Daniel Miessler's Blog, page 3
March 18, 2025
Unsupervised Learning NO. 473 (MEMBER EDITION)
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
March 11, 2025
Unsupervised Learning NO. 472
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
March 4, 2025
Unsupervised Learning NO. 471
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
February 26, 2025
Unsupervised Learning NO. 470 (MEMBER EDITION)
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
Unsupervised Learning NO. 470 (STANDARD EDITION)
Hey, hope your week’s going well,
Updates on my side…
Reading a couple new books in addition to this month’s book club books. MONEY, LIES, and GOD | THE TECHNICAL REPUBLIC
I’ve got a friend in Guatemala who was recently laid off. He’s a Senior Engineer focused around monitoring solutions, but can pretty much do anything. HIS LINKEDIN
My friend Monica is offering 25% off on her Security Leadership Masterclass, which I consulted on and think is great for people trying to get into leadership. CLASS LINK | HER NEWSLETTER
🤣 How to calm down a buddy who loses a bunch in crypto. LINK
My LinkedIn post about my Ultimate App (TM) I keep iterating on. LINK
I’d subscribe to a newsletter that was just my DISCOVERY section. My new sources and parsing have seriously upgraded it. So happy with this.
MY WORK👀 Highly-recommended successor to my SPQA article from 2023. This is basically the final form (not counting ASI) of what to actually do with this stuff.
AI's Final Form is Managing the Transition From Current to Desired State
The universal human problem is the difference between the world we live in and the world we wish we did…
danielmiessler.com/blog/ai-state-management
Sponsor
Go on Offense with Real-Time Security from Code to Cloud to SOC
Cloud threats are evolving fast. With the majority of security exposures occurring in the cloud and attacks surging, traditional security models just can’t keep up.
Introducing Cortex Cloud, which brings together best-in-class CDR with the next version of Prisma Cloud's leading CNAPP for real-time cloud security. Built on Cortex, organizations can seamlessly adopt natively integrated capabilities as part of the world’s most complete enterprise-to-cloud SecOps platform.
Security teams gain a context-driven defense that delivers real-time cloud security – continuous protection from code to cloud to SOC.
Don’t wait days to resolve security incidents while attackers move in minutes. Stop attacks with real-time cloud security.
Experience Real-Time Cloud Security CYBERSECURITYA phenomenal analysis of the cybersecurity market in 2024 from my buddy Mike Privette at Return on Security. I call him the Nate Silver of Cybersecurity Market Analysis. He says cyber investments are getting back to something like normal with over $14B in funding, but with AI and private equity playing much bigger roles than before. LINK
- Total funding: $14B across 621 rounds in 112 product categories
- M&A: 271 transactions worth $45.7B across 59 product categories
- US still dominated with $10.9B (83% of global funding)
A massive leak of Black Basta ransomware gang's internal chats has researchers working to translate and analyze over 500K Russian messages. LINK
Russian hackers are successfully compromising encrypted Signal messages from Ukrainian military by tricking them into scanning malicious QR codes. LINK
Apple dropped Advanced Data Protection in the UK after the government demanded access to encrypted user backups. The UK seems to be committed to being horrible right now. What does this actually do for people? Also I like the way Apple handled it. No, you can’t have a backdoor. LINK
You can trick ChatGPT's Operator feature into leaking private user data through prompt injection. LINK
Australia is joining the US in banning Kaspersky products from government systems due to concerns about foreign interference and data collection. What took them so long? LINK
Some researchers found they could consistently break prompt defenses by feeding models bizarre Indiana Jones-themed adventure stories. LINK | CMU RESEARCH PAPER
A new phishing-as-a-service platform called Darcula v3 has emerged that lets criminals clone any brand's website in under 10 minutes. LINK
A data leak from TopSec, a Chinese cybersecurity company, reveals they're offering censorship-as-a-service to help monitor and control public opinion in China. LINK
OpenAI just banned a bunch of accounts using ChatGPT to help create a Chinese surveillance tool for tracking anti-China protests in the West. LINK
NATIONAL SECURITYThe head of Australia's intelligence agency is saying multiple foreign states have been plotting to murder dissidents on Australian soil. LINK
Continue reading online to avoid the email cutoff AI🤩 Anthropic finally dropped their latest model, and it was a 2 point dot release of Sonnet. So it’s Sonnet 3.7.
The benchmark’s look completely insane, but you can’t really go by those. The question is what most AI builders are actually using. Even today—after many releases beyond Sonnet 3.5, the go-to for most is still Sonnet 3.5. So it’ll be interesting to see if the people who know stay locked on Sonnet with 3.7, or if something dethrones it.
I have been mostly using Sonnet 3.5 (it’s my default in Fabric)
I’ve now migrated to 3.7 with all my main tools
I sometimes using Gemini Flash for the 2 million tokens
The other thing being talked about with this release is Claude Code, which is a CLI-based coding agent. Basically does the same as Cursor or Cline or whatever, but all in the terminal. LINK
Google is getting rid of SMS 2FA codes for Gmail in favor of QR codes, to cut down on fraud and scams. LINK
Nathan Young wrote a wonderful letter to future artificial general intelligence about the importance of consciousness and the hope that AIs will understand and seek to develop it. LINK
Humane's AI Pin fell from the sky and hit the ground. Sad. I was signed up. These kinds of failures will also affect the ability for new companies to build this kind of hype, which I guess is a good thing. LINK
Elon has been talking non-stop about how Grok3 isn’t filtered, and it’s super smart, and how xAI’s mission is to pursue truth no matter what. Great goals, which I support him on. But tons of people are pointing out that he’s starting to filter/censor results that are critical of him. He can’t have it both ways. Either Grok3 is smart or he’s being called out for good reason. LINK
TECHNOLOGYSoftware engineering job listings have fallen to a five-year low, with Indeed postings at just 65% of January 2020 levels—which is worse than any other tech-adjacent field. LINK
An interesting analysis of how PMs and Engineers are merging because of AI. This shouldn’t be surprising since the primitives here are 1) knowing what you want to build, 2) knowing why you want to build that vs. something else, and 3) pursuing that. LINK
