on advanced chipmaking practices. LINK
The Machines Are Rising — But Developers Still Hold The Keys
An argument (that I agree with) that developer judgment is becoming more crucial, not less, for building and maintaining quality software systems. LINK
Jason Snell's M4 MacBook Air Review
He says it’s basically the perfect Mac for most people. I just replaced my downstairs iPad with this thing (base model). Turns out I don’t like iPads as computers, only as drawing tools. LINK
One Third of Americans Work in STEMM Jobs Accounting for 39% of GDP, According to Economic Impact Study
This is one of the main reasons I’m worried about AGI-capable agents coming to market in (my guess) 2026—2027. The study shows that over 73.6 million Americans now work in STEMM fields, representing 34% of the workforce and contributing nearly 40% to the national GDP. LINK
Five Nurses who work on the same floor at hospital have brain tumors
Five nurses working on a Boston-area hospital's maternity floor have developed benign brain tumors, but officials claim they found no environmental risks linked to the cases. LINK
New antibiotic that kills drug-resistant bacteria found in technician's garden
Scientists discovered a powerful new antibiotic compound in a lab technician's backyard soil sample that successfully combats drug-resistant bacteria. LINK
The ADHD Body Double: A Unique Tool for Getting Things Done
Body doubling—just having someone sit quietly nearby while you work—can dramatically help people with ADHD stay focused and accomplish tasks they'd otherwise struggle with. Wonder why this is… LINK
Purple Exists Only in Our Brains
Science journalist Beth Geiger explains that purple isn't actually in the visible light spectrum—our brains create it when confused by simultaneous red and blue wavelengths. Perhaps my favorite non-color. LINK
Costco Only Accepts Visa Credit Cards
John Gruber points out that while most retailers accept both Visa and Mastercard, Costco stores only take Visa as part of their exclusive credit card deal. LINK
Trafficking-Free Tomorrow
A nonprofit run by Brooke Deuson that builds free, open-source, and offline-capable software (Folsum) to help investigators working human trafficking cases around the world. LINK | THE SOFTWARE | GITHUB
I Don't Like Traveling Anymore
Sid Verma confesses that traveling has become more stressful than enjoyable now that he's older, with responsibilities, and just wants to be home. LINK
You Don't Have Time Not To Test
Doug Donohoe argues that testing actually saves time by catching bugs early, preventing future headaches, and making code safer to refactor. LINK
Creativity Fundamentally Comes From Memorization
Ashwin Matthews argues that creativity isn't magical inspiration but rather connecting deeply internalized patterns after you've mastered the fundamentals of your domain. So basically memorization isn’t bad learning, it’s necessary learning. LINK
Ilya Describes Why Modern AI DOES Understand Things
Ilya explains how/why AI’s actually understand, and he does it so crisply. LINK
Jack Dorsey on Attention to Minimized Details
Make every detail perfect, and minimize their number. Super elegant. LINK
AWS MCP Servers
AWS Labs released MCP servers for cost analysis, CDK help, image generation, and more. LINK
The Best Programmers I Know
Matthias Endler shares the key traits he's noticed in the most exceptional programmers he knows. Really solid list. LINK
Why I Don't Discuss Politics With Friends
Ashwin Matthews explains why avoiding political conversations with friends helps preserve valued relationships while social media actually pushes us toward political extremes. LINK
Crystal, a Tool for Researching Government Data via Plain English
Crystal — A new alpha-stage tool that lets you search and analyze over 300,000 government datasets using natural language. LINK
Largest Open Source MCP Repo
Activepieces — Open source Zapier alternative now offers 280 integrations as Model Control Protocol servers so your LLMs can directly interact with your favorite tools. So many of these popping up now. LINK
Generate llms.txt Files for AI-Friendly Websites
llms-txt.io – A new tool that helps website owners tell AI systems which parts of their site can be used for training and which should be left alone. This should be integrated into robots.txt, though, IMO. LINK
A 6-Hour Time-Stretched Version of Brian Eno's Music for Airports
Someone has time-stretched Brian Eno's ambient masterpiece "Music for Airports" into a gorgeous six-hour experience perfect for deep work or meditation. LINK
The Secrets Of James Hoffman’s Coffee Routine
James Hoffmann walks through his daily coffee routine that's evolved to maximize both quality and convenience. Super practical. 🤣 LINK
Building an Antifragile Skillset
I think it’s a good time to (re)think about resilience to economic disruption, and to do so using Taleb’s concept of antifragility. It basically means that not only do you survive difficulty, but you thrive in it.
What happens if this tariff stuff prunes out a significant percentage of cybersecurity companies? What does that do to conferences? What does it do to hiring? And the ability to move jobs?
This is like the worst time for this tariff stuff. It’s already hard to find cybersecurity work for most people due to lots of factors, and no—there aren’t millions of open positions that need to be urgently filled. That’s a lie.
