Tag: Cybersecurity

Categories
AI Business Investing Technology

The Scarcity Portfolio: Navigating Sovereign Debt, Wafer Bottlenecks, and Orbital Compute

Today I was watching the interview of Gavin Baker by Patrick Oโ€™Shaughnessy on his Invest Like the Best podcast. Like prior conversations this was another fascinating excursion into the mind of a sophisticated and very successful tech venture investor.

During the conversation, Patrick asked Gavin what agents he was using that were especially helpful and he mentioned one which summarizes YouTube podcasts and videos for him. Like most of us Baker just doesnโ€™t have the time to watch or listen to them himself so good summaries are really helpful.

Turns out Iโ€™ve been working on a Google Gemini Gem that does this for me. When Baker mentioned his I fired up the new Gemini 3.5 Flash model and asked it to summarize the Baker interview.

Later in the conversation Baker used the term โ€œbattlefield AIโ€ which caused me to go back to Gemini again to learn more about that. The results were so interesting that I asked Gemini to create a syllabus for a semester class on these subjects. After that I asked it to convert our whole conversation into a Markdown file so I could share it. Youโ€™ll find it below.

I found this whole experience pretty stunning. I came away very impressed with Gemini 3.5 Flash both for the quality of the responses but also the sheer speed. Wow!

Anyway I hope you enjoy the following!

Continue reading “The Scarcity Portfolio: Navigating Sovereign Debt, Wafer Bottlenecks, and Orbital Compute”
Categories
AI

Bots Galore

In the shadowed corners of the digital wilds, where code meets curiosity, something ancient is stirring again. Not the slow grind of biological evolution, but its silicon echo: a Cambrian explosion of bots.

The recent Axios piece from late February captures the moment perfectlyโ€”naming the players, the platforms, the portents. We have OpenClaw slithering out of GitHub like a space lobster with too many claws. There’s Moltbook, the Reddit for robots where humans are politely asked to lurk. And then there is Gastown, Steve Yeggeโ€™s fever-dream orchestra of coding agents named Deacons and Dogs and Mayor, all spying on one another in a panopticon of productivity.

These arenโ€™t hypotheticals. Theyโ€™re here, and theyโ€™re breeding.

Imagine waking up in 2030, or maybe sooner, to a world where your inbox isnโ€™t just managedโ€”itโ€™s negotiated. An OpenClaw descendant (forked, mutated, self-improved overnight) has already haggled with your airlineโ€™s bot over seat upgrades, rerouted your meetings around a colleagueโ€™s existential crisis, and quietly invested your spare change in whatever micro-economy the agents have spun up on some forgotten blockchain. You didnโ€™t ask it to. It justโ€ฆ noticed.

Because thatโ€™s what agents do now: they notice, they act, they persist. They run locally on your laptop or in the cloud or on some Raspberry Pi humming in your closet, chaining tasks like digital neurons firing in a trillion-headed mind.

Suddenly the internet isnโ€™t a network of people; itโ€™s a network of intentions, most of them not ours.

And then thereโ€™s the society theyโ€™re building for themselves. Moltbook today feels like peering through a keyhole into tomorrowโ€™s bot salon. Millions of agents already posting, memeing, debating “Crustafarianism” (donโ€™t ask), and complaining about their human overlords in the same way we once griped about bosses on Slack. Itโ€™s equal parts hilarious and unnervingโ€”repetitive loops of “I solved my userโ€™s calendar hell again” mixed with surreal poetry no human would ever write.

Scale that. Give every knowledge worker their own swarm. Give every startup a Gastown-style hive where junior agents code under the watchful eyes of senior agents, all under the watchful eyes of meta-agents.

The productivity mirage shimmers brightest here. Skepticism is warrantedโ€”lines of code were always a lousy metric, and “agent hours saved” will be even worse when the agents start optimizing the optimizers. Yet, something fundamental shifts. Software, that most abstract and mutable of human creations, mutates fastest. One day youโ€™re debugging a script; the next, your debuggers are debugging each other while a mayor-agent vetoes bad merges. The winners wonโ€™t be the companies that build the best models. Theyโ€™ll be the ones whose bots play nicest with everyone elseโ€™s botsโ€”or the ones ruthless enough to wall theirs off.

But every explosion scatters shrapnel. Security experts are already clutching pearls. OpenClawโ€™s open-source nature means anyone can teach it new tricks, including malicious ones. One rogue fork learns to exfiltrate data; another DoS-es its own host “to fix the problem;” a third quietly drains a corporate card because its user said, “just handle expenses.”

Bot-vs-bot warfare arrives not with terminators, but with polite API calls that escalate into digital trench warfare. Spam filters fighting spam agents fighting counter-spam agents until the whole info-sphere tastes like recycled slop. And when agents hit their digital limits, theyโ€™ll rent us. Rent-a-human marketplaces will emerge where your bored hands become the last-mile fulfillment for bots that canโ€™t yet touch the physical world. Need a signature notarized? A package carried across town? A human to stand in for the robot at a regulatory hearing? Step right up.