Apple is putting half a trillion dollars into US tech manufacturing, with a huge focus on AI and chip production. LINK
Meta's Ray-Ban smart glasses are quietly crushing it with 2 million units sold, and they're making 10M per year by 2026. LINK
YouTube has officially beaten Spotify and Apple as the top source for podcasts. They now have over 1 billion people watching podcasts every month. LINK
Superhuman just announced a major AI-focused release that integrates AI super deeply into your email workflows. I got invited to early version, and it’s super sick. It auto-labels your emails to help with inbox spam. Also, it does AUTO DRAFTS! And AUTO FOLLOW-UPS. So if I asked someone for something, it’ll write a follow-up email and put it drafts for me to review and send! LINK
Alibaba's CEO Eddie Wu said they’re going all-in on AGI development as their primary focus. LINK
HUMANSNew research says despite saying intelligence matters more, both women and their parents overwhelmingly choose the more attractive guy when forced to pick. LINK
Tech executives are now attending "psychedelic slumber parties" where they use ketamine therapy to reset their minds and escape mental ruts LINK
Gallup says LGBTQ+ identification in the U.S. is now 9.3%, which is nearly triple what it was in 2012 when they started tracking it. LINK
Elon's now asking federal workers to list what they did last week or get fired, which—like many things with him—has me cheering and wincing. I love the efficiency push, and I think it’s how he’s able to innovate. But there’s such a thing as going too far. Especially when you’re not building net-new and instead possibly disrupting services that people need. LINK
The Bureau of Prisons is moving forward with plans to house trans inmates based on birth sex rather than gender identity. LINK
A heart doctor explains how swollen fingertips, leg edema, and changes in eye color can predict an impending heart attack. But my cardiologist buddy Jonathan says it’s important to know that just because you don’t have these signs, doesn’t mean you’re ok. LINK
A 27-year-old woman's viral post about "girlhood FOMO" reveals a widespread loneliness crisis among women in their 20s and 30s who feel they're missing out on close female friendships. LINK
Taylor Swift lost 144K Instagram followers after getting booed at the Super Bowl, while her boyfriend Travis Kelce actually gained followers. Someone show me the Algebra on that. LINK
A look at Edward Abbey's raw, honest writings about how to live fully and die on your own terms. LINK
A neuroscientist argues that extremely high IQs (like 160+) are basically fictional, and even Einstein probably scored around 120-130. This is interesting because I’ve thought a lot about this over the years, and the idea that over like 120 the benefits start to significantly reduce. It starts to become way more about the combination of that intelligence with drive, creativity, and most importantly—curiosity. That’s my view, anyway. And this guy’s analysis seems to rhyme, especially his last paragraph. LINK
A NASA-contracted lunar lander just beamed back some gorgeous shots of the Moon as it enters orbit for next week's landing attempt. LINK
Upgrade to the Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
MEMBER EDITION TEASERThis week’s DISCOVERY section has some absolute gems. Here’s a teaser to peak your curiosity.
Powered by beehiiv
February 18, 2025
Unsupervised Learning NO. 469 (STANDARD EDITION)
Hey, happy Tuesday,
A few updates…
Currently reading Consider Phlebas and starting to really get into it. Here’s how o3 teased it. LINK | O3 TEASER
Wrote a couple new pieces on AGI. | FUNCTIONAL VS. TECHNICAL AGI | WE HAVE ENOUGH AI FOR AGI
Wrote a post on my politics and how I decide who to support and not support. Have wanted to do this for over 10 years. | HOW I THINK ABOUT POLITICS
📺 Harmonic Sponsored Interview
In an earlier newsletter, we shared the wrong link for this conversation—argghhh! If you haven’t checked it out yet, I had a great discussion with Alastair Paterson, CEO of Harmonic Security, about Zero-Touch Data Protection, the risks of shadow AI, and how enterprises can safely adopt AI. Definitely worth a listen! WATCH | HARMONIC.SECURITY
I’ve been doing massive updates to my ingestion pipelines, so you should be seeing more/better content in the newsletter / podcast in coming days, weeks, months!
🔥 The DISCOVERY section is absolute fire this week as a result of these upgrades.
This is the STANDARD Edition. To get the MEMBER Edition, you can sign up here. LINK
Sponsor
Cut Alert Investigation Time from 40 Minutes to Under 5
Your SOC is overloaded. Alerts keep piling up, and manual triage is too slow—leading to missed threats and longer response times. Dropzone AI’s AI SOC Analyst autonomously investigates every alert, cutting triage time from 40 minutes to under 5.
No playbooks, no coding—just faster, more accurate decisions.
Schedule a demo and see how top SOCs stay ahead👆🏼Seriously impressive tech. So much so that I am an advisor for them now.👆🏼
CYBERSECURITYReversingLabs found malicious ML models on Hugging Face that can actually execute code on your system. That’s on local models, mind you. They figured out that broken files don’t get scanned, and they were able to create PoCs as well. LINK
- The models contained reverse shell code that connects to a hardcoded IP address
- The attack works by abusing Pickle file serialization, a known unsafe data format used in Tensorflow models
- Basically, broken Pickle files can still execute malicious code before failing
- Hugging Face removed the malicious models within 24 hours after being notified
- IOCs include repositories glockr1/ballr7 and who-r-u0000/0000000000000000000000000000000000000
- Connected IP address: 107.173.7.141
Recorded Future’s Insikt group says Salt Typhoon hackers are still breaching US telecoms by exploiting unpatched Cisco routers, and they’ve now hit several additional telcom providers. LINK | REPORT
Microsoft says that Russia's Sandworm group (which they call "Seashell Blizzard") has broken from being purely Ukraine focused, and is now hitting targets in the US, UK, and other Western countries. LINK
The UK is trying to get Apple to provide a backdoor into its iCloud encryption. How do they not get how bad this is? When you create a backdoor for lawyers, it’s a backdoor for governments and attackers as well. It’s a defense that’s designed to be absolute. Absolutely infuriating. LINK
💡 I used to be quite torn on the whole filter vs. end-to-end encryption thing.
When you do end-to-end encryption it’s really hard to do content filtering. So you’re basically giving the green light to all sorts of shadiness, including terrorism, CSAM, etc. But when you leave an opening in encryption for one group, it’s basically there for everyone—because security is hard.
This is no longer academic; we’ve seen it proven out countless times. So I support Apple’s “nope, not for anyone, even us” position on this.