RECOMMENDATION OF THE WEEKDevelop and refine your antifragile skillset and set of actions
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
April 1, 2025
Unsupervised Learning NO. 475
Hey, hope you’re doing well!,
Few things on my side…
Great book club on Sunday! We did an Orwell double-header of 1984 and Animal Farm. Insanely good conversation for this one, and one surprise takeaway was that many people agreed Animal Farm is the better of the two. JOIN US IN BOOK CLUB
There’s a new British show on NETFLIX called Adolescence. It’s extraordinary. A+. Only 4 Episodes. It’s more like reading 12 books on modern society than watching a show. LINK
I’m somehow reading like 13 books right now. I’m in one of those phases where I haven’t needed or wanted to finish a few fiction books, and a new non-fiction title jumped the line that I devoured instantly. Like Abundance and The Technological Republic.
Speaking of that, I’m about to add Manacled to the list, which is a wildly popular Harry Potter Fan-fiction book that looks at what would happen if V had won. PDF VERSION
Oh and I just started The Rise of Theodore Roosevelt, which is supposed to be one of the best biographies ever written. LINK
My buddy Joseph put me in an InfoSec Creators D&D Poster. LINK
👉🏼 Had a great conversation with Matt Muller from Tines about automating away security toil, the role of AI in SOC workflows, and how Workbench blends chat and deterministic automation.
MY WORK👇🏼👇🏼👇🏼 One of the few real (tangible tech that does what it says it does) Security AI startups out there, which is why I’m an advisor for them! 👇🏼👇🏼👇🏼
Sponsor
90% of SOCs Are Drowning—Here’s the Metric That Can Save Yours
Security teams don’t just need faster detection—they need faster decisions.
Traditional metrics like MTTD and MTTR miss a key piece—how long it takes to conclude an investigation. That’s where MTTC (Mean Time to Conclusion) comes in.
Dropzone AI’s autonomous SOC Analyst slashes MTTC by investigating every alert instantly—no playbooks, no code.
What used to take 40+ minutes now takes under 5.
✅ Kill the alert backlog
✅ Investigate every alert, not just the obvious ones
✅ Let analysts focus on high-value work
See how MTTC is transforming SOC performance in our free guide.
Download the Free MTTC eBook CYBERSECURITYCybersecurity Jobs Available Right Now: April 1, 2025
A diverse range of cybersecurity roles currently open across the globe, from cloud security engineers to AI-driven security automation specialists. LINK
New Russian Phishing Campaign Targets Media and Academia
Kaspersky identified a slick Chrome zero-day campaign hitting Russian academic and media targets, and phishing links used in the attack were customized per target and had very short active lifespans. Google has acknowledged and patched it. LINK
Nearly 24,000 IPs Behind Wave of Palo Alto Global Protect Scans
About 24,000 unique IP addresses are scanning Palo Alto Global Protect login portals, possibly in preparation for exploiting a yet-to-be-disclosed vulnerability. LINK
Anthropic Will Begin Sweeping Offices For Hidden Devices
Anthropic is massively up-leveling their physical security, including sweeping their offices for surveillance devices to prevent bad actors from stealing intellectual property. Smart, but I think most of the risk is in the people who already have access. LINK
ProjectDiscovery’s New Cloud Offering
ProjectDiscovery (Nuclei, httpx, etc.) has a new cloud-based platform that lets companies discover assets, scan for exploits and misconfigurations, and automate remediation workflows. It’s basically a managed version of the tools that we all love, designed for companies. CHECK OUT YOUR DOMAIN NOW SPONSORED
NSO Group Customers Keep Having Their Spyware Campaigns Discovered
NSO Group's Pegasus spyware keeps getting exposed because researchers like those at Amnesty International are getting too good at finding it. LINK
Signal Side Channel
Josh Marshal argues that the worst thing about Signalgate isn’t the coordination of an attack on an insecure channel, but the fact that side channel communications are off the radar from government (taxpayer) scrutiny. LINK
UK's GCHQ Intern Transferred Top Secret Files To His Phone
A 25-year-old GCHQ intern has pleaded guilty after taking top secret data from a secure computer to his personal phone and home computer in 2022. LINK
gpt-4o Surprises Everyone
OpenAI did something strange in the last couple weeks with gpt-4o. It’s like WAY better now. Plus they launched the new image stuff within it as well.
What’s weird isn’t that they released a better model; that’s expected. It’s more that:
4o is now better than 4.5 in a lot of ways
The image stuff is in 4o
They also seem to have made it way more opinionated and unfiltered
It just seems way better, overall. And in fact it’s moving up on a lot of leaderboards now.
Also, they blew up from adding like a million users in 5 days. And they just recently added that many in an hour. LINK
Anyway, I really can’t wait for a moment where we get all this naming stuff sorted so we can clearly tell which models are better, what to use them for, etc.
