Paco Villetard

We're coming out of stealth to announce our cyber defense research lab. We are exploring data and post-training techniques to build superhuman cyber defenders. Our mission is to make sure the West always wins. The last 3 months we've built an automated data pipeline to create training data from 80k CVEs (aka public vulnerabilities). Our next topic? Post training a model that's better at fixing all the vulnerabilities in your codebase. Like really fixing them. Not saying it's secure when there are still ways to exploit them. Here are the questions that keep us awake at night: How do you train a model to defend without improving its capabilities to attack? What's the right reward? How to measure the defense capabilities? How do you create synth training data that reproduces real systems? What kind of access do you give an ai cyber defender? How far can you trust it? If you know insanely good cyber experts (red team, blue team, CTF aficionados) or ML engineers (synth data generation and post-training models), send them my way. We need to make models far better at defending.

@GregoireGambatt don't forget to upload the receipts greg

my cofounder @pacovilletard is cooking

ok, that's funny 😁

@AymericRoucher 😂

Ambition nationale sur l'IA: > aux US: maîtriser l'ensemble de la chaîne de valeur, de l'industrie des semi-conducteurs jusqu'aux applications > en France: payer des formations "prompting ChatGPT"

If you've ever wondered what Poolside was up to... They've been cooking! They just released Laguna XS and M, their first ever public models, on Hugging Face: - Two coder models: one is 225B params, of which 23B active, the other is 33B-3A. - hybrid attention: global v. sliding window in a 3:1 ratio - kv cache quantized in FP8 - SOTA results, on par with Qwen-3.5! - apache 2.0 (so a real open-weights) They also released pool, their CLI coding agent. With this performance, Poolside just entered the big game. Congrats, huge release!

Gemini, what are you doing?

I'll be at the National Security Hackathon this weekend. Who will be there? cerebralvalley.ai/e/3rd-annual-n…

Is your Opus 4.7 also panicking sometimes?

@willccbb's RL workshop is really good with a lot of insights on how to improve your evals and RL tasks youtube.com/watch?v=cixmqT…

@nicbstme hahaha amazing!

It’s official, Warren and I are vibing at Microsoft.

@davefontenot my wife is and she’s good. but i’m heavily biased obviously. do you want an intro?

Looking for a chief of staff

@lucaronin Seems amazing. I'm trying it right now

Introducing Tolaria! 💧 Today I am releasing a macOS desktop app for managing markdown knowledge bases, and helping both AI and humans operate them. It’s free and open source, and always will be. I have been working on it for three months, and I now use it to run my life and work. I personally have a massive workspace of 10,000 notes — the result of 6 years of Refactoring — which I now operate on Tolaria. Tolaria is the main collaboration surface with my AI agents: they create new notes there, connect them to what exists, and edit existing ones. Everything is easy to understand for them, because it’s just markdown files. In a way, it’s my implementation of @karpathy's LLM wiki. Tolaria is also the biggest experiment I have ever run about writing software with AI: • 2000 commits • 100K+ lines of code • 3000+ tests / 85% coverage • 9.9/10 code health • 70+ architecture decision records I am releasing it open source also to use it as a living artifact of how I do AI coding, so you can inspect at any time things like how I write docs, what's in my AGENTS file, what hooks do I run, and so on. You can find it below: • Newsletter announcement: refactoring.fm/p/introducing-… • Website: tolaria.md • Github repo: github.com/refactoringhq/… Let me know your thoughts!

@roxannevarza thank you!

@pacovilletard Love this 👏👏👏

We're coming out of stealth to announce our cyber defense research lab. We are exploring data and post-training techniques to build superhuman cyber defenders. Our mission is to make sure the West always wins. The last 3 months we've built an automated data pipeline to create training data from 80k CVEs (aka public vulnerabilities). Our next topic? Post training a model that's better at fixing all the vulnerabilities in your codebase. Like really fixing them. Not saying it's secure when there are still ways to exploit them. Here are the questions that keep us awake at night: How do you train a model to defend without improving its capabilities to attack? What's the right reward? How to measure the defense capabilities? How do you create synth training data that reproduces real systems? What kind of access do you give an ai cyber defender? How far can you trust it? If you know insanely good cyber experts (red team, blue team, CTF aficionados) or ML engineers (synth data generation and post-training models), send them my way. We need to make models far better at defending.

thanks for all your dms, i'll get back to everyone asap

@obrien 😂 We are located right next to this place

@pacovilletard Hey, your site says you're located at 15th & Mission? So, right across from the San Francisco Armory? Wonder if that place is still owned by Kink.com. You dudes may well be at Ground Zero for Internet Porn! Well done! Also, lots of good burritos nearby.

@hthieblot ty ❤️

@pacovilletard nice

@poledesfetes 🙏

@pacovilletard 🔥

@MentorNotPseudo thanks!

@pacovilletard Congrats on the launch!

@GuillaumeMbh oh yeah!! 🙏

@pacovilletard To the moon and beyond 🚀🚀🚀

@satpugnet thank you 🙏

@pacovilletard Congrats guys

@cosimo_dauve it is!

@pacovilletard so exciting