Rob Terrin

@eliedelkind @ZackKorman @cava Haha, yes. I felt sad too. A Cava opened five mins from our house last fall, and it's the perfect dinner option for young families when you're tired of cooking and the delivery apps.

@RobTerrin @ZackKorman @cava Norway does deserve some tasty Mediterranean, doesn’t it. The way he did say “food.” Made me sad. I do think we’ll be there some day. I can’t wait to visit for that grand opening…

Ha ha. My AI induced and supported rabbit hole and rambling from last night got quoted. But I’m most proud of the shout out to geo-blocking. Geo-blocking is your friend kiddos.

@semil I have a fondness for Morgan's Market. Wide selection of quality brands and always good pre made food, plus the grill is pretty solid. Pricey though

Q for NYC friends - your personal favorite best-curated small grocery store / deli / bodega in lower Manhattan?

@daveaitel True, but also an allergy to authority...

Counterpoint: if you throw a rock in a random direction at Defcon or Blackhat you will hit someone with a blue belt or above in BJJ

@PrivatEquityGuy Well said!

Starting a search fund solo is a good idea. Keep reading... Solo searchers have returned an IRR of 27.4% compared to partnership returns of 40.3% in 2022. Partner search ROI was 3.8x compared to 2.9x for solo searchers in this 2022 study, an improvement from 3.7x and 2.4x in the 2020 study. While partnered searches have outperformed solo searches in the aggregate, we have seen an increase in the number of solo searchers with returns greater than 5x and 10x in the last decade. Post 2009, 52% of funds returning 5x or greater were run by a solo searcher. Prior to 2009, only 18% of funds that returned more than 5x were led by solo searchers. Timestamps in today's 5 Minutes in the Lower Middle Market: 0:00 Patience as an investor, impatience as an operator 1:02 Solo search vs. partnered search fund 2:15 The rise of exceptional solo search outcomes 3:38 How to attract A+ talent into a small business 5:06 The lower middle market rewards fit

@cljack @headwaysmatter Healthcare, in that disease is an adversarial third party.

@headwaysmatter I do think the information asymmetry being a function of adversarial 3rd party capabilities is an interesting feature of the cybersecurity market, can’t think of any other similar markets off the top of my head … are there?

Surely there's got to be some economic literature on markets with this kind of extreme information asymmetry. Anyone got any?

@cljack Warranties are a thing in many markets. They are also available in cybersecurity, but haven't lived up to their promise. Info asymmetry is usually solved one of three ways: insurance/warranty products, regulations/audits or customer reviews.

@eliedelkind In a word: marketing

Wow. That makes sense. Wild. “The cybersecurity industry seems small compared to the addressable market for the foundation AI labs. Why are OpenAI and Anthropic spending so much time marketing their LLMs with Mythos and Daybreak when it really is just doing SAST? Isn’t there better use of their funds/time?” Answer below 1/ I think your instinct is mostly right if you view Mythos/Daybreak as a standalone cybersecurity business. The security-tooling TAM is meaningful but not foundation-lab-scale: Gartner projected worldwide end-user information-security spending at $213B in 2025 and $240B in 2026, while IDC projected broader AI spending, including applications, infrastructure, and services, to reach $632B by 2028. Those are not perfectly comparable categories, but they support your point that “AI broadly” is the bigger prize. Where I disagree slightly is with “it really is just doing SAST.” The product wedge looks like SAST, but the strategic asset is not SAST. OpenAI’s own Daybreak page describes secure code review, threat modeling, patch validation, dependency-risk analysis, detection, and remediation guidance inside the development loop, with different access tiers for GPT-5.5, GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber. Codex Security is still repo-scanning at the surface, but OpenAI says it is intended to read code, run tests, explore realistic attack paths, reproduce issues, and propose patches, which is closer to “AI AppSec researcher in the SDLC” than classic SAST. The honest framing is probably: SAST++ as the GTM motion; controlled cyber-capable agent deployment as the real strategy. Why would OpenAI and Anthropic spend attention here? First, cybersecurity is a proof point for agentic reasoning. It is one of the few enterprise domains where a model can show concrete technical value: find bug, reproduce bug, exploit or validate bug, patch bug, verify patch. That is far more compelling than a generic “AI assistant improves productivity” demo. Anthropic claims Mythos found thousands of zero-days, including in major operating systems and browsers, and gives examples involving OpenBSD, FFmpeg, and Linux kernel exploit chaining. Those claims deserve external validation, but the shape of the work is clearly beyond linting or simple source-to-sink scanning. Second, this is a safety and policy narrative as much as a product. If frontier models can materially lower the cost of vulnerability discovery and exploit construction, labs need a story for regulators, governments, and enterprise CISOs: “we are giving defenders a controlled head start.” Anthropic explicitly says Project Glasswing is for critical software and says partners will use Mythos for local vulnerability detection, black-box binary testing, endpoint security, and penetration testing; OpenAI says Daybreak pairs expanded defensive capability with trust, verification, safeguards, and accountability. Third, the spend is probably not as large as it looks. Anthropic’s headline commitment includes up to $100M in model usage credits plus $4M in donations to open-source security organizations, which is meaningful but not equivalent to spinning up a whole new foundation-model training program. OpenAI’s Daybreak appears to package existing assets: GPT-5.5, GPT-5.5-Cyber, Trusted Access for Cyber, Codex, and security partners. That is marketing, packaging, access control, and applied product work layered on top of capabilities the labs already need for coding agents.