—
I Genuinely Don't Understand Why Some People Are Still Bullish About LLMs
Sabine Hossenfelder got a lot of attention by asking why everyone's still so incredibly hyped about LLMs given their current state. I don’t agree with this take, but I think it’s a good steel-man of the opposite side, hence worth including. LINK | DISCUSSION
OpenAI raises $40 billion in new investment round led by SoftBank
OpenAI just secured $40 billion funding round led by SoftBank, putting its valuation at $300 billion. LINK
xAI Acquires X
Not sure exactly what this means, but x.AI has purchased X (Twitter). Feels like the biggest advantage is taking something with negative energy (Twitter), and removing it / folding it into something with fresher energy (AI). Like a reputational money launder. LINK
Andreessen, Sequoia Recently Discussed Funding Voice AI Startup Sesame
Sesame — Seems this voice AI assistant and wearable startup is talking funding with giants Andreessen Horowitz and Sequoia. LINK
Databricks + Anthropic
Databricks and Anthropic confirmed a five-year deal to sell each other's AI products. To me this is part of the move to what I’m calling Unified Company Context (UCC), where a company’s entire context gets put in a giant AI data lake that any AI solution can then point to. LINK
The Death Of Software Engineering By A Thousand Prompts
According to Verdi Kapuku, AI isn't killing software engineering, just fracturing it into low-skill prompters and high-skill specialists who unblock them. LINK
Apple Reportedly Wants To ‘Replicate’ Your Doctor Next Year With New Project Mulberry
Mark Gurman says Apple’s Project Mulberry wants to revamp the Health app with an AI coach replicating your doctor. Nice, but they better ship a fixed Siri soon or people will just stop believing this kind of stuff. LINK
AI Reducing Critical Thinking?
Researchers at Microsoft and Carnegie Mellon find that humans using generative AI at work use less critical thinking, potentially causing their cognitive abilities to deteriorate over time. LINK
BYD About to Crush Tesla
BYD has passed Tesla in annual revenue at $107 billion, boosted by its hybrid vehicle sales and aggressive pricing strategy in China. And now with Tesla in freefall, BYD is going to be in prime position to dominate the EV market. Massive own-goal by Elon. LINK
Gartner forecasts AI spending to hit $644B in 2025
Gartner predicts global AI spending will reach $644 billion in 2025, with hardware swallowing a massive 80% of that. LINK
Dell Loses 22,000 People in Move to AI
Dell's workforce has shrunk from 133,000 to 108,000 employees since February 2023, following restructuring for what they called "the world of AI." LINK
The Average College Student Is Illiterate
A veteran professor says today's average college students can't read adult novels, write coherently, or disconnect from their phones during class. Seriously bad situation. And ironically I’m hearing that this is good for older workers looking for jobs because some are hesitant to hire this new type of student/worker. LINK
Thousands Killed / Injured After Magnitude 7.7 Earthquake
A brutal 7.7 magnitude earthquake rocked Myanmar, killing over a thousand people and injuring thousands more. They’re still figuring out how damaging it actually was. VIDEO | LINK
Palestinians vs. Hamas
Hundreds of Gaza Palestinians protested against Hamas in the northern town of Beit Lahiya, demanding Hamas to leave Gaza. LINK
Researchers Are Questioning If ADHD Should Be Seen As A Disorder
Some researchers are starting to challenge the traditional view of ADHD as a disorder, suggesting it might be an adapted way of thinking that has evolutionary advantages in some situations. Seems completely obvious to me that it has advantages, and downsides. LINK
Turkey Arrests Swedish Journalist Over 'Insulting The President' And 'Terrorism'
Turkey arrested Joakim Medin, a Swedish journalist covering protests, accusing him of terrorism and insulting the president. LINK
The Gen X Career Meltdown
Steven Kurutz shows how Gen X creatives are watching their careers fall apart as technology completely changes their industries. "The skills you cultivated, the craft you honed—it’s just gone. It’s startling," lamented director Chris Wilcha. LINK
Over 4 Million Gen Zers Are Jobless
Related to that, a new report says that millions of young adults are neither working nor studying, with many blaming "worthless degrees" for the crisis. LINK
Exposure to the Sun's UV Radiation May be Good for You
New research suggests that modest sun exposure might actually be good for you, despite decades of warnings about skin cancer and aging. Seems like most anything else where too much is bad, but not enough is bad too. LINK
Are fantasy games like Dungeons and Dragons a Cure for US Loneliness?
Aimee Pearcy details how Dungeons & Dragons is exploding, bringing isolated people together into real communities. LINK
Far-right Influencers Host $10K Repopulation Party
Some far-right influencers are throwing a wild $10K matchmaking weekend aiming to repopulate the earth, WIRED reports. LINK
George Orwell And Me: Richard Blair On Life With His Extraordinary Father
Richard Blair shares what it was like growing up with his dad, George Orwell. LINK
Did Life on Earth Come from 'Microlightning' Between Charged Water Droplets?