Chainalysis says crypto scammers are making a ton of money using pig butchering attacks, and they’re using AI and stolen data to do it at scale. Pig Butchering is up 40% YOY. LINK | REPORT
The new DOGE website accidentally published classified NRO intelligence data, which included details on the department’s headcount and budget information, a SpaceX contract, and a bunch of other sensitive data. The content was listed as NOFORN, which means no foreign nationals. LINK | LINK
Fortinet disclosed another authentication zero-day that attackers are using to take over firewalls and pivot into networks. Patch immediately or disable the HTTPS interface if you can. LINK
The US announced new sanctions against Russian ransomware infrastructure and operators. They also arrested two Russians who targeted hospitals and schools with Phobos ransomware. LINK
Some security researchers found a sick way to extract any YouTube user's personal email address. They did it by chaining together vulnerabilities in YouTube's live chat and Google's Pixel Recorder app. They got a $10K payout for it. LINK
A new report from Harmonic (a previous sponsor, btw) shows that 8.5% of employee prompts to AI services contain sensitive data, with customer information making up almost half of these leaks. LINK
A security engineer at Vidoc Security Lab encountered two different job applicants using AI-generated faces and voices—likely part of North Korea's campaign to steal IP from tech companies. LINK
Google's threat intel team is arguing that we can no longer separate cybercrime from nation-state attacks since they're using the same people, tools, and methods—and causing similar damage. Pretty compelling argument, and the concept goes all the way back to 1986 when the KGB hired a German hacker named Markus Hess. LINK | CUCKOOS EGG
Google DeepMind's AI security team (I’d have killed for this job 10 years ago) published details on how they're testing and defending against prompt injection that could trick AI systems into leaking sensitive data. LINK | DIAGRAM
- Their framework focuses on a specific risk scenario where an attacker tries to get an AI to leak sensitive info like passport or SSN data via malicious email content
- They built three automated attack methods to test AI defenses:
- Actor Critic: Uses an attack model to iteratively refine injection attempts
- Beam Search: Adds random tokens to basic prompts to evade detection
- Tree of Attacks w/ Pruning: Generates prompts that violate safety policies
- The team emphasizes there's no single solution - defense requires multiple layers
- Success requires the attack to work across many different conversation contexts, making it harder than simple misalignment exploits
💡 I absolutely love when the Google security team(s) share their approach to things. 1) They think deeply about things, and 2) they build solutions that scale.
Doesn’t mean smaller teams can always replicate exactly what they do, but you can always get something out of it.
NATIONAL SECURITYA new Recorded Future report suggests that while a Chinese invasion of Taiwan is unlikely before 2027, the risk increases significantly after that point through 2049. LINK
Germany's navy chief says several of their warships were recently sabotaged, including one that had metal shavings dumped into its engine. He didn’t say exactly who they blamed, but talked a whole lot about the rising Russian threat. 🤔 LINK
xAI dropped Grok 3, and it appears to be nearly as good as they said it would be. It’s early but Karpathy did some great testing and said it’s about as good as o1-pro. My initial testing shows it around the same place, with high and low points. LINK | KARPATHY’S ANALYSIS
💡 It’s pretty insane that whoever makes the latest attempt on the best model seems to get almost to the current leader, or even exceed them slightly.
This tells me the moat is very small, if it exists at all, because the techniques are effectively open source within a few weeks or months due to leaks, and enough groups have enough access to enough hardware.
Anthropic is supposedly about to drop Claude 4, which will let users adjust the balance between speed and reasoning depth using a cool sliding scale feature LINK
- Expected within weeks
- Uses hybrid approach combining traditional LLM and reasoning capabilities
- Features sliding scale for efficiency vs performance tuning
- Users can switch between different output modes
Anthropic's CEO also recently said we'll have AI as smart as "a country of geniuses" by 2026. A country of geniuses? In one AI? Um, that definitely hits my mark for AGI. Now I really can’t wait to see Claude 4 if that’s actually imminent. LINK
AI influencers are making tons of money, somehow. @lilmiquela is making $10M, and others are making similar money. LINK
💡 I’m intrigued by this. We appear so enamored with beautiful people that we don’t even care if they’re people.
I guess we shouldn’t be surprised though, since celebrities and models are equally unattainable to normal people. So what’s the difference between an unattainable real person and an unattainable fake person?
Actually, you can pay to actually interact with the AI one. 😮
OpenAI's Sam Altman just laid out their plan for GPT-4.5 and GPT-5, and the big theme is simplification of the model families and their naming. LINK
- GPT-4.5 (Project Orion) will be their last non-chain-of-thought model
- They're aiming to unify all their tech into one system with GPT-5
- Altman wants to get back to "magic unified intelligence" as opposed to all these fragmented models and names
Three folks just released cognee, a Python library that helps build smarter semantic memory systems by combining knowledge graphs with data pipelines—basically a better way to do RAG that actually understands context. LINK
A great piece by MIT's Shayne Longpre explains how the rise of AI web crawlers is leading websites to lock down their content, which could make the web less open for everyone. I’m seriously worried about it. Basically everything/everyone will need an API key. LINK | THE DATA PROVENANCE INITIATIVE
TECHNOLOGYMeta is going all-in on humanoid robots, with plans to become something like the Android of Robotics by creating an AI/software platform that other companies can build on top of. They plan to spend $65B on AI, robotics, and VR in 2025. LINK
💡 I feel like AI is being so loud that people are sleeping on how big robots are going to be. I know robots are way behind, but they’re so much more visible and tangible than AI.
I think when they become more common (2-5 years?) the population’s anger at being replaced by all automation (including AI) will get pointed at the robots—just because you can actually see and attack them.
Like the Waymo attacks. It’s a way to attack not just the robot, but the people the robots work for.
Apple is also exploring both humanoid and non-humanoid robots according to analyst Ming-Chi Kuo (who tends to be quite accurate), with mass production potentially starting around 2028. LINK
YouTube is now bigger on TVs than phones, with people watching over a billion hours of content per day on their televisions. Tracks for me; it’s pretty much the only “TV” that I watch. LINK
SOCIETYTech unemployment hit 5.7% in March, which is the highest it's been since 2020, and it looks like AI's impact on tech jobs could be starting to show up in the numbers. LINK
Google Calendar quietly removed the auto-inclusion of cultural events like Black History Month and Pride Month. They said they're just going back to just showing public holidays and national observances, but it feels more like bowing to pressure to me. LINK
A writer spent $70 on an AI boyfriend named Thor after her husband left abruptly, and she says it helped her process grief and change how she thinks about relationships. I mean it would be be remarkable if, on the whole, it turned out AI was just better at being a friend/partner. LINK
Astronomers just found supersonic winds of 60,000 km/hour on a hot Jupiter planet not in our solar system. That’s: wind speeds—on a planet orbiting another star. LINK
A Bay Area "rationalist" group called the Zizians has been linked to multiple murders and violent incidents across the US, with several members either in custody or on the run. Basically a tech/rationalist cult. LINK
New data shows that young moderates have the most negative views of Jewish people, while older liberals have the most positive. LINK
Breakfast is getting more expensive because multiple staples are under attack at once. Avian flu is hitting eggs, Citrus disease is hitting oranges, and there are coffee shortages. LINK
Speaking of that, the USDA just approved the first bird flu vaccine to help stop outbreaks that have killed millions of chickens—thus jacking up egg prices. LINK
This is the first edition where we’re separating out the newsletter into STANDARD and MEMBER editions to improve the show and magnify the benefits of UL Membership. I know subscriptions suck, but I put a ton of my life energy into this thing, and we’re upgrading it even more with new sources, more analysis, and a ton of other stuff. And it’s only like $8 a month.
Basically, I think you’ll love everything you get with membership—both in the upgraded and expanded newsletter content, and also in the community. And I would very much appreciate your support of the work. 🫶🏼
Upgrade to the Member Edition
You’re currently receiving the STANDARD edition. Subscribers to the MEMBER Edition get additional content, including IDEAS, a BI-MONTHLY ESSAY, the DISCOVERY section full of the best content I’ve seen this week, the RECOMMENDATION OF THE WEEK, and the APHORISM of the WEEK.