@KiyoakiOkojo @bedouincap Only? That's like 0.06% of businesses in the US

@bedouincap We had a portco that was THE business in a midsized town. Best office building on Main Street, all the execs lived by the one golf course etc. They were treated like royalty at all the local spots. Holiday party was a whole town event. They only did like $50M in EBITDA

The “prestige” professions of finance, tech, law etc are only available in high cost metros where you barely keep up with neighbors. The real arb is being a doctor or SMB owner in a random suburb where you can be the richest guy in the Costco parking lot

His wife's wealth came from her first marriage (to the wealthy Daniel Parke Custis) and included 1/3rd of 17,000 acres and about 300 slaves. The other two thirds were held in trust for her children. George Washington's land holdings exceeded 52,000 acres at his death. He had cash flow problems due to spending and absentee management of the Mount Vernon farms, but he was asset rich from his land speculation and surveying work.

@JarrottHeath Wasn't it his wife that wealthy?

Yeah. But you will never be compelled to say she has a good personality.

I don't agree. In fact, I think we're going to see much, much less practical increase in exploitation among real-world attackers than a lot of folks seem to be expecting. The greater concern should be with AI improving and broadening the non-exploitation playbooks of attackers.

Is my wife (who doesn't like jewelry) secretly just an amazing commodities investor?

@bilalfarooqui Kramlich and Newhall?

vc goats: - arthur rock - don valentine - john doerr - michael moritz - bill draper - tom perkins - eugene kleiner - marc andreessen - ben horowitz - paul graham - peter thiel who am i missing?

@johnmyleswhite Yes, but politicians and boards of education are not looking at 50, 60 or 70 year careers.

@RobTerrin A large percentage of the people who will be alive before 2100 are already alive, no? Even if fertility rates dramatically break trend very soon, a lot of dynamics are already set in motion - absent dramatic pro-immigration movements in the US.

I am a bit astonished that people are just now freaking out about NYC schools losing 10% of students in the next decade. Poor blue state governance is making this problem happen sooner and more acutely, but this problem is likely going to happen in almost every state before 2100.

@techspence @ZackKorman Good thing I only have 17 years in the space. Dodged that bullet! haha

One of the reasons I value your opinion specifically is because you're not a 20-year cybersecurity veteran. Sometimes exactly what's needed is a fresh set of eyes... That's not to say we would agree on every topic, but hearing alternative perspectives and opinions is so important. I've learned as much from jr. pentesters with 0 to little experience than I have learned from pentesting training and certifications. Because the way they asked me questions made me think in a different way than I had previously. Brad and I kind of touched on this at the end of our last episode. Shameless plug. But good convo I think. youtu.be/j_KfCWHpjs4?si…

Average experience posting about cybersecurity on here. Going to use this post as a reply from now on.

@blueprintsmb22 Win-win for them because they either get a scapegoat or get rid of their opponent's funding

For whatever reason, she thinks this message will help her get votes. No idea if it will, but I do watch the recent wealth tax headlines in California along with the sound bites coming from Mamdani in NYC with interest. Targeting the most mobile demographic in America (billionaires) is an interesting strategy. They no doubt will move. How these states and cities address budget deficits without them I’m guessing will be an almost impossible magic trick but only time will tell. x.com/MarcoFoster_/s…

@melTechFlow Just got back from a tech conference in Tysons. Never seen more Teslas in my life than those couple days

Living in Northern VA will kind of warp your reality ( in a good way). You get used to everyone having at least a masters degree, a tesla, making 6 figs, working in STEM for some big company. The second I moved outside the DMV I realized how rare that was.

@johnloeber Hilarious how close you are to the etymology

Caveman Grug: there's a certain level of wealth and accumulation that is unearned. You can't harvest a thousand apples. You just can't do it. You can get power over the neighbor tribe, you can enslave people, you can steal, but you can't harvest that many. It is impossible.