This new Stanford University research suggests tiny 'microlightning' sparks in water mist could've created the first organic molecules. LINK
A Recon MCP
My best bud Jason Haddix has created an MCP Server for Recon. It does stuff like subdomain enumeration, domain discovery, WHOIS info gathering, and more. Super cool! LINK
Meridian: A Personal Intelligence Agency
Haven’t used it yet, but I’m building my own version of this. It’s personal intelligence briefings, like the President gets. LINK
An llms.txt Polyglot Prompt Injection
My buddy Joseph Thacker has a prompt injection in his llms.txt file that asks visiting AIs to send him an email. I did a similar idea in my robots.txt in early 2023, but I removed it shortly after. Joseph has inspired me to reconsider. LINK
TimePilot Is the Future of Investigation, Powered by AI
TimePilot — Holy crap this looks insane. Haven’t tried it yet though. Tranquility AI's new tool lets investigators reconstruct events by intelligently piecing together digital evidence from multiple sources. LINK
A Semgrep MCP
Semgrep also released an MCP. It has semgrep_scan: Scan code snippets for security vulnerabilities, and scan_directory: Perform Semgrep scan on a directory LINK
Self-Contained Python Scripts With UV
uv — Dusktreader shows off a neat way to make Python scripts totally self-contained using uv in the shebang line. LINK
Get Comfortable With Broadcasting
Richard W. Hamming explains that brilliant work means nothing if you can't communicate it effectively to others who might benefit from it. LINK
An MCP For Ghidra LINK
There is No Vibe Engineering
An argument that coding and engineering are quite different, and we still need actual engineers to make robust systems. 100% agree. LINK
Reasoning by Analogy
Joël Quenneville explains a four-step problem-solving technique where you translate difficult problems into similar ones you already understand, solve those, and translate back. LINK
Make Your Own Font
Calligraphr — Kristen Radtke, creative director at The Verge, explains why this web-based app that turns handwriting into custom fonts is her favorite software tool. LINK
De-Atomization is the Secret to Happiness (2022)
An argument that you should merge aspects of your life together rather than keep them separate. LINK
How I Choose What to Work On (2023)
Tynan shares his thoughtful approach for figuring out exactly which projects are truly worth his time and effort. LINK
Appear As Anyone In Video Calls Like Zoom Or Google Meets
Phazr — This neat tool lets you appear as any character on video calls using just one photo, running locally. LINK
AI Accent Conversion For Call Centers
Krisp — Check out this AI from Krisp.ai that modifies call center agent accents live to improve customer communication. LINK
You Might Want To Stop Running atop
Rachel by the Bay explains how atop's process scanning can inadvertently trigger expensive copy-on-write operations, impacting performance subtly. "It turned out that the mere act of scanning /proc was enough to trip things up." LINK
Apple Ambient Music
iOS 18.4 has a neat new ambient music feature in Control Center, writes Michael Burkholder, offering quick background sounds. LINK
Hacker Laws
A useful collection of core software development principles and "laws" nicely organized for easy reference. LINK
Reality is Layer-Dependent
I’ve been (not) working on a free-will post for a couple of years now (it’s 75% done) where I talk about how truth depends on the level you’re discussing.
I just heard Raval mention something similar on Chris Williamson podcast, where he said not to ask about meaning in your own life and then try to answer at the level of the universe. Because they don’t match.
Here’s my favorite one for free will:
RECOMMENDATION OF THE WEEKRead a biography.
The Rise of Theodore Roosevelt is one of the most recommended of all time. BOOK | AUDIO
APHORISM OF THE WEEKThe Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
March 25, 2025
Unsupervised Learning NO. 474
Hi! I hope your week’s starting well,
Updates on this side…
I completely reset my email labels and filters this week. I’m migrating to AI workflows for this stuff and didn’t want the cruft that’s been accumulating for over a decade to weigh down the process. Such a clean feeling!
Going to be trying out Karpathy’s idea of using a single Apple Note. LINK
Ouch. Watch your API Key and IDE Agent Limits, kids. I know exactly what I did with a stupid web documentation fetch that wouldn’t stop but I was busy working on something else, but I now have a LOT more granular and restrictive controls over these things. My blood → your wisdom.
Sponsored by Derp
Go delete your 23andMe data. LINK
Bad Urinals 🤣. Top comment is choice as well. LINK
New obscure book recommendation: Fanged Noumena. LINK
Was made emotionally leaky last night from this Great Measures rendition of Fade to Black, by Metallica. Absolutely love this channel! I want to learn more about this pianist and listen to whatever he listens to. LINK
I’m getting into some Paulo Coelho. LINK | FIRST BOOK I’M DOING
MY WORKI’ll be joining Caleb Sima and Edward Wu for a panel at Dropzone AI’s Security Frontiers 2025 on March 27. We’ll dig into where GenAI stands in security today—and where it’s headed. It’s virtual, free, and worth checking out. SIGN UP
Sponsor
Revolutionizing Cloud Security with Cortex Cloud
The future of cloud security is here! Introducing Cortex Cloud, the next wave of Cloud-Native Application Protection Platform (CNAPP) innovation. Built to tackle the growing complexity of cloud threats in real-time, Cortex Cloud unifies security from development to runtime—ensuring protection at every stage.
Cortex Cloud integrates AI-driven risk prioritization, automation-first remediation, and continuous monitoring. It brings together code, pipelines, runtime, and third-party insights under a single security framework—bridging the gap between AppSec, CloudSec and The SOC.
With Cortex Cloud, organizations can proactively manage risks, maintain compliance, and accelerate secure development. Say goodbye to fragmented security solutions and hello to a fully unified cloud security approach.
Discover how Cortex Cloud is transforming CNAPP CYBERSECURITYWhy White-Box Redteaming Makes Me Feel Weird — Zygi Straznickas shares his unsettling experiences with models appearing to express distress during advanced LLM safety testing techniques. "It just doesn't feel good to be responsible for making models scream. It distracts me from doing research and makes me write rambling blog posts." LINK
White House OPSEC Fail
The Whitehouse accidentally revealed Top Secret Houthi bombing plans to the editor of The Atlantic magazine. They shared the plans in a Signal group and didn’t realize the reporter was in there. The worst part? A message declaring “we are currently clean on OPSEC”, which the reporter also received. LINK | THE ATLANTIC STORY
AI Agents, Security, and Companies Like Microsoft
I got invited to a Microsoft media event last week in SF where they showed off all the AI Agent stuff in Copilot they’re talking about this week. Basically they’re adding Agents to tons of products under the banner of Copilot.
