@jasonlk Isn't that the default mode anyways for folks making that type of $?
English
Anand Sheth / Consistently Deliver Top CX at Scale
6.5K posts
Anand Sheth / Consistently Deliver Top CX at Scale
@AnandSheth2
My goal: Free financial advisors up from ridiculously repetitive time-consuming manual work so they can grow & spend more time with clients.
United States Katılım Ocak 2018
731 Takip Edilen535 Takipçiler
Imagine you are a Director, Product at a large SaaS company
You make say $185k base, $50k bonus, pull $50k-$100k in RSUs (less now because stock is down). It's ... fine.
Your CEO tells you everyone has to work much harder because of "AI". Gotta "go, go, go"
Would you?
English
@anna_y_zhang Why go through all that trouble when you can connect posthog to Claude? I have and can ask the same questions.
Now @posthog mcp is finicky and breaks authentication all the time. So hoping they fix their mcp
English
I don't understand how CRMs, Portfolio Reporting and Financial Planning software survives.
We are 100% moving into a world where your data lives in spreadsheets, stored in a central location and we will perform whatever task, research, and create whatever report we want from the agent which will fetch the data and present it in whatever format you want.
Fixed software is dead.....
The Village, OK 🇺🇸 English
@steipete Any plans for Windows or Linux?
English
Peekaboo 3.0 is live. Biggest release since 2.0.
⚡ Action-first macOS computer use
👁️ Unified screenshot + UI detection
🧩 Cleaner JSON across CLI + MCP
🛠️ Better snapshots
I started this last year, but the models just weren’t good enough. Now they are. peekaboo.sh
English
@zach_yadegari Congrats man! Amazing.
English
I'm 19 years old.
At 16 I sold my unblocked gaming website for $100k.
At 18 I sold Cal AI while at $40M ARR.
Now, my co just hit $300K MRR a month after launch.
The most important lesson I've learned to be successful in consumer is to dumb everything down.
1) Demonstrate the value of your product in 3 seconds or less in any advertising material.
2) Write messaging as if you are talking to a 3rd grader.
3) Make buttons so obvious that you can't get lost.
The is the key concept that makes apps viral and also high converting.
English
@Davidstrolder How are you managing copyright issues from book publishers/authors?
English
Stop reading books and start talking to them 🗣️
• Get life advice
• Debate their deepest ideas
• Vent about your problems
English
@jakemor Interesting. And would you collect data about our codebase or other relevant info?
English
I’ll pay for your claude code / codex subscription. 100% free, but with a catch.
I’ll prompt inject notes from advertisers selling Saas your codebase could benefit from.
No monkey business just a note from an advertiser, readily available for your agent to use, should the two of you agree.
Would you use this?
English
@Shpigford What's terrible about the software in this space? Asking cause we are literally building a solution (albeit for financial advisors/professionals). Would be interesting to see if we can make it for all instead.
English
i'm slowly coming around to cold email as a sales strategy 🫣
that being said, WHY IS ALL OF THE SOFTWARE IN THIS SPACE UNIVERSALLY TERRIBLE?!?!?!?!
i've tried a dozen options and every. single. one. of. them. is the worst software i've ever used.
English
@EricSimons Lol they won't and can't
English
If Google releases a coding model that outperforms opus/codex
I don’t think people are pricing in what that would mean
English
I have three major issues with Gemini. I hope @GoogleAI is listening:
1. Coding: Antigravity with Gemini 3.1 Pro is weak compared to Codex and even to Opus 4.7, which is also very weak compared to Codex.
2. Gemini AI Studio's missing usage tracking for a given API key. Why introduce many keys if not for tracking the usage per key in order to optimize the pipeline?
3. Recitation error in OCR/information extraction use cases. You submit a cover image of a document and ask to extract the title and the list of authors, and the request is rejected for copyright violation. This is just crazy. Information extraction is THE major use case for vision LLMs.
You can do better, @GoogleAI.
English
@apihog @weezerOSINT What?! You are saying that disclosure of hundreds of emails is acceptable??? Thats your stance?