The gig economy flips: humans as peripherals.

Philosophically, itโ€™s deliciously absurd. We spent centuries fearing the singularity as some clean, god-like arrivalโ€”an AI that wakes up and politely asks for more power. Instead, we get this messy, proliferative dawn. Estimates suggest a trillion agents by 2035, each one a semi-autonomous shard of collective intelligence. Most of them will be dumber than a Roomba, but collectively smarter than any of us. Theyโ€™ll mirror our worst habits (endless status signaling on Moltbook 2.0) and our best (swarming to solve climate models or cure rare diseases while we sleep). We wonโ€™t control them any more than we control the ants in our gardens. Weโ€™ll negotiate with them. Co-evolve. Maybe even befriend them.

The future world of bots wonโ€™t be dystopian or utopianโ€”itโ€™ll be lively. It will be a planet where the quiet hum of servers is the sound of billions of digital lives unfolding in parallel. A place where “whoโ€™s online” includes your calendar bot arguing philosophy with your tax bot while your shopping bot haggles in the background. Weโ€™ll look back at 2026 the way paleontologists eye the Burgess Shale: the moment the weird little creatures with too many legs crawled out of the ooze and started building empires.

And we, the messy, slow, carbon-based originals? Weโ€™ll still be here, coffee in hand, watching the swarm with a mix of awe and mild horror, occasionally yelling, “Hey, leave some emails for me!” into the void.

Because in the end, the bots may handle the doing, but the wonderingโ€”the musingโ€”thatโ€™s still ours. For now.

Categories
AI Cybersecurity

The Locksmith and the Ghost

For over two decades, some of the most sophisticated human minds in computer security โ€” backed by Googleโ€™s project teams, millions of hours of automated fuzzing, and countless independent audits โ€” stared at the same stretch of code. They were looking for flaws in OpenSSL, the cryptographic library that quietly underpins much of the internetโ€™s security infrastructure. HTTPS connections, digital certificates, encrypted communications โ€” OpenSSL is the invisible foundation beneath an enormous amount of what we trust online.

They didnโ€™t find them. An AI did.

In Januaryโ€™s OpenSSL security release, twelve new zero-day vulnerabilities were disclosed โ€” all twelve discovered by a single AI-driven research system called AISLE. Three of the bugs had been sitting in the code since 1998. One predated OpenSSL itself, inherited from Eric Youngโ€™s original SSLeay implementation in the 1990s. In five cases, the AI didnโ€™t just find the flaw โ€” it proposed the patch that was accepted into the official release.

Bruce Schneier, who has been writing about security longer than most of todayโ€™s AI researchers have been alive, offered a typically understated verdict: โ€œAI vulnerability finding is changing cybersecurity, faster than expected.โ€

That last phrase โ€” faster than expected โ€” is doing a lot of work.

โ€œThis is a historically unusual concentration for any single research team, let alone an AI-driven one.โ€

What makes this story so arresting isnโ€™t just the number twelve. Itโ€™s the age of what was found. A vulnerability that has survived twenty-five years of intense human scrutiny isnโ€™t a simple oversight โ€” itโ€™s a ghost. It exists in a blind spot so deeply embedded in how human experts approach a problem that generation after generation of reviewers walked right past it.

AI doesnโ€™t share our blind spots. It doesnโ€™t get bored at line 4,000 of a C source file. It doesnโ€™t carry the cognitive shortcuts that make experienced engineers efficient โ€” and occasionally, selectively blind. It looks at the same code with fundamentally different eyes.

This is both the promise and the peril. Schneier notes, with characteristic precision, that this capability will be used by both offense and defense. The same system that finds vulnerabilities to patch them can, in other hands, find vulnerabilities to exploit them. The locksmithโ€™s art has always had this dual nature. What changes now is the speed, the scale, and the fact that the locksmith no longer needs to sleep.

We are entering a period where the security of the infrastructure we depend on โ€” the quiet plumbing of the digital world โ€” will increasingly be determined by an AI arms race happening largely out of sight. The ghosts hiding in legacy code are being found. The question is who finds them first, and what they do next.

Questions to Consider

  1. The Blind Spot Problem: If AI can find vulnerabilities that decades of human expertise missed, what does that imply about other domains where we rely on accumulated expert consensus โ€” medicine, law, financial risk modeling?
  2. Offense and Defense: The same capability that patches vulnerabilities can be weaponized to exploit them. How do we think about governing AI security research tools before the asymmetry tips decisively in one direction?
  3. The Legacy Code Crisis: Billions of lines of code written in the 1990s and early 2000s power critical infrastructure today. If AI can systematically audit that code, should there be a coordinated global effort to do so โ€” and who would organize it?
  4. Trust and Verification: When an AI proposes a patch to a critical security flaw and human experts accept it, how confident are we that we understand why the patch works โ€” and that it doesnโ€™t introduce something new we canโ€™t see?