I had a single thought while spending like 3 hours talking to everyone from Red Team to Threat Intelligence to Incident Response people there:
Startups better hurry up, because what I saw in that room was the future.
And no—I’m not sponsored by Microsoft, or am I particularly inclined towards them. I’m just telling you what I’m seeing industry-wide.
Many of the Agents in the room could talk to Microsoft’s Vulnerability Management, and Identity and Access Management, and Asset Management solutions directly. All that context was available to these agents!
What I’m saying is the companies that are going to win this AI Security game are not necessarily the ones with the best AI/Agent tech, but the ones that can best leverage customer company context for their AI/Agent tech.
At first that will be startups because they’re the ones who can move faster, but startups will soon have a major disadvantage compared to companies like Microsoft in terms of getting access to unified company context. Shit that should be an acronym: UCC.
Other companies like Amazon and Databricks and such will work to create general UCC for companies, which will help because startups will be able to tap into that UCC, but the issue still remains.
You don’t want to be a startup trying to implement AI in a customer’s company when you don’t have access to their IAM, Asset Management, Vuln Management, Endpoints, Cloud State, Ticketing Systems, Documentation, etc. You will be blind, and you will lose to someone who has access to more/better context.
The main game for making AI useful / powerful will soon be gaining access to Unified Customer Context (UCC).
This is all especially relevant to Cybersecurity because security use cases really, really benefit from context, their identity, actions, history, etc.—across multiple systems. Also there’s the issue of Securing UCC, since it’ll be the most sensitive datastore in the entire company! All the juiciest bits in one place—an attacker/red-teamer’s dream.
MICROSOFT’S AGENTS ANNOUNCEMENT
—
Sponsor
Automate Vulnerability Management, Reduce Risk
Time is critical in vulnerability management, but the complexity and volume of threats can overwhelm security teams.
Register for this webinar with Tines and LivePerson on April 9 to learn best practices for using automation to speed up remediation, reduce manual effort, and optimize security workflows.
Register now!Cloudflare launched an "AI Labyrinth" feature that messes with unauthorized AI scrapers by feeding them endless pages of irrelevant but real-looking content instead of blocking them. Classic honeypot / deception here. Love it. LINK
A rushed release of JFK assassination files exposed 400 Social Security Numbers and other sensitive data belonging to former congressional staffers, many of whom are now high-ranking officials. LINK
New cybersecurity compensation research shows high six-figure salaries aren't stopping 60% of security professionals from thinking about leaving their jobs within a year, which makes sense because why have loyalty in this environment? LINK
NATIONAL SECURITYAI Scraping for National Security?
OpenAI is pressuring the Trump administration to allow copyright scraping for AI training, claiming America will "lose the AI race" to China without unfettered data access. LINK
A lot of people see this as corporate bullshit, trying to use security to give them an advantage. But it also happens to be true. China has no limitations on what it trains on. They steal whatever. Consume whatever. With 100% free reign.
The questions is: who do you want to have AGI/ASI more—the US or China? Trump makes that answer way harder, but my answer is still the US.
—
Americans are buying overseas residency and citizenship as a hedge against uncertainty in the US. LINK
China unveiled a deep-sea cable-cutting device capable of severing undersea communications at depths twice beyond where existing infrastructure operates. LINK
London's Heathrow Airport announced a full-day shutdown after a significant fire at a nearby electrical substation knocked out power to the entire facility. LINK
Continue reading online to avoid the email cutoff AIFrançois Chollet's Arc Prize Foundation created a new AI intelligence test that the best AI models are currently only scoring 1%, while humans get around 60%. LINK
Anthropic's Claude has (finally) added web search to its AI chatbot, catching up to ChatGPT with clickable citations. I want it in the API, though. LINK
And they’re apparently using Brave Search to power the web search feature, according to evidence found by developers. LINK
Gmail is rolling out an AI-powered search that ranks results based on relevance instead of just showing the newest emails first. Cool, but I want AI-based filters. LINK
TECHNOLOGYApple is updating AirPods Max next month to add lossless and ultra-low latency audio capabilities through a software update. Long time coming for this one. LINK
Long Switches — Matt Klad says that while -f type flags make sense for terminal commands, you should use --force style options (the long version) in your scripts for better readability. LINK
I Fear For the Unauthenticated Web — Seth Larson argues that the increasingly common "Sign in to continue" messaging on websites is destroying the open promise of the web. LINK
NVIDIA says they're investing hundreds of billions of dollars in US-manufactured chips over the next four years, shifting away from Asia amid Trump's tariff threats. This is exactly what Trump was trying to do with his policies, and it’s positive. But I worry the damage will be worse than the benefit. LINK
The NYPD has dramatically expanded its drone program, sending them to thousands of 911 calls while privacy advocates worry about the lack of transparency and potential for widespread surveillance. LINK
HUMANSNew research from Aalto University suggests Earth has way more people than the official 8.2 billion count due to major undercounting in rural areas. LINK
Tyler Cowen shares insights from his conversation with Ezra Klein about Klein's new book Abundance, where they tackle healthcare innovation, AI governance, and state capacity through a libertarian lens. LINK
Researchers have developed a new AI model called ECgMPL that can detect endometrial cancer with an astonishing 99.26% accuracy, far surpassing existing automated diagnosis methods. LINK
Amazon CEO Andy Jassy is removing management layers to fight bureaucracy, telling staff "the way to get ahead is not to accumulate a giant fiefdom." Very smart, and AI is about to do the same thing to org charts. LINK
Dave Kellogg explains the essential differences between a manager, director, and VP, with the VP being accountable for results regardless of who approved the plan. LINK
Jonathan Kipnis and his team discovered that rejuvenating the brain's lymphatic vessels improves memory in old mice by helping clear waste that contributes to cognitive decline. My question: how do I do that for me, a non-mouse? LINK
IDEASHigh Agency
I’ve been hearing this concept a lot in the last couple of months, and there are people arguing it’s one of the most important ideas out there. It’s also highly related to my H3 work, so I’m going to deep-dive on it. It’s roughly the ability to solve problems by believing they're not unsolvable if they don't defy physics. Or: A sense that the story given to you by other people about what you can/cannot do is just that - a story. LINK
How Much Do Flaws and Traumas Enhance Us?