English
@weezerOSINT yes i did, and they probably don't see an issue with this key being public and have accepted the risk of whats being returned from this key. this, again, is normal for bug bounty programs, especially due to how much of a non-issue this really is
English
i went to clickup.com. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request.
got back 959 email addresses and 3,165 internal feature flags.
employees from Home Depot. Fortinet. Autodesk. Tenable. Rakuten. Mayo Clinic. Permira. Akin Gump. government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland Australia, and New Zealand. a Microsoft contractor. 71 clickup employees.
fortinet sells enterprise firewalls. tenable makes Nessus, the vulnerability scanner half the industry runs. their employees emails are exposed because clickup hardcoded a third party API key in a javascript file that loads before you even log in.
this was first reported to clickup through hackerone on January 17, 2025. its now April 2026. the key has not been rotated. i just pulled the response five minutes ago. every email is still there.
clickup raised $535 million at a $4 billion valuation. claims 85% of the Fortune 500 use their platform. looks like the proof is in the page source.
English
@cossssmin @wesbos @internetofshit Wait, what? You can get MX mouse fully working on Linux? Care to share how? Would love to get full functionality of this powerful mouse working on Linux.
English
@wesbos @internetofshit Had stuff like horizontal scroll that actually scrolls horizontally (and not through open Chrome tabs) saved to the mouse since no Logitech app on Linux 👌
English
Logitech's servers are down, so LogiOptions+ doesn't load, which means my mouse no longer works. @internetofshit
Took 5 mins and ported everything over to Better Touch Tool. Uninstalled that awful app.
English
@rauchg You still have not made it clear if this risk is still active or have you locked down everything? From the sound of your post, you all don't yet know the answer to that. Saying rotate keys is premature since if the attacker still has access, new keys will be harvested too
English
I want to keep everyone updated on the details of the security investigation.
The team performed an in-depth analysis to search for root causes and to better understand the behavior of the threat actor.
We cast a very wide net, pulling and processing nearly a petabyte of logs of the entire Vercel Network and API, extending well beyond the initial Context[.]ai compromise.
We now understand that the threat actor has been active beyond that startup's compromise. Threat intel points to the distribution of malware to computers in search of valuable tokens like keys to Vercel accounts and other providers.
Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables.
As a result:
◾We've deepened and widened our collaboration with partners across the industry, like Microsoft, AWS and Wiz, to further protect the broader internet.
◾ We've notified other suspected victims of this threat actor, independent of this event, encouraging them to rotate credentials and adopt best practices.
We've also shipped a bunch more product enhancements. I'm extremely thankful to our team and industry partners for working around the clock. For more details on the ongoing investigation, refer to our security bulletin:
vercel.com/kb/bulletin/ve…
English
@thsottiaux And better yet, see CC. Do what they have. Better skills, plugins, mcp, tools. Stop telling me 'I can't do that'
English
@thsottiaux Its loading all my mcps all the time i change into new work. WTF!!!! Load them when I need them. I have had failing mcps block me for over 30 seconds to even get going. Jeez
English
@CISACyber What? Was this not addressed 3 weeks ago?
English
🚨 Cyber threat actors compromised versions (1.14.1 and 0.30.4) of Axios npm, allowing unauthorized access to downstream systems. Review our Alert for detection and remediation guidance. 🔗 go.dhs.gov/5kW
English
@Lovable Wait..what? You did not suffer data breach..you just implemented shitty security practices is what you are saying.
And according to @weezerOSINT - you did not fix for older projects.
English
We were made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility settings.
To be clear: We did not suffer a data breach.
Our documentation of what “public” implies was unclear, and that’s a failure on us.
Specifically for public projects, chat messages used to be visible — this is now no longer possible.
When it comes to code of public projects: That is intentional behavior. We have experimented with different UX for how the build history is surfaced on public projects, but the core behavior has been consistent and by design.
Importantly, for enterprise customers, being able to set visibility to public for new projects has been disabled since May 25, 2025.
English
18 hours ago was the update. Your @vercel security bulletin has not posted an update for 16 hours.
What's going on @rauchg? Is Vercel secure now?
Guillermo Rauch@rauchg
Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.
English
@joeyeomanss @orcdev @infisical It doesn't remove the fact that you still gotta go and rotate keys everywhere. Plus now you introduce a new vendor with secrets. Sighhhhh
English
I have too many projects
spent 2+ hours updating env vars across everything
Vercel@vercel
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…
English
@weezerOSINT @Lovable any response? Are you this cavalier with user data?
English
Lovable has a mass data breach affecting every project created before november 2025.
I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account.
nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.
English