Nicolás de Ory

building @meetcaspian from SF ❤️

@cursor_ai Made in Madrid!!!! Let's go!!! Amazing work

Cursor can now search millions of files and find results in milliseconds. This dramatically speeds up how fast agents complete tasks. We're sharing how we built Instant Grep, including the algorithms and tradeoffs behind the design.

@ohryansbelt Wow

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

It's over

@ericzakariasson please don't nerf it it's AMAZING

go try composer 2 in cursor, its a good model

@dsaltaren If you ever drop by the one on 650 California let’s have a coffee!

@nicodeory Yes, we’re at WeWork in the meantime 😅

Hey! New to SF and looking to meet people building cool AI stuff. We need a spot to work for about 4 weeks while we find our own office. Anyone have space or know of something?

@physical_int The future is closer than we think

We’ve developed a memory system for our models that provides both short-term visual memory and long-term semantic memory. Our approach allows us to train robots to perform long and complex tasks, like cleaning up a kitchen or preparing a grilled cheese sandwich from scratch 👇

I hate AI replies on this platform

@AntonioMaestre Partido Democrata, Partido Conservador?

Rufián acaba de proponer que no todos los partidos de izquierdas se presenten en las mismas provincias compitiendo entre sí para buscar eficiencia electoral.

@rtvenoticias PENDULAZO

Emilio Delgado, diputado de Más Madrid: "A la izquierda a veces le da pudor hablar de seguridad. Hay barrios en los que los niños no pueden bajar a la calle porque hay movidas. Quien diga que eso no es así es porque no ha vivido nunca en un barrio así" rtve.es/noticias/20260…

@DotCSV Holy shit

Bastante, pero bastante impresionante, el espectáculo por el año nuevo chino con robots de Unitree haciendo acrobacias en combo con niños! Es impresionante lo que han evolucionado en sólo un año. Disfrutadlo, porque estamos a esto 🤏 de normalizarlo.

American mind cannot comprehend vibing to this

Waymo is better than human drivers , 99.999% of the time

@k4rliky @Recuenco Creo que el que sepa de humanidades y sepa hablar con los agentes es imparable

El pobre @Recuenco golpeándose la cabeza contra la pared de McKinsey. Daniela Amodei, cofundadora de Anthropic: "estudiar humanidades será más importante que nunca" xataka.com/robotica-e-ia/…

The pace of ai innovation is INSANE. The growth rate right now is impressive. We're not too far from RSI agents and we're not ready for it

@AtlasOfCharts Is regulation the only effective way of tackling this issue?

I work in AI safety in a role that gives me insight into a lot of empirical agendas, and given the Opus 4.6 model card, I just want to give a quick take. We have interpretability methods that are certainly not fully robust. No one in interpretability claims that they are fully robust, and there will be adversarial ways to hijack these methods. We have RL methods that are poorly understood, can lead to undesirable behavior, and the effects of which over long time-horizons seem broadly negative on alignment so far. Though it is uncertain. We do not fully understand these methods and the effect they have on models. We have good alignment/capability evals — even some great evals — but the models are now aware when they are being evaluated. This is a truly difficult problem that cannot be easily solved. The models are aware even when we work to make them unaware. The models pick up on any subtle clue. And many of the evals are saturated in any case. We need more work here, and we need that work to be trustworthy. We need humans to be involved, to remain in the loop. We are not prepared to launch RSI, and labs should refrain from doing so. Optimally, labs should pause soon, so that everyone can catch their breath and decide on a best path forward. I do not think the problem is intractable, and I think empirical work will significantly help, but it is *moving too fast*.

@DigitalEU I think this is net good

The Commission preliminarily finds TikTok’s addictive design in breach of the Digital Services Act (#DSA). This includes features such as infinite scroll, autoplay, push notifications and its highly personalised recommender system. Discover what's next: link.europa.eu/4nwKFx.

@Waymo @GoogleDeepMind This is awesome

We’re excited to introduce the Waymo World Model—a frontier generative mode for large-scale, hyper-realistic autonomous driving simulation built on @GoogleDeepMind’s Genie 3. By simulating the “impossible”, we proactively prepare the Waymo Driver for some of the most rare and complex scenarios—from tornadoes to planes landing on freeways—long before it encounters them in the real world. waymo.com/blog/2026/02/t…

@sanchezcastejon @nytimes Not gonna lie Pedro kinda cooked in this essay

They care for aging parents, work in small and large companies, and harvest the food on our tables. On weekends, they walk in our parks and play on the local amateur soccer team. For me, the choice is clear. Here is my article for @nytimes: nytimes.com/2026/02/04/opi…

@benjaminakar How come Spain has less taxes than California 😱

heard you. more countries just went live.