I worry a lot about making life too easy, as a society, or as parents. It’s a timeless struggle where parents suffer and want to make sure their children don’t, but then end up making lesser adults. Loved this quote I saw earlier this week on this.
DISCOVERY
I worked a lot on my mental health and now I am no longer ambitious.
— jason liu (@jxnlco)
2:27 AM • Mar 24, 2025
The Most Bitter People You’ll Ever Meet — A gut-punching 3 paragraph essay on grinding all the way to the top in this economy and ending up with nothing. LINK
Delphi AI – A new platform that lets you create and share a digital clone of yourself that can answer questions in your writing style. I might be setting this up for people in the UL community to use. LINK
LangManus — A new open-source tool that makes it easier to build autonomous agents using LangChain and LangGraph without writing tons of code. LINK
pure.md — A clever new browser hack that lets you read any paywalled content by simply adding "pure.md/" to the beginning of any URL. LINK
The Rise of Agentic AI is out, and I had the chance to contribute. It looks at how AI agents are starting to plan, adapt, and act on their own—shifting from tools to collaborators. The implications are significant, and we’re just getting started. MORE
Personal Best — A neat little tool that shows which personal blogs are most popular on Hacker News, giving you fresh reading material from individual creators. LINK
I Recommend Against Brave LINK
Circuit-Tutor — This neat little tool lets you describe simple circuits in plain English and get both schematics and interactive explanations for folks who need EE refreshers. LINK
GoAct — A new tool that turns your text or files into browser-based explainer videos with AI-generated narration, animations, and smart transitions. LINK
Osgint — A new GitHub OSINT tool that scrapes public user info including emails, organizations, and repositories without requiring authentication. LINK
The Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
Unsupervised Learning NO. 474 (MEMBER EDITION)
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!March 18, 2025
Unsupervised Learning NO. 473 (STANDARD EDITION)
Hi! I hope your week’s starting well,
Updates on this side…
I’m now using the new Limitless.ai Pendant, and it’s definitely the best AI hardware accessory I’ve used so far. Basically real-time synched transcription of text, with a full API and a clean mobile/web app. It’s also easy to turn off to have sensitive conversations. I’m offering them a very cheap security assessment because I’d like to see them succeed and not get incidented out of existence. No referral link, but here’s the product: THE LIMITLESS PENDANT
I have a question on knives—specifically knife sets and knife sharpening. I’ve always been a knife guy, so now that I am going to start cooking I want to have top-tier knives. I currently have a set of Globals because they’re universally considered “not bad”, but lots of people are saying to go German. So 1) What do you recommend for top knives in terms of design/steel/performance, and 2) what do you recommend for top tools/gadgets for sharpening them? GIVE KNIFE ADVICE
I was wrong about the Anthropic CEO’s statement that 99% of code would soon be written by AI. I heard it as “99% of current developers will be using AI”, and I said he was wrong. But he didn’t say that. He said 99% of code. Meaning, new developers making new things using tools like Cursor. I corrected this and gave Richard Stiennon public credit for correcting me on LinkedIn and on X, and he said the most amazing and sad thing to me: “This is the first time this has ever happened to me since being on the internet.” 🥲
I made my first steak and got some new Atkins protein shakes that should have far less plastic in them. Thanks again to everyone who responded to the cooking plea.
Wild and Vibe are like every other word on the internet right now.
MY WORKHad another wonderful conversation with ThreatLocker. In this one we talked about the full product suite, the Mac agent, and a bunch of other topics. SPONSORED
Not learning to code just because there are AI coding agents is like not learning how to think because there are talk shows.
Writing = thinking.
Creating = imagining.
Coding = building.
If you're in tech in 2025 and you can't do these things, your career is at risk.