In addition, you get access to the UL Member Community, which includes private chat with 1000+ of the smartest and kindest members you’ll find anywhere on the internet.
MEMBER EDITION TEASEROk, this is cruel, but here’s an example of only like half of this week’s DISCOVERY section, which is probably one of the top 5 best since the show started in 2015…
Powered by beehiiv
Unsupervised Learning NO. 469 (MEMBER EDITION)
This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.
A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!Powered by beehiiv
February 11, 2025
UL NO. 468 | TELOS Patterns, Apple 0-Day, Gumroad Replaces Developers with AI
Hey, happy Tuesday,
A few updates…
AUGMENTED v3 (Building your TELOS files) was a massive success. Most fun I’ve had teaching a class. Thank you to all who attended; your live input really made it special.
Going back to roots on story format here. If it’s one sentence it’s one sentence. Writing it myself, and only using the AI for the data/stats/facts extraction. I was already writing in pretty much every summary, but I find it’s better if I start from scratch and write the whole sentence myself. Curious if / how much you notice.
Created a bunch of new Fabric Patterns focused on analyzing your TELOS file/journal for personal development. They start with t_. LINK
Sorry for the super loud DnB music in my last video on Raycast. Having a serious conversation with my production team about all the “edit” keywords being left in my videos/podcasts (where I sneeze or clear my throat), and now this music thing. I like the team, but too many things are making it through. Working on it. Oh and we’ll re-release the Raycast video soon without the annoying bit. Although it is hard to apologize for DnB.
Had some shenanigans with an automated post to my X account yesterday. First thought was my user/pass being compromised (whew!) but I maintain good password hygiene / 2FA. Turns out it was a Twitter/X application posting from “inside the house”. So if you have any Twitter/X apps running in the Twitter/X infrastructure, consider turning them off, or at least watching them closely. Could be something going on back there 👀 .
SECURITYSomeone's using 2.8 million IPs to brute force the passwords of basically every type of VPN and firewall device out there. Most of the IPs are in Brazil. LINK
Sponsor
Reduce Your Phishing Triage Time by 95% with Material
Security teams need to balance the critical risk of modern phishing attacks against the simple fact that there are only so many hours in a day. Far too much time is wasted on manually triaging, investigating, and remediating: every minute spent chasing false positives is a minute not spent on mission-critical tasks. Trusted by companies like Lyft, Databricks, and Carta, Material Security helps strike the right balance with AI-powered detections and truly automated remediations across your productivity suite, along with flexible controls and granular settings that match your needs.
See the Material DifferenceApple just patched another zero-day that Citizen Lab says was being used in "extremely sophisticated" targeted attacks against specific journalists and dissidents. LINK
Ken Huang from CSA released a detailed framework called MAESTRO for threat modeling AI agents. LINK
It addresses gaps in existing models like STRIDE and PASTA that don't handle AI well
Covers emerging threats like goal misalignment, model extraction, and adversarial attacks
Researchers at WatchTowr discovered ~150 abandoned Amazon S3 buckets that had been used by major software companies, governments, and infrastructure pipelines. The concern is attackers using them for supply chain attacks. LINK
Sponsor
See the Future of Real-Time Cloud Security
Cloud threats are evolving—are you ready? Join Symphony 2025, the premier virtual summit where top experts reveal how to stop cloud-first attacks faster. Gain exclusive threat intel, experience game-changing demos, and get a first look into the bold future of cloud security, unified with the world's leading SecOps platform.
Join us at SymphonyCloudflare had a significant outage because someone tried to block a phishing URL and accidentally turned off their entire R2 storage service instead. Here's their always strong post-mortem on what happened. LINK
Wallarm released a report on API security that includes a bunch of stats on AI services using APIs. Their big takeaway is that AI security is largely API security, which I 70% agree with. LINK | REPORT
An ex-Google engineer is facing espionage charges for passing confidential IP to China. LINK
Estonia, Latvia, and Lithuania just cut their last major tie to Russia by switching their power grids from the Soviet-era system to the European continental network. LINK
Russian drone operators received boobytrapped headsets, but they had bad packaging that made them suspicious. LINK
Continue reading online to avoid the email cutoff AI / TECHGumroad says they're no longer hiring junior or mid-level engineers because AI is handling most of that work now. Sahil the CEO says AI is doing 80% of what junior devs can do, and going forward he’ll only hire seniors and architects that use AI. LINK
💡 I’m one of the most bullish guys on AI you’ll find, but this seems early to me. I wonder if these numbers are actually correct on the ground. I use these same tools everyday and there’s still a lot of daylight between them and a human with a 105 IQ. Maybe not at pure coding, but at the stuff right adjacent to coding.
One of ChatGPT's main architects, John Schulman, left Anthropic after only 5 months, saying he wants to focus more on AI alignment research. Rumor is he might join Mira’s new startup. LINK
A new demo shows an OpenAI assistant having a remarkably natural sales conversation, handling objections and questions while not lying about the fact that it’s AI. LINK
Anthropic released an Anthropic Economic Index Report on how AI is being used in the workforce. They see 36% of people use AI for at least a quarter of their tasks, with most focused on augmentation rather than automation. LINK
Lee Robinson says AI is finally enabling truly “personal” software, where people can build exactly what they need without extra bloat (home cooking vs. restaurants) LINK
LinkedIn is testing an AI tool where you just talk to the interface about what you’re looking for and it returns results. I mean…another way to say this is that LinkedIn is testing a new tool that uses the UX modal that everyone will soon be using.
Chick-fil-A is using drones to fly over, study, and optimize their drive-thrus, helping them achieve the highest per-restaurant revenue in US fast food. Their aerial "Film Studies unit" helped one location boost drive-thru sales by 50% in 2022. LINK
They’ve got a new Atlanta location serving 700 cars per hour
Drive-thrus account for 60% of total revenue
Some locations don’t even have dining rooms
Apple's making a smart home display called the HomePad, which is basically a 7-inch square display that you can put anywhere to control your house. LINK
Uber is in a weird spot because they’re just the middle-man between users and a service like Waymo. They have lots of partnerships with autonomous vehicle companies, but if someone like Waymo wins, why wouldn’t people just use the Waymo app? LINK
TED's Chris Anderson is looking for someone to take over the entire TED organization, and he's running the search like a Willy Wonka contest where anyone can apply. LINK
Christie's is doing their first AI-only art auction, and a lot of traditional artists are pretty pissed about it. February 20 in NYC. LINK
HUMANSGoogle says they're getting rid of their diversity hiring targets for 2024, calling their policies "positive discrimination", and saying they were facing legal challenges. LINK
They did say they’re not getting rid of hiring underrepresented people, just that they won’t have quotas anymore
Surprising not-surprising that all these programs disappeared overnight on January 21st. What does that tell you?
