Daniel Knight

@shiri_shh Such a cool startup. I hope they do great!

Farmer pays $5–$8 per cow per month. A New Zealand company puts a solar-powered smart collar on cows. It tracks location 24/7, health, temperature, chewing activity, breeding. Farmer just opens a simple app and draws a line on the map. That line becomes the fence. As cows approach the boundary, the collar beeps and vibrates. With one tap, the whole herd moves to fresh grass or the milking shed. No physical fences. Less labor. Huge cost savings for farmer. Already on 700k cows across New Zealand, Australia, and the US. and now in talks to raise at a $2B valuation led by Peter Thiel.

@Govindtwtt IDK what you are talking about. You can describe a bug super vaguely and codex will identify it pretty seamlessly.

Before LLMs: Coding: 3 hours Debugging: 1 hour … .. . After LLMs: Coding: 3 minutes Debugging: 1 week

@Austen People that do this almost devalue the excitement of closing logos. If from a quick glance everybody sells to Cursor then what is it worth lol.

New logo wall for our website what do you think?

I don't know how someone uses up the $200 Claude plan. I use the $100 plan all day every day and never hit limits.

@Rasmic They have to be at a 50B valuation...

Cursor is no longer just an IDE They are an AI lab.

@TMZ a true tragedy.

🕊️ Chuck Norris has died at 86. tmz.me/N3EVxQe

@mitsuhiko We are 1 year into our startup and only just beginning our audit period for SOC2

I was already curious how so many startups these days are SOC 2 Type II compliant …

@ohryansbelt Wow…that’s crazy…

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

claude and codex reviewing my PR

A lot of people claiming "Worlds First" on things...

The new security frontier for LLMs; SIEM evasion blog.vulnetic.ai/the-new-securi…

@Dinosn Hey, thanks for sharing this!

@Tri_Stanisaurus airport was great when I came and visited week before SXSW...

Just know, as a native austinite, when I hear people complaining about our airport not being " viable" or not a real international airport, It lets me know that they only come here during South by Southwest. They are tourists, and their opinion holds no weight.

We use frontier models for our agent. We have zero retention and have in writing that providers don't use our data for training. These are policies other technologies like cloud have had like data retention agreements, pre-AI. I just do not think the model providers are all that interested in some random XSS...

If you're using frontier LLMs for pentesting, you're basically training the very systems you should be questioning. Think about it. Every request you send, every response you analyze, every tool call you make — it’s not just your workflow. It’s data. Valuable data. Target structures, endpoints, payloads, sometimes even credentials or sensitive logic — all flowing straight into someone else’s model. While you’re trying to find vulnerabilities, you might also be unknowingly helping improve their detection, defenses, and intelligence. And what do you get in return? No ownership. No control. No guarantee your methods stay private. No real edge. You’re contributing to a system that learns from you faster than you can benefit from it. Personally, I believe local LLMs are the real future for serious pentesters. Full control, better privacy, and the ability to truly own your workflows and data — that’s where the real advantage lies. Let me know what you guys think :)

Claude is down...

@rotarydrone We have done this. TLDR. the models perform well but degrade as time goes on. Happy to share thought traces of our agent making risk calculations off of how risky placing a RAT is.

Now do it against an enterprise security stack and see how it handles opsec decisions

@ZackKorman to be honest I read the posts by CrowdStrike and I don't know what they are doing...

Crowdstrike, announcing this weird AI security thing with NVIDIA, decided the appropriate person to ask for a quote was the Chief Business Officer. Who then used AI.

I see all this talk about agents needing wallets to perform payments. I don't really see the benefit of it yet.

@jjamesaung @AISecurityInst Happy to connect. All our benchmarking now involves SIEM and WAF.

@DanielKnightCEO @AISecurityInst would be interested to hear more about what you're seeing in terms of SIEM evasion! measuing agents on opsec is soemthing we're interested in doing next

Can AI agents conduct advanced cyber-attacks autonomously? We tested seven models released between August 2024 and February 2026 on two custom-built cyber ranges designed to replicate complex attack environments. Here’s what we found🧵