The AI security conversation has been abstract for long enough. Guillermo Rauch is now naming specific tools and saying out loud what most companies are too cautious to admit: the same AI capabilities being built for defense can be turned around and used as weapons. Meanwhile, the rest of today's feed is mostly the industry talking to itself about cost optimization and benchmark games. The security story is the one that actually matters.
01
The offensive AI capability problem is no longer theoretical
Vercel CEO Guillermo Rauch flagged something worth taking seriously: the cybersecurity capabilities being built into systems like Mythos and Sol work just as well for attacking infrastructure as defending it. His recommendation is direct: run security harness tooling like deepsec against your systems now, before someone else does. He's not speculating about future risk. He's describing a present one. ---
Why it matters: Most companies still treat AI security as a compliance checkbox. If the same frontier models your vendors are selling you for productivity can be pointed at your network by an adversary, your existing security posture was designed for a different threat environment. The window to find your own vulnerabilities before someone else does is closing.
Box CEO Aaron Levie on who actually wins the AI cost problem
Aaron Levie posted a pointed observation about token cost optimization: the best practices are useless unless someone deeply understands the underlying work being automated. His conclusion is that every company building AI workflows on their own is going to hit a wall, and that creates a real opportunity for vertical software vendors who already have that domain knowledge baked in. ---
Why it matters: If you're a software company selling into a specific industry, this is your argument against the "GPT can do everything" crowd. General-purpose models are cheap, but understanding a law firm's billing workflow or a hospital's prior authorization process well enough to optimize it is not. That knowledge is your moat, if you use it.
Swyx points out a quiet advantage open models have in benchmark reporting
Swyx flagged a useful observation about how AI models get compared: open models run significantly more computation per dollar than closed API models do, which means benchmarks that measure performance by token count rather than dollar spent systematically underrate open models. His suggestion is that anyone launching an open model should report results normalized to dollar-equivalent inference budgets instead. ---
Why it matters: The next time you see a benchmark putting a closed model ahead of an open one, check what's being held constant. If it's tokens rather than cost, you're not comparing apples. This is a small methodological point with real consequences for teams choosing between self-hosted and API-based models.
Matt Turck on the unbroken record of wearable AI skepticism
FirstMark Capital's Matt Turck posted a deadpan timeline: Google Glass said you want this (you didn't), Microsoft said it's for enterprise (enterprise disagreed), Meta said normal-looking AI glasses might work (almost), Apple said $3,500 face computers are the answer (absolutely not), and now Snap is trying again. The post cuts off there, implying the pattern speaks for itself. No "Why it matters" needed here. Twelve years of the same pitch, twelve years of the same result. Snap gets its turn. ---
Thibault Sottiaux posts a meme about Sol running Codex
A joke post from an OpenAI staffer, referencing yesterday's Codex incident. Nothing substantive, but after a weekend that included a usage reset and an ongoing investigation into what went wrong, even the internal culture of laughing about it is mildly telling.