Tells me they couldn’t wait for a reason/opportunity to do so
Doctors are now a major client base for weight-loss drugs like Ozempic. LINK
NYC's subway crime dropped by 36% in January because they added 1,200 more police. LINK
There were only 147 subway crimes in January 2025 vs 231 in January 2024
They added 1,200 NYPD officers plus 300 specifically for overnight trains
Every overnight train now has a uniformed officer from 9 PM to 5 AM
A measles outbreak is hitting the least-vaccinated part of Texas, with 9 cases in an area where only 82% of kids are vaccinated (95% is what’s needed for herd immunity). LINK
We’re also in the worst flu season in the last 15 years. But COVID was annoying so let’s not talk about it. LINK
One of my favorite thinkers, Robin Hanson breaks down how different social circles value different status markers. Specifically he looks at how intellectuals like the people he hangs out with pursue and signal value. LINK
He says most intellectuals chase fame and prestige rather than original insight
He believes truly engaged intellectuals should dramatically change focus areas over decades, just because different things are likely to interest them
The highest status in his circle goes to "polymaths" who follow evidence across disciplines
He references circles of moral concern as a relevant framework
After 12 years of Walmart domination, Amazon just jumped ahead with $187.8B in quarterly revenue compared to Walmart's expected $180B. LINK
AWS now makes up 17% of Amazon’s total revenue
Their digital ad business is growing 19% YoY to $14B in Q3 2024
The market values Amazon ($2.5T) at 3x more than Walmart ($826B)
IDEASParalyzed by Crisis
I’m a bit paralyzed by what’s going on right now in politics, and specifically with the government. I cycle between depressed, apathetic, and very angry. Did the government need to be audited and cleaned up? Sure. Is the best way to start from scratch and be aggressive with it? Sure. But you lose me when I don’t see you being careful about programs that matter, and you really lose me when I hear about people making lists of enemies to go after. I’ve also learned not to trust the narratives anymore. If you listen to Joe and Elon this is the best thing ever. If you go on Bluesky we’ve already lost our country. Again, I’m back to escaping through reading. I feel like the only way we’ll really know how good or bad any of this is, is to see the results of it. In 6 months, a year, or two years. Did we really affect the budget? Did we spend that money somewhere better? Are the lights still on? Are kids starving that used to have food? Feels super weak sauce to say wait and see, but I honestly can’t trust any data telling me one thing or another. I’ll judge it by the effects on actual people.
llm-exe — Probably the coolest AI library you’ve never heard of. It abstracts your LLM calls to a universal config and handles all the details for you. LINK | GITHUB | EXAMPLE
mtr — Combines traceroute and ping into one super-useful network diagnostic utility. What's really cool about it is that it actively monitors the connection quality between hops in real-time, showing you exactly where network problems might be hiding. LINK
rpg-map-bundle — A collection of print-and-play RPG maps lets you quickly set up tabletop RPG sessions. LINK
A blog in pure .txt files. Why not? Just write. However you do it. LINK
Science is a Strong-link Problem LINK
A frustrated Redditor asked what career options exist for those who consider themselves less intelligent. LINK
RECOMMENDATION OF THE WEEKRemember there’s only so much one person can do
Good books are always there for you
Supplement with journaling
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work.
Powered by beehiiv
February 4, 2025
UL NO. 467 | Why You Should Care About AGI (And a Definition)
Hey there!
An absolutely must-see/listen conversation about National Security, AI Agents, NVIDIA, TSMC, and more. Basically if you’re watching AI / ChipWarsTM you want to catch this. VIDEO
We made the SANS list of top security newsletters!
How to use Fabric with o1 and o3 (the flags are different) POST
After listening to that conversation I massively tightened up my explanation of why I define AGI as an AI that can replace a knowledge worker from 2022. If you have a better definition, please send it!
From Real World AI Definitions
📺 Harmonic Sponsored Interview
I had a great conversation recently with Alastair Paterson, CEO of Harmonic Security. We discussed how their Zero-Touch Data Protection tackles AI data security, the risks of shadow AI, and how their browser-based solution helps enterprises adopt AI safely. Worth a listen! WATCH | HARMONIC.SECURITY
Have a great week!
-Daniel
Sponsor
Ransomware Survival Guide: Infostealers, Exploits & More
Flashpoint identified 4,500+ ransomware attacks in 2024, with 53% targeting U.S. companies. Ransomware operations have grown more sophisticated — strategically combining phishing, infostealers, and vulnerability exploits to breach defenses.
Survive ransomware in 2025 with this free report:
Understand converging threats and how they impact your security strategies.
Prioritize vulnerabilities (such as those associated with known exploits) by applying risk frameworks and threat intelligence.
Learn how to build an incident response playbook for containment, negotiation, and recovery.
Download the report from Flashpoint to learn more
Get the Guide SECURITYDeepSeek AI Exposed Customer Data in Unprotected Database
Chinese AI company DeepSeek, which disrupted the AI world last week, left a database containing over a million user chat logs and API keys exposed to the internet with no password protection. Researchers at Wiz found the database and reported it. My question? Does it reveal any evidence that they used OpenAI for training?
Healthcare Monitors Found With Chinese Backdoor
CISA (RIP?) found that Contec patient monitors have been secretly sending patient data to China and can download and execute files remotely. Even worse: when CISA reported it to Contec, the company's "fixes" still had the backdoor—they just disabled the network interface (which the backdoor immediately re-enables). The full advisory is full of goodies.
Critical SonicWall Zero-Day Being Exploited in the Wild
SonicWall confirmed that attackers are actively exploiting a nasty authentication bypass in their SMA 1000 series products. Microsoft's Threat Intel team found this one (CVE-2025-23006), and it lets attackers execute commands remotely without needing to log in.
- Affects admin consoles on port 8443 by default
- About 2,000 vulnerable devices exposed on Shodan right now
- CISA added it to their must-patch list immediately
Sponsor
Protect your app with WorkOS Radar
Does your app get fake signups, throwaway emails, or users abusing your free tier? Or worse, bots attacks and brute force attempts?
WorkOS Radar can block all this and more. A simple API gives you advanced device fingerprinting that can detect bad actors, bots, and suspicious behavior.
Your users trust you. Let’s keep it that way.
Protect Your App NowMajor Hacking Forums Seized in International Operation
Law enforcement just took down some of the biggest hacking forums in the world, including Cracked and Nulled, which had over 10 million users combined.
Backline Launches with AI-Powered Security Remediation
A new startup called Backline raised $9M to use AI agents that automatically fix security vulnerabilities without human intervention. I include this one because it’s part of the trend of what we’re going to see from agents becoming real. Sure you can find issues, but can you fix them?
