My newsletter, Frankly Speaking, is back! I'm launching a freemium version but with more consistent articles and hot takes on my experience as an engineer and former VC working in cybersecurity: franklyspeaking.substack.com… Subscribe here: franklyspeaking.substack.com…

The "AI SOC Analyst" is a band-aid on a broken leg. A ton of security startups are dropping autonomous agents into legacy SOC queues to speed up triage. It’s a waste of budget. You are just optimizing a workflow that shouldn't exist in an AI-native world. Think about factory electrification in the 1920s. Early factories just swapped massive steam engines for large electric motors and saw zero productivity gains. It was only when they threw out the blueprints, put tiny motors at individual workstations, and changed the floor layout that productivity skyrocketed. Cybersecurity is stuck in the steam era. Legacy SIEMs force you to pay an insane markup on basic data storage while your team wastes finite engineering cycles tuning noisy alerts. The future isn't a faster SOC. It's a decentralized security data lake. New platforms like @RunReveal and @scanner_dev are cutting out the middleman by running directly on top of cheap infrastructure like S3 and ClickHouse. Meanwhile, tools like @cotoolai are perfecting the AI blue-team application layer. The real win here isn't autonomous code remediation; it's fixing the tuning loop. Most alerts are false positives. When an alert hits, tools like RunReveal can run an immediate background investigation, auto-close the noise, and hand the human generalist the exact context needed to tune the rule in seconds. You don't need a dedicated SOC or an army of analysts anymore. You need elite data infrastructure and software that lets a single generalist focus on outcomes, not implementation details. open.substack.com/pub/frankl…

it’s not that AI “doesn’t work.”companies struggle to use it and are afraid to admit it.

GDP.pdf measures whether models can read the messy professional documents - wiring diagrams, rocket schematics - that run the world. Riemann-bench measures research-level math, written by ivy league profs and IMO medalists in the course of their work. ...and climbing them both?... the stuff of fables 😎 congrats anthropic!

if you're an AI company and your CTO writes code but your CISO doesn't, you have a problem.

it's pretty obvious those who enjoy it vs. don't. career ladder climbers do it for the money.

those who say using AI isn't great probably don't have great harnesses

real instructions aren't lists of independent rules. they're entangled. introducing ComplexConstraints — our new IF benchmark testing the kinds of IF constraints that show up in real work: 1. conditional constraints (fire only when specific conditions are met) 2. planning constraints (many reqs must be satisfied simultaneously) 3. multistep constraints (each step feeds the next) 4. implicit constraints (a competent colleague would just know) models score from 0% to 40% we also trained a 4B model on 1k examples -> it matched a model 60x its size, and the gains transferred to other IF benchmarks like MultiChallenge and AdvancedIF. blog post: surgehq.ai/blog/complexconst… leaderboard: surgehq.ai/leaderboards/comp…

AI agents aren't just suggesting code anymore—they are autonomously running privileged actions in local terminal shells. This completely upends endpoint security. All it takes is a single logic error for a local agent to pull down a malicious open-source package and run it on a developer’s laptop because it thought the dependency was legit. In my latest newsletter, I look at the future of the endpoint market and where the real opportunities sit for incumbents and startups: 🔹 The Agent Architecture: Building endpoint software is brutal on battery and kernel stability. But just like @Cloudflare Warp or @zscaler did with SWGs, you can get away with a lightweight local agent if you route the heavy compliance and policy lifting to an elite global infrastructure. 🔹 The IT Operational Trap: Enterprise IT is stuck. Bloated companies have hyper-specialized teams doing manual tasks that AI will eliminate, making re-allocation highly political. The real market is lean startups where engineers moonlight as IT admins and need autonomous agents to patch and monitor fleet health out of the box. 🔹 The Platform Dark Horse: I’m cautiously optimistic about new plays like @Tanium Atlas. Complex, feature-heavy legacy platforms that are historically hard to use might actually benefit the most from AI. If you have 20 years of deep feature telemetry, you can use a natural-language interface to completely hide the plumbing and deliver immediate value. The endpoint checkbook is going to split. AI-forward shops view budget as one big efficiency blob. Older enterprises are facing a massive political battle over the consolidation of IT and security responsibilities. Full deep dive on the last mile of agentic security: open.substack.com/pub/frankl…