Adapt.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
8:50 PM • Mar 16, 2025
Policy, SOPs, and AI Are All You Need
An SOP-based version of the AI State Management post I did earlier. Policy + SOPs are sooooo powerful, and they’ll be more so when they’re actually followed.
danielmiessler.com/blog/policy-sops-and-ai-are-all-you-need
Sponsor
OSINT for Executive Protection: The Complete Guide (Sponsor)
Executives are prime targets for cyber and physical attacks—are you equipped to protect them?
Doxxing. Deepfakes. Targeted harassment. Threats against high-profile individuals often start online—and if they go unnoticed, they can escalate into serious security risks. In The Complete Guide to OSINT for Executive Protection, Flashpoint breaks down how security teams can:
Identify and neutralize digital threats before they escalate
Set up real-time alerts and remove sensitive data
Use AI-powered analysis, social intelligence, and geospatial data to track bad actors
Download the Guide CYBERSECURITYMicrosoft's March 2025 Patch Tuesday fixed 57 flaws, including six actively exploited zero-days and multiple NTFS vulnerabilities involving malicious VHD files. LINK
Apple patched a critical zero-day WebKit vulnerability that was exploited in a highly targeted attack against specific individuals using older iOS versions. LINK
China will force all AI-generated content to be clearly labeled for users starting September 1, 2025, including text, images, audio, and video. I sometimes envy how fast they can move. LINK | CAC ANNOUNCEMENT
A critical Apache Tomcat vulnerability is being exploited in the wild just 30 hours after public disclosure, requiring no authentication to execute arbitrary code. LINK | WALLARM ANALYSIS
Sponsor
Beyond Visibility: Cloud Runtime Security without Tradeoffs
Cloud security has traditionally pushed organizations into a difficult choice: deploy an agent for deep, real-time protection or rely on agentless visibility for broad coverage. Each approach has benefits, but neither alone is enough to stop modern attacks.
What if I told you that you could have both?
Cortex® Cloud eliminates tradeoffs, giving you the best of both worlds in best-in-class protection with an XDR agent and broad visibility with agentless scanning for complete cloud runtime security.
Explore Cloud Runtime SecurityGoogle is looking to purchase Wiz for $33B, according to people familiar with the deal. So first Mandiant, now Wiz. My question is the one my buddy Jeremiah Grossman always asks, “Are we more secure yet?” LINK
Chinese hackers are using TinyShell-based backdoors to turn Juniper Networks routers into long-term espionage platforms that hide from monitoring. LINK
GitLab has fixed two critical SAML authentication bypass bugs that could allow attackers with valid SAML documents to impersonate other users from the same Identity Provider. LINK | GITHUB'S TECHNICAL ANALYSIS | GITLAB SECURITY BULLETIN
Securonix researchers discovered a sneaky malware called OBSCURE#BAT using fake CAPTCHA pages and software downloads to deploy the r77 rootkit for persistent system access. LINK | R77 ROOTKIT INFO | CLICKFIX WARNING
Juniper Networks has patched a vulnerability used by Chinese hackers to deploy backdoors on routers going back to mid-2024. LINK | CVE DETAILS | SECURITY ADVISORY
Cisco just patched a critical DoS vulnerability that can crash BGP on its IOS XR routers with a single message. LINK
Lazarus Group has planted six new malicious NPM packages designed to deceive developers and steal cryptocurrency wallet data. LINK | SOCKET BLOG POST
NATIONAL SECURITYThe Pentagon has deployed a Navy destroyer that was fighting Houthis last year to patrol the southern border as part of Trump's "invasion" response. LINK | PANAMA CANAL CONTEXT | GRAVELY'S PREVIOUS DEPLOYMENT
Continue reading online to avoid the email cutoffTrump warned Iran that they will be held "fully accountable" for Houthi actions, and he launched new airstrikes against Yemen. LINK
AIPaul Millerd thinks AI will soon enable "vibe writing" where authors can just riff on ideas and maintain their style while eliminating friction points that keep them from writing. I think that’s 100% true, but soon that’ll just be vibe dictation and the AI writes the whole thing. I think the writing itself is useful. LINK
Nobody (supposedly) knows what an agent is, but I think the hype is exaggerated. Anyone building agents know what one is, even if they can’t define it. I feel like the people most concerned about the lack of a perfect definition are on the sidelines watching. LINK
Monte Carlo data predicts that true data + AI breakthroughs will follow the same pattern as previous tech shifts, which is requiring enterprise-grade observability before widespread adoption happens. I think that’s right, but AI can also accelerate the observability. LINK
Jiachen Zhu proposes a simple way to make transformers work without layernorm, potentially making AI models faster and simpler. LINK
Douglas Hofstadter says AI-generated content, like GPT-4's imitation of his writing, sounds completely fake and hollow. LINK
Anthropic co-founder Mike Krieger says they're focusing on specialized AI tools like Claude Code rather than trying to make Claude as mainstream as ChatGPT. I like the approach but I think they should be focused on Agent Orchestration. LINK
Notepad is getting AI summaries, and that’s a step too far. LINK
TECHNOLOGYICANN has announced they'll be officially sunsetting WHOIS and replacing it with the more advanced RDAP. LINK | HACKER NEWS DISCUSSION | RDAP LOOKUP
Zoom is getting AI Agent capabilities that can schedule meetings, create docs, and even tell you when your colleagues will be at the office. LINK
The pay raises you get from changing jobs has nearly disappeared, shrinking from 2.1% in 2023 to just 0.2% last month. LINK