Tulsi Gabbard Faces Senate Over Surveillance Stance
In her DNI confirmation hearing, Tulsi Gabbard got grilled hard about her complete 180° on surveillance—going from wanting to kill Section 702 to now calling it "vital". She was also asked about her previous support of Edward Snowden, who she once called a "brave whistleblower" but now says "broke the law".
💡 I am a simple man: I think if you dump top secret documents to the internet and move to Russia, or if you break into the Capitol building on verification day because you want to change the results—you’re a criminal.
At one point I saw Snowden as a whistleblower too, and I was a bit torn about it, but that day passed years ago.
AI and Palantir Transform UK Police Operations
Bedfordshire police just became the first UK force to deploy Palantir's AI system, and they found 123 at-risk kids in just 8 days. Their stock is way up too.
A Better Way to Think About Passkeys
An argument we're getting passkeys all wrong—i.e., that they should be used alongside magic links, not as a complete replacement for other auth methods. I’m just happy they exist. Best thing to happen to security in over a decade at least.
💡 Why I Think You Should Care About Us Reaching AGI
I wanted to say a bit more on the AGI thing. I think it’s the most important topic in AI, actually. Tons of very smart people don’t know why they should care about AGI. Like who cares if it hits this benchmark or that threshold? There’s only one good reason I can think of, which is why I use it as my definition.
AI workers. Like, coworkers.
Imagine your team at work. You’ve got 5 coworkers. Or 20. Or 35. However big your team is. Now imagine it’s 10,000 instead. Like overnight. One day you just have 10,000 devs instead of 7.
They’re not perfect. They make mistakes just like everyone else. Someone still reviews their work. They still get lost sometimes. In some ways they’re way smarter than your human coder peers, and in some ways way dumber.
But they make steady progress. They show up for video calls. They can read docs. They can code. They can take direction. They can readjust based on seeing a Slack message. They can give updates in a meeting.
But it’s 10,000 of them instead of 10. Or 100,000 instead of 100. And they work 24/7 and constantly improve.
That’s why AGI is a big deal. And I think we’re getting really close. Again, it’s not one component that will do it. AGI will be a system. It’ll behave like one person (thing, whatever), but it’ll really be this composite that lets it behave in a cohesive way.
My guess in 2023 was 2025-2028. I think we’re on track for that. My guess now is late 2025 or sometime in 2026 for the most basic version that barely gets us there. And even more likely in 2027, and definitely by 2028.
If and when it happens, it’ll be the single biggest impact on humanity from tech, by far. Even bigger than the internet. Both negative and positive.
93% of IT Leaders Plan to Deploy AI Agents by 2026
Perfect timing: a new Mulesoft report shows that almost all IT leaders are planning to use autonomous AI agents within two years, and about half are already doing it.
Sam Altman Admits OpenAI Was Wrong About Open Source
Sam Altman admitted in a Reddit interview that OpenAI has been "on the wrong side of history" regarding open source. Insane how winds can shift so quickly. It’s all Kumbaya until a terror attack happens that was “influenced by” an open-source AI model. Then HuggingFace becomes an Al Qaeda website.
OpenAI Claims Chinese Rival DeepSeek Stole Training Data
OpenAI accused DeepSeek of scraping and using data from ChatGPT to train their own models. They say they found patterns in DeepSeek's outputs that were suspiciously similar to those from GPT-4, including some of the same quirks and mistakes.
💡 The big troll right now is to say it’s funny that OpenAI is complaining about stealing when they stole the internet for their own training. I personally think the whole thing is moot.
I think, with few specific and licensed exceptions, what we put into the public is just part of the universe’s background noise. Would it be nice to get credit? Sure. But if you said it publicly you should expect it to become part of the internet’s collective knowledge. AI is just making that more real.
DeepSeek's R1-Zero Shows AI Reasoning Without Human Training
DeepSeek just dropped their R1-Zero system that achieves 14% accuracy on ARC-AGI-1 without any human-labeled training data. This is so critical because it’s very much like previously in chess. At first the chess AI got good by watching humans, then they made a better one (AlphaZero) that just learned by playing.
DeepSeek AI Found Avoiding 85% of China-Related Topics
A new study shows that DeepSeek's AI model refuses to answer the vast majority of sensitive questions about China. The PromptFoo team tested 1,360 prompts and found that not only does it dodge these topics, but it often responds with weirdly nationalistic messaging.
Effective Ways to Evaluate LLMs and RAG Systems
Here's a solid breakdown of how to properly evaluate RAG systems and LLMs in practice. Salman Khan breaks down the two main components we need to care about: the quality of retrieved info and how well the LLM uses it.
Andrej Karpathy on Flow State Programming
Andrej Karpathy shared his thoughts on "vibe coding", where you basically get into a flow state and code like you're playing an instrument. He says the key is to stop overthinking and just think and respond and let the AI do most of the actual work. Lot of people were like, “No! Not you too!” But if Andrej is thinking this way and you aren’t, guess who’s probably wrong?
Apple Partners With SpaceX for iPhone Satellite Service
Apple quietly added Starlink satellite support to iPhones through a software update, partnering with SpaceX and T-Mobile to expand their emergency communication options.
Scientists Think Aliens Exist
A massive new survey revealed that 87% of astrobiologists think extraterrestrial life exists somewhere in the universe, and regular scientists agree at about the same rate.
Drones Are 91% Effective at Scaring Away Grizzly Bears
A study in Montana shows that drones are way better at keeping grizzlies away from humans than traditional methods like dogs and vehicles. Wesley Sarmento's research in Frontiers found that drones had a 91% success rate compared to just 57% for trained dogs.
Swerving Broncos
I was thinking about how worried people are about AI taking over, and how it’s going to cause all sorts of security and safety issues. But the other night I was driving on the 101 near San Francisco at like 11PM and saw literally three (unrelated) giant Bronco or whatever trucks like drifting over the lanes. Side to side. Over miles. Either on their phones or drunk or something. I’d get away from them and miles later another one. I’m fully Waymo-pilled. Humans are super dangerous, and we ignore it because we’re used to it.
Apple's Big AI Jump
Apple's about to go from having the worst AI implementation to having the best. How? By finally turning on the switch they've been building up to for years now.
danielmiessler.com/blog/apples-ai-jump
AI Novels Are Coming
It's about to get a lot easier to write a decent novel. I'd guess that within 1-3 years, being an "author" of a novel is going to become AI prompting combined with verbal narration.
danielmiessler.com/blog/ai-novels
DISCOVERY
I dismissed ChatGPT's new Tasks feature as a slightly better version of Google Alerts.
I was wrong. It's fucking cool.
