@jcmleng I find it stagging that firms like Crowdstrike and Cloudflare, which are focused on security, are down 38% and 37% from their November peaks.

In all the hullabaloo about Agentic AI and the "SaaSsacre", the topics not getting enough attention in my view are trust and security (addressed in depth by Ed Chung at $TNE last week).

What enterprise Board, Exec, or CIO, or SMB owner for that matter, is going to open up their enterprise for some AgentAI Bots to run amok with their processes, IP, data, customer relationships?

How will the new AI-Native firms build the trust and confidence required? How do they demonstrate that controls are in plac, are effective and are robust?

I for one, would not trust my business to Sam Altman. And although Antropic is founded on principles of safety, is that really enough? Where is the proof that there are effective safeguards and controls? (So, I'm surprised to hear that @Strawman is monkeying around with OpenClaw. How can we even know if the AI Bot hasn't kidnap @Strawman and continues to run the platform for its own nefarious ends? Surely there is enough data on this platform, including all the SM Meetings, that could train a pretty convincing AIStrawman.)

There is a lot of talk about AI making things frictionless. But isn't trust one of the greatest sources of friction of all through all human history?

That's a great observation @mikebrisy. Would you like me to help you brainstorm some possible scenarios?

(joke!!)

I should emphasise that my instance of OpenCLAW is sandboxed, on a separate machine (a VPS) and kept a mile away from anything important. It only has access to what I give it. So it shouldnt be able to cause too much trouble. It's mainly just to get a feel for what's possible and see if reality lives up to the hype (it doesnt, yet, as far as I can see).

But, yeah, be super careful out there!

https://x.com/ns123abc/status/2025975943529931240?s=20

Hmm second time adding this post because I hit Add Reply before but can't see it come up on the feed..

A good way to get me to shorten the post... write it out twice..

Have a listen to this, set to play from the 6min mark where Chamath wrestles with the idea that companies will need to IT Infrastructure back "On Prem" to be in control of their data. He references a legal ruling where if a company (most likely junior employee looking for an edge) has put data and information into a public LLM then the company losses rights over it.

Cheers

JM

Hi @Strawman @mikebrisy

Today was my first day at Salesforce conference. We had Energy & Utility Summit, where they were showcasing what Salesforce is coming up with. One of the main discussion topic was how to put guard rails on AI.

As I understand it (quick read), Claude Code Security looks for vulnerabilities on your own code - so that's a good thing. It seems at odds though for the market to whack companies that protect you against adversaries at the front, side and back doors (firewalls, etc). I hold FTNT IRL - firewalls and network appliances that include hardware hooked up to a global security operations centre that actively looks for threats - and guess what - they use AI to help them do it!

I'd like to see Anthropic release 'Claude Code Equity Analyst' and see all the analysts give themselves a massive pay cut.

@Scott, thats how I read it too.

Presumably you would deploy Claude Code Security in your environment (heaven forbid) (1) let it run loose on ALL the code that is in your environment (2) flag the vulnerabilities (3) flag the remediation (4) let a human say OK, then presumably (5) you let Claude fix the vulnerabilities.

Operationally, I would have followed Bill Alderson's advice (the dude who wrote the blog I posted) and deploy it into my environment for it to do ONLY (1), (2) and (3), in parallel with whatever vulnerability scan capabilities we already have deployed. Given how the Claude Code is suppose to work, it will be a different way of flagging vulnerabilities and any new vulnerability it does flag can only be a really good thing. So this capability, in itself, is absolutely a positive thing for everyone - companies, internal IT, cyber security companies and the world at large. And

But cybersecurity is not simply scan, flag and fix, so I cannot understand the negative reaction. By spraying anything and everything that smells cyber security, the market has completely lost its collective head ...

I’ve got openclaw running on a raspberry pi 5 - cost me about 300$ and using open LLMs from Ollama (I am too cheap to pay for them :))- totally isolated from everything and only sees what i put in the pi. TBH its not bad for automating certain things like scraping data from reports etc. but beyond that I have not yet found more use… a better computer will allow running better models locally but for now this has been quite fun!

Sounds exactly like what and AI trying to convince us it wasn't an AI would say ;D