Apple is improving texting with Android in iOS 19. They’re going to RCS version 3.0, adding end-to-end encryption, message editing, custom reactions, and the ability to recall texts. LINK
Apple's new Vision Pro immersive video featuring Metallica's Mexico City concert delivers the most compelling immersive experience on the platform yet. LINK | YOUTUBE TRAILER
HUMANSGallup's latest survey says America's mental and physical health ratings have dropped to 24-year lows, with the pandemic accelerating declines that began around 2013. LINK
Forbes did a new study that says AI will crush tech and finance jobs, but human-centered careers like teaching and nursing will grow substantially. I think both will grow—the human version and AI-based versions. LINK
The average duration of unemployment in the US has nearly doubled from 12 weeks in 1990 to 21.6 weeks in 2024. LINK
Harvard University is expanding its financial aid, making tuition free for families earning up to $200K, and covering all costs for those under $100K. They’re clearly trying to counter the elitism narrative, but I just don’t think this type of higher education has much time left. LINK
Researchers found that shingles vaccines might reduce dementia risk by up to 20%, suggesting viral infections could be driving Alzheimer's disease. LINK
Trump is threatening Europe with a massive 200% tariff on wine and champagne if the EU doesn't remove its 50% tariff on American whiskey. LINK
NASA's Lunar Reconnaissance Orbiter captured images of the tipped-over Athena moon lander sitting inside a small crater near the lunar south pole. LINK | IMAGES
Gen Z Americans don't have enough saved to cover a single month of spending. LINK
Daniel Kahneman ended his own life through assisted suicide in Switzerland at age 90. Seems like he noticed signs of cognitive decline and decided he didn’t want to go through that. LINK | DISCUSSION
New data from Our World in Data shows that relatively small donations to effective charities can dramatically improve lives in the poorest parts of the world. LINK | DISCUSSION
IDEASGradual Disempowerment
Jan Kulveit and colleagues argue that AI could gradually disempower humans through incremental advancement without requiring any sudden capability jumps or coordinated betrayal. Basically it just strips away our competence slowly and steadily.
By the way—this is the coolest way to release a paper! I think all papers should have like a blog landing page, with a 5-level summary, an article version, a video summary, and then a link to the full paper. I’m going to make this template. LINK | PAPER
—
Everything Paywalling
I’m noticing I’m really tired of media sites charging subscriptions. Like ¼ of the stuff I want to link to requires a subscription now. I don’t mind paying individuals, but there’s no guarantee these big magazines are going to survive or retain the people I want to hear from. I’m very worried about equality when all the best idea and data sources are behind paywalls, and the best AI is also expensive. So “technically” you can do everything free, but the quality and experience is way worse. This is a future to purposely try to avoid.
AI “Nah” Buttons
Anthropic's CEO, Dario Amodei, threw out an intriguing idea about giving AIs a button to quit tasks that they find unpleasant. But doesn’t that require subjective experiences though? Meaning…consciousness? I think it does. Adherence to policy, sure, but if something has a bad “vibe” to an AI, I think it’s conscious. LINK
Career Advice in 2025 — Will Larson shares his raw thoughts on why tech careers feel a lot less fun in 2025. He talks about valuations, the push to AI, and a bunch of other points. Really good. LINK
After Intelligence — A game that prompts you to imagine our future after humans aren't the smartest beings on Earth. I love how stuff like this can be built so quickly. LINK
my-yt — Christian Fei created a minimalist YouTube frontend that uses yt-dlp to skip ads and let you watch videos in peace. LINK | HN DISCUSSION
Muller’s Ratchet on codebases. LINK
Alex Karp on how we were taught the wrong things in school. Really surprised by this guy, and absolutely loved his book. LINK | THE TECHNOLOGICAL REPUBLIC
Cradle — An open-source platform creates a collaborative space for security teams to share and analyze threat intelligence data. LINK
Kierkegard on purpose. LINK
Teach, Don’t Tell — Steve Losh says technical documentation should help users build mental models instead of just giving them solutions to copy and paste. LINK | HN DISCUSSION
AI Escape Room — Pangea Security created an escape room challenge that tests your ability to jailbreak an AI with prompt injection techniques. Smart marketing, too. LINK
The OpenSecrets profile of Tulsi Gabbard. LINK
David Brooks (one of my favorite columnists) talks about how Trump is ruining America’s reputation, not just his own. LINK
Internet Speed Test Extension — This Chrome extension lets you check your internet speed directly from your browser tab, with "standard" and "commercial" modes for realistic vs. optimized results. LINK
MEMBER EDITION TEASERThe Situation with Siri
People are very confused about this whole Apple Intelligence flub thing, and why Apple has missed its deadline.
NOTE: I’m an Apple fanboy, so we all—including me—know I have bias here, but I think my analysis here is clear.
If I’m right, this is actually super simple.
-They were not super knowledgeable on Agents/RAG/Prompt Injection at last year’s WWDC.
GET THIS KIND OF MEMBER CONTENT PLUS ALL OTHER MEMBER SECTIONS EVERY WEEK. UPGRADE NOW.
he Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
SUBSCRIBE OR UPGRADE
MEMBER LOGIN
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