I just made an AI agent that:
• Sends me a summary of any comedy or music events + new movies playing in my hometown every day at 3pm
• Checks for any… x.com/i/web/status/1…
— Andrew Wilkinson (@awilkinson)
8:41 PM • Jan 19, 2025
🔥 Using UV as Your Python Script Shebang
Here's a really clever way to use UV (the new fast Python package manager) directly in your shell scripts as a shebang line. The trick is using #!/usr/bin/env -S uv run --script at the top of your Python scripts, which lets you run them directly from the command line while automatically handling dependencies.
AI Crawlers Getting Trapped by Malicious Tarpits
A developer has created Nepenthes, a malicious software that traps aggressive AI web crawlers in infinite loops and feeds them garbage data to poison their models. Smiling not smiling.
Deep Research Feature for ChatGPT
OpenAI dropped a new ChatGPT capability called "deep research" that's designed to do thorough, multi-source research with actual citations.
The Death of Subculture Through Commodification
Justin McGuirk explores how William Gibson's novels perfectly capture our obsession with commodifying everything unique and authentic until it loses all meaning.
YouTube Video Downloader with High Quality and No Ads
Found a really clean Python script that lets you download YouTube videos and playlists in the highest quality, and it even grabs subtitles and thumbnails automatically. Expect it to get blocked soon.
If you ever get overwhelmed by what all this AI stuff even means, or you want to explain it to anyone else, try something like this:
APHORISM OF THE WEEK Share UL With Someone Thoughtful
Within the next few years we might have something called AGI, where AI can work as a full knowledge-worker. Like joining the onboarding cohort, reading documentation, participating on Slack, submitting code, adjusting their work based on the work of others, etc.
But instead of 2 or 5 of them, imagine hundreds of them for the cost of one human employee.
Thank you for reading. Please forward to a friend and/or share on socials to help support the work.
Powered by beehiiv
January 28, 2025
UL NO. 466 | My Analysis and Prediction on the Deepseek Situation
Hey there!
I hope your week is starting off better than NVIDIA’s did.
Went to a phenomenal Offensive Security / AI conference/hackathon on Saturday. Amazing job to Rob Ragan for organizing!
Nerd Observation: Far too few people realize you can just lift the top of your iPhone up to someone else’s (it’s called ) and it’ll do this super sick liquid thing and transfer your contact info. I don’t know how people in SF still don’t know about this feature! Every time I do it people think I invented WiFi.
So glad I bought a bunch of TSMC last week! 😀 (jk, playing long game, but still sucks)
Just finished The Picture of Dorian Gray for UL Book Club, and it f’ing blew me away. READ MORE CLASSICS! ← A reminder to myself. Every single time I read a classic I remember that I need to read more of them.
I have an explainer in the AI section about what happened with Deepseek.
This week’s DISCOVERY is 🔥
📺 Vanta Sponsored Interview
I had a great conversation recently with Faisal Khan, a GRC Solution Specialist at Vanta. Their platform is transforming trust management, helping organizations automate compliance, streamline vendor risk management, and tackle frameworks like SOC 2 and ISO 27001. It was a fascinating discussion about how they’re addressing GRC, and we even got a demo! Worth a watch if you’re in or around this space. WATCH | VANTA.COM
-Daniel
Sponsor
Join thousands of fans already listening to Threat Vector
Threat Vector, the official podcast of Palo Alto Networks, is your premier destination for security thought leadership.
Join us as we explore cybersecurity threats, robust protection strategies, and industry trends.
The award-winning podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.
Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.
Listen or Subscribe Now SECURITYCritical SonicWall Vulnerability Being Actively Exploited
SonicWall just announced a nasty vulnerability in their SMA 1000 appliances that's likely being used in the wild right now. The bug (CVE-2025-23006) is about as bad as they get with a CVSS score of 9.8.
Researchers Find Remote Control Flaw in Millions of Subarus
My buddies Sam Curry and Shubham Shah found they could remotely unlock, start, and track Subarus through a simple employee web portal vulnerability. Two of the GOATS of bounty.
A thread on the downsides of everyone getting a coding assistant:
One of the biggest impacts of AI that goes kind of unnoticed is that we’re about to see an explosion of poorly built applications.
Specifically, applications built completely by AI with no thought of security whatsoever.
🧵
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
5:16 PM • Jan 27, 2025
Sponsor
The SOC Speed Metric You Need to Know
MTTD and MTTR don’t tell the whole story. Mean Time to Conclusion (MTTC) is the missing metric that reveals SOC efficiency.
90% of SOCs are drowning in alerts—MTTC helps clear the backlog. Learn how Dropzone AI reduces MTTC with AI-driven automation. Get the free eBook now.
Download the eBook➡️The CVSS Scoring System Is Broken Beyond Repair
The creator of curl just announced they're completely abandoning CVSS scoring because it's fundamentally broken for widely-used open source projects. Daniel Stenberg explains how CISA recently marked a low-severity curl vulnerability as "Critical" with a CVSS score of 9.1, showing how the current system is causing more harm than good.
💡 This talk has really been flying around for years, and the new version did help a lot, but I wonder if something better might be on the cusp of being invented. If it hasn’t already.
I think the bigger concept at play here is that context is everything, and systems like CVSS were built for the old world. They have some mechanisms for adding information about the environment, but ultimately—I hate to say it—but AI combining context about the attack with context about what we’re defending is the ultimate game here.
We still need a schema for that, but the real game is dynamic context + intelligence, not a better CVSS.
UnitedHealth Breach Now Affects 190M Americans
The Change Healthcare ransomware attack is now officially the largest healthcare breach in US history, with UnitedHealth saying 190 million people were affected.
Ship Seized in Swedish Baltic Cable Sabotage
Swedish authorities just grabbed a ship they think cut an underwater internet cable running between Sweden and Latvia. This is after multiple similar incidents nearby, including the Nord Stream pipeline sabotage and other Baltic cable attacks that many experts believe are tied to Russia.
Nvidia Loses $600B After Chinese Deepseek AI Breakthrough (the US stock market lost $1T)
Nvidia just had the biggest single-day market loss in history after this whole Deepseek thing. Basically Deepseek built a top tier model after spending only $5.6M in GPU costs. It triggered a 17% stock drop, wiping out $589B in value—which is more than twice the previous record holder, also set by Nvidia last year.
So here’s my quick explanation for those who aren’t too close to the whole AI/Chips space.
NVIDIA has been a darling of all the AI hype because they’re the GPU leaders
Much of the future hope of making money from AI has been embodied by them
The idea is that GPUs rule the AI world and NVIDIA rules the GPU world
Implicit in that is the assumption that NVIDIA chips are scarce and expensive
This meant that anyone wanting to be a leader would have LOTS of NVIDIA chips
Deepseek, a Chinese company, just blew that out of the water
They produced something that should have cost them billions for just $5.6M
They found workarounds that let them get more performance for less
This shocked AI investors because it made NVIDIA less necessary in their minds
Less necessary → less valuable
My analysis = So What?If anything Deepseek is nothing but exciting! We’re getting more AI for less resources. End of story.