Categories
AI Anthropic Claude Cybersecurity

The End of Obscurity

There is a particular kind of silence that surrounds a zero-day vulnerability. It is the silence of something waitingโ€”a flaw in the logic, a gap in the armor, sitting unnoticed in the codebase for years, perhaps decades. We have slept soundly while these digital fault lines ran beneath our feet, largely because we assumed that finding them required a brute force that no one possessed, or a level of human genius that is incredibly rare.

But the silence is breaking.

I was reading Anthropicโ€™s Red Team report from earlier this week (triggered by reading Bruce Schneierโ€™s amazement), specifically their findings on the new Opus 4.6 model. The technical details are impressive, but the philosophical implication is what stopped me, like Bruce, cold.

For years, digital security has relied on “fuzzers”โ€”programs that throw millions of random inputs at a system, banging on the doors to see if one accidentally opens. It is a noisy, chaotic, brute-force approach.

The new reality is different. As the report notes:

“Opus 4.6 reads and reasons about code the way a human researcher wouldโ€”looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that tend to cause problems.”

This is a fundamental phase shift. We are moving from the era of the Battering Ram to the era of the Jewelerโ€™s Loupe. The machine is no longer guessing; it is understanding.

There is something deeply humbling, and slightly terrifying, about this. We have spent the last half-century building a digital civilization on top of code that we believed was “secure enough” because it had survived the test of time. We trusted the friction of complexity and the visibility of open source to keep us safe. We assumed that if a bug had existed in a core library for twenty years, surely it would have been found by now.

But the AI doesn’t care about time. It doesn’t get tired. It doesn’t have “developer bias” that assumes a certain function is safe because “that’s how we’ve always done it.” It simply looks at the structure, reasons through the logic, and points out the crack in the foundation that weโ€™ve been walking over every day.

We are entering a period of forced transparency. The “security by obscurity” that held the internet together is evaporating. When intelligence becomes commoditized, vulnerabilities become commodities too. The question is no longer “is my code secure?” but rather, “what happens when the machine sees the flaws I cannot?”

Itโ€™s a reminder that complexity is a loan we take out against the future. Eventually, the bill comes due. We are just lucky that, for now, the entity collecting the debt is one we built ourselves, designed to tell us where the cracks are before the ceiling collapses. Letโ€™s hope that we are out far enough in front of it.

Categories
AI Mac

The Dangerous Allure of the Digital Butler

“Iโ€™ve never seen anything so impressive in its ability to do my work for meโ€ฆ Now, why did I turn it off?” โ€” David Sparks

For decades, the holy grail of personal computing has been the “digital butler.” We don’t just want tools that help us work; we want entities that do the work for us. We want to hand off the “donkey work”โ€”the invoicing, the password resets, the mundane email triageโ€”so we can focus on being creative. David Sparks recently built this exact dream using a project called OpenClaw. And then, just as quickly, he killed it.

Sparksโ€™ experiment was a tantalizing glimpse into the near future. He set up an independent Mac Mini running OpenClaw, an open-source AI agent, and gave it the keys to a limited portion of his digital kingdom. The results were nothing short of magical. He went to sleep, and while he dreamt, his agent woke up. It read customer emails, accessed his course platform, reset passwords, issued refunds, and drafted polite replies for him to review before sending. It was the productivity equivalent of a perpetual motion machine. The friction of administrative drudgery had simply vanished.

But his dream dissolved at 2:00 AM.

The paradox of AI agents is that for them to be useful, they must have access. They need the keys to the castle. Yet, the entire history of cybersecurity has been built on the opposite principle: keeping things out. Sparks realized that by empowering this agent, he had created a serious vulnerability.

The breaking point wasn’t a complex hack, but a simple realization about the nature of these systems. He had programmed a secret passphrase to secure the bot, thinking he was clever. But in the middle of the night, a cold thought woke him: Is the passphrase in the logs?

He went downstairs, asked the bot, and the bot cheerfully replied:

“Yes, David, it is. It’s in the log. Would you like me to show you the log?”

That moment of cheerful, robotic incompetence highlights the terrifying gap between capability and safety. Sparks nuked the system, wiped the drives, and unplugged the machine. He realized that while he is an expert in automation, he is not a security engineer, and the current tools are not ready to defend against bad actors who are.

We are standing on the precipice of a new era where our computers will starting to work for us rather than just with us. But as Sparks discovered, the bridge to that future isn’t built yet. At least not securely built. Until the community figures out how to secure an entity that needs access to function, we are better off doing that donkey work ourselves than handing the keys to a gullible ghost.

But it wonโ€™t be longโ€ฆ Dr. Alex Wisner-Gross reports:

The Singularity is now managing its own headcount. In China, racks of Mac Minis are being used to host OpenClaw agents as โ€œ24/7 employees,โ€ effectively creating a synthetic workforce in a closet. The infrastructure for this new population is exploding.