hiring talent is a lot like vc investing. the top firms get access to the best deals with high likely of high ROI. the other ones have to settle or find a diamond in the rough and take on more risk

i like this take

Trying to block enterprise AI adoption is a losing battle. The real engineering challenge is building the guardrails to secure it in real-time. 🧵 Enter the AI Proxy. But if you want to know if a tool in this space is legitimate or just agent-washed marketing fluff, look at how it handles the streaming token problem. Traditional web proxies (like legacy CASBs or SWGs) inspect static HTTP payloads. They hold the request, scan the text, and pass it along. That architecture fails completely with LLMs. Developers expect instantaneous, millisecond-by-millisecond token streaming in their terminals and IDEs. If a security gateway adds even a 200ms hiccup to an autocomplete function, engineers will instantly find a workaround to disable it. A real AI proxy has to process massive, high-volume concurrent requests and inspect data streams on the fly—evaluating context windows and masking secrets without breaking the connection. This is exactly why owning your own global infrastructure is the ultimate moat. It’s why @Cloudflare and @Zscaler came to dominate the web gateway market—they understood that raw performance and low latency are the ultimate product features. Right now, startups like @joinformal have a massive head start because they treat security teams like developers who want programmable, policy-as-code controls. But to survive the traffic load long-term, the next-gen players will have to migrate away from self-hosted models and build out their own distributed global infrastructure. Full deep dive on why infrastructure is the defining moat for AI security: open.substack.com/pub/frankl… #Cybersecurity #Infosec #AIProxy #Cloudflare #Infrastructure #SecurityEngineering

CYBER APOCALYPSE is real, but it’s caused by the # of sales people exceeding the # of security engineers They’re selling products that don’t exist to teams that won’t use them

The cybersecurity blank check has officially bounced. 📉. I discuss this more in my weekly newsletter, Frankly Speaking. In our post-ZIRP reality, security teams are finally being forced to justify their existence as business units. The era of building top-heavy, bureaucratic empires to manage manual processes is over. As AI engineering velocity explodes, the cybersecurity budget is undergoing a massive structural shift across three buckets: 1️⃣ Headcount Compression: We won't see massive, multi-layered security orgs anymore. The future belongs to flat teams of elite security generalists, essentially software engineers paid a premium to write automated defense loops. Human administrative waste is being swapped for raw token costs. 2️⃣ The Commoditization of Compute: Savvy buyers are rejecting massive SaaS markups from vendors who just wrap frontier models. As model costs plummet like AWS infrastructure, companies want to Bring Your Own Key (BYOK). 3️⃣ One-Shot Context Over Conversations: If your AI tool requires a security analyst to have a continuous back-and-forth conversation with a chatbot, it’s a chore, not a product. The winning vendors will be those providing the exact environmental context required for agents to operate autonomously and execute in a one-shot manner. The future of security isn't about managing headcount but about empowering the outcome. Full budget breakdown: open.substack.com/pub/frankl… #Cybersecurity #AI #SecurityEngineering #TechBudgets #VentureCapital

every airline should have @Starlink or the ones that do will have a serious competitive advantage

anyone without a real title at an AI company is grinding the hardest right now

The confounding factor is that virtually every big company is overstaffed by 2-4x and has been for decades. AI is the catalyst/excuse to finally fix that. Of course nobody wants to say this out loud.

AI-generated posts are too obvious and are getting worse.

when you optimize for money, you don't do great work bc you spend all your time optimizing the corporate game. i was happiest and did a lot of my best work making 3k a month during my phd.

AI doesn't know about organizational bureaucracy. in fact, it breaks it. the problem is AI adoption will be slow in large orgs because many people's jobs depend on that bureaucracy existing.

what happens to productivity (loaded question)