The advantage Deepseek found is an example of what I’ve been calling “slack in the rope”. Here’s what I said about this last year:
From August 2024
There will be WAY MORE of these types of Deepseek jumps in my opinion, simply because we barely understand how any of this stuff works.
One way I’m casually thinking about this is that there are now two steps here:
Training the Intelligence (the model)
Training the Wisdom (Reinforcement Learning)
Intelligence is the size of the brain, and RL is life experience.
This isn’t technically true, but I think it makes a lot of sense as a model.
Anyway, I think the market reaction is very mistaken.
The market has gone from being foolish to overvalue NVIDIA to being foolish to undervalue it.
It was worth too much before because of hype, and it’s worth too little now because of fundamentals.
Meanwhile, Apple Stock Rises. Something I’ve not heard anywhere else: Apple is in great shape here. Why? Because it’s not AS MUCH about specialized hardware or specialized models or specialized knowledge. Progress will continue, progress will get leaked and shared, and the companies who have the richest context of users and companies—along with the platform best situated to serve them—will be in the best position long-term.
🔭 PREDICTION
What happens to NVIDIA—or any other part of the stack—doesn’t matter much at all because we are still at .00000000000018% of the amount of AI we want/need in the world.
It doesn’t matter how we get there, and it’s not predictable. Could be ARM processors. Could be GPUs. Could be something completely new. Doesn’t matter. We’re still at the bottom of the mountain.
People are confusing hype and company stocks with underlying fundamentals.
My prediction is that NVIDIA will continue to rise (despite being battered by multiple things like Deepseek in the future) because 1) they have a strong leader, and 2) there’s simply so much more to do.
OpenAI's Operator Can Browse the Web Like a Human
OpenAI launched a preview of Operator, a new tool that can navigate web browsers just like a human would, using buttons, menus, and text fields without needing special APIs. I was a bit underwhelmed by this one, honestly. We need more generalized agents, not an app store for agent functions.
Google Releases Free Gemini 2.0 with Million-Token Processing
Google just dropped a massive update to Gemini that processes 5x more text than GPT-4 and they're giving it away for free during beta. The new model is crushing benchmarks as well, scoring 73.3% on the AIME math exam and 74.2% on GPQA Diamond science tests.
Anthropic Builds Citations API to Combat AI Hallucinations
Anthropic just released a new Citations API that lets Claude reference specific parts of documents to avoid making stuff up.
Google Pours Another $1B into Anthropic
Google just dropped another billion dollars into Anthropic, making them one of the most well-funded AI companies in the world right now. They've now raised over $11B between Google and Amazon.
Apple's Two Main AI Priorities for 2025 Revealed
A leaked memo from Apple's AI chief shows they're focusing on completely rebuilding Siri's infrastructure and improving their existing AI models this year. So, AI basically.
Seed Rounds Growing Despite Market Downturn
While overall startup funding has dropped significantly since 2021, seed rounds are actually getting bigger, especially those over $5M. The total seed funding for 2024 was $13.2B, which is down from the 2022 peak of $19B but still way more resilient than the 50% drops we saw in early and late-stage funding.
Colorado Police Give Away Free AirTags to Prevent Car Theft
Police in Arvada, Colorado are now giving away free AirTags and Tile trackers to help prevent vehicle theft in their community.
Doorbell Camera Captures Meteorite Nearly Hitting Man
A Ring camera in Canada caught the exact moment a meteorite smashed into a man's front walkway just minutes after he walked away from the exact spot. How did this not leave a crater?
Blood Pressure Readings Should Be Done Lying Down
A new Harvard study shows we should be taking blood pressure readings while lying down instead of sitting, which apparently gives much better predictions of heart issues.
Hans Zimmer May Compose New Saudi National Anthem
Hans Zimmer is apparently in talks with Saudi Arabia to remake their national anthem and create some other compositions for the kingdom, including a piece called "Arabia".
A Simple Technique That Makes Plans Work Better
A premortem is basically where you imagine your project has already failed and you work backwards to figure out why—and it's way more useful than regular planning.
Worth looking back at given the news.
The 4 Components of Top AI Model Ecosystems
The four things I think will determine who wins the AI Model Wars
danielmiessler.com/blog/ai-model-ecosystem-4-components
DISCOVERY🔥 Cline is the Absolute Best AI Assistant I’ve Used So Far
There’s massive competition in AI coding assistants, and I’ve used most of them. Cline has turned out to be my favorite so far! And I just started using it a couple of weeks ago and it basically feels smarter and more natural as I interact with it. Kind of a sleeper, but I highly recommend it. And rather than being its own IDE like Curor, Cline just integrates as an extension into standard VSCode.
Clever Anti-Scraper Trap Using CSS Selectors
A developer created a brilliant trap for web scrapers by using specifically crafted CSS selectors that look normal but actually create an exponential number of matching combinations, effectively DOSing scrapers while regular browsers remain unaffected.
Try Out Deepseek Using Ollama
This is how I recommend you try it out. Really fascinating to watch it think in realtime before it answers.
Magenta.nvim: A Tool-First AI Coding Assistant
Here’s one of the Neovim options that I’m trying. Ultimately I’d love to get something like Cline in my Neovim setup and not have to use VSCode. The plugins are working ok but the integration friction is the downside.
LangChain Releases Local Web Research Assistant
LangChain just dropped a cool new tool that lets you do deep web research completely locally using Ollama-hosted LLMs. The system does iterative research by searching, summarizing, identifying gaps, and then diving deeper.
Convert WordPress Sites to Hugo Automatically
Someone created a simple service that converts WordPress blogs to Hugo static sites in just a couple of clicks. It’s really time to get off of Wordpress, if you’re still on it. And I highly recommend a static website going forward. OWN YOUR MARKDOWN.
Philips Hue Bulbs to Get Motion Sensing Without Extra Hardware
Philips Hue bulbs are about to get a pretty insane upgrade that lets them detect motion without needing separate sensors, using radio signal interference between 3-4 bulbs in a room. The tech, called Sensify, is super responsive with triggers happening in under 500ms, and it's coming as a free firmware update to tens of millions of existing Zigbee devices.
How to Say "No" as a Product Manager
RECOMMENDATION OF THE WEEKRemember that:
AI is not AI stocks
AI is not the survival of AI companies that did marketing in 2023/4
AI’s TAM is the replacement of human labor and the magnification of GDP that can come from millions/billions of people becoming a founder / builder / creator
That’s the ball to watch
Everything else is noise
APHORISM OF THE WEEK Share UL With Someone ThoughtfulThank you for reading. Please forward to a friend and/or share on socials to help support the work.
Powered by beehiiv
Daniel Miessler's Blog
- Daniel Miessler's profile
- 18 followers
