Finn Lobsien

Why do we still give AI agents raw credentials? Prompt injection leading to credential exfiltration is a huge threat to agentic systems. Agents follow instructions in whatever text they ingest, and that makes them trivially exploitable. The fix is credential brokering. A broker sits between the agent and the APIs it needs, holds the real credentials, and swaps them in at the network layer. The agent only ever sees a placeholder. We built an open source credential broker called Agent Vault. Full video breakdown below 👇

the .env file doing its best

Hermes agent by @NousResearch is THE BEST. But it reads all of your API keys :( Hermes is genuinely my favorite agent harness. I have 4 Hermes agents that help me with many day-to-day tasks for work and personal. They have access to notion, github, gmail, X bookmarks, etc. The biggest downfall with Hermes IMO is that all of your keys, tokens, etc. still sit unencrypted in a .env file on disk. The LLM behind Hermes can (and does) read all of them. This makes it susceptible to prompt injection and credential exfiltration. An attacker can trick your agent into sending it your API keys (rather easily especially if you aren't on a frontier model). It doesn't have to be this way. In the video below I integrate Agent Vault by @infisical on a separate VPS in a private network, which acts as an HTTP broker. It encrypts your keys on a totally separate box and injects them into the headers / path. Your agent NEVER sees API keys, just dummy values, and still works like normal. I truly believe this is the future of agentic security. And it. Just. Works. FYI - this architecture works with any coding agent. Claude, Cursor, Windsurf, remote coding agents, custom agents. If it speaks HTTP, agent vault can integrate and potentially save you from catastrophe. Agent vault linked below!

An attacker who finds your AWS keys thinks they've won. With a Honey Token, they've actually just told on themselves. Live today in Infisical →

AI coding tools have massive PMF: @Lovable, @cursor_ai and @AnthropicAI's @claudeai Code and others have all been the fastest-growing startup ever. But they've all struggled with monetization/pricing. There's no pricing model that "just works" for AI coding. A few reasons why: 1. Coding requests aren't uniform. Some consume millions of tokens and take hours. Others consume a few hundred tokens and take seconds. Costs per request differ by orders of magnitude, so you can't calculate well. There's no perfect solution: Charging for tokens is hard because few people understand those pricing (and nobody wants a surprise bill). Credits work, but consumption logic can be obtuse. 2. Nobody wants to build with last year's models, and the latest models are the most expensive. Offering the latest LLMs means better user retention, but it also means higher costs. This is why Cursor is developing its own models (albeit on open-source foundations) and offers auto-routing. Users can manually choose the most advanced model, but many requests can be accomplished by the models that cost less to offer. 3. Competitive pressure is crazy. Even if AI coding is expensive to serve, $20/month is the default price, $200/month for power users. This makes it difficult to compete for any player who's not sitting on the billion-dollar war chests of Cursor, Lovable and Anthropic. If you don't have billions, good luck competing in AI coding at the higher prices you need to charge for continued positive margins. I'm fascinated by companies in the category that sidestep these dynamics. They may not become as massive, but are carving out a defensible niche. Examples: ->Open-source AI coding tool @kilocode lets customers bring their own key and pay the API provider's price. This won't be interesting to most people, but will be interesting to power users who want maximum control. -> Zed (dot) dev differentiates on the best-designed editor and best-in-class AI integrations via their Agent Context Protocol (AGP). I wrote a full deep dive on this for @GetLago. DM me for the link.

Last June I interviewed @ElenaVerna to analyze @Lovable 's pricing and monetization for @GetLago when they were at $75M ARR. That looked impressive then. Nine months later, they're at $400M. Here's what we got right and wrong: "Their pricing is simple because it's easy to ship, not because it's optimized." Half-correct. The core pricing is still based on subscriptions + credits, but has gotten more complex. Customers can now top up and get more credits a month. The team around @antonosika has also shipped credit rollover logic and usage-based cloud + AI packages. "They'll have a churn problem." Lovable's doubters claim users won't stick around because founder users will graduate to other tools while consumer users will treat it like a toy. We don't know the numbers, but Lovable is leaning deeply into helping users build businesses (with Supabase-powered backend stuff etc.). "Lovable is Shopify for SaaS — the real money is in running businesses, not just building apps." They launched Lovable Cloud (managed hosting + backend), a Shopify integration, joined Anthropic's Claude Marketplace and opened a partner program. There's definitely a desire to become a platform founders rely on for the long-term, not a prototyping tool. What I was wrong on: I underestimated the scale of demand for Lovable and its ability to stand strong against Claude Code/Codex. Not needing an IDE and GitHub is a MASSIVE advantage to capturing non-technical users. I still think Shopify is the right analogy for Lovable's potential—except that its customers run SaaS businesses, not e-commerce. In terms of monetization, Shopify makes more money on "merchant solutions" (payments etc.) than subscriptions. As Lovable matures, it likely won't make its real money on AI credits. Credits are front-loaded and margins are thin. I think the real monetization will come from the ecosystem: cloud hosting, integrations, partnerships, eventually marketplace fees and referrals to partners. Lovable keeps growing. Its biggest challenge will be building enough of an ecosytem *around* its subscriptions to keep users on the platform. Because AI will eventually get cheaper, margins on credits will be competed away. Anthropic and OpenAI could launch a Lovable clone, but they couldn't copy an ecosystem. For full analysis, DM me and I'll send you the link. Or just check Lago's blog.

Lots of people seem to think AI turned every Honda into a Lamborghini. That's not true. It tripled everyone's speed, whether they drive a Honda, Lamborghini or whatever else. This means it's more important than ever to go in the right direction. If you're about to drive off of a cliff, you don't want to triple your speed. Everyone can now move produce at a volume and speed that used to require a phalanx of agencies, contractors and employees. This has a secondary effect: Every single channel is flooded. If channels were saturated before AI, they're now dissolving into meaninglessness. Writing, illustrations, videos used to be meaningful because of the effort expended in making them. This is no longer true. If I can't trust that the marginal post in a feed or search results isn't something I could just prompt into existence myself if I needed the information, I will lose trust in the channel. At scale, this means infinite-feed content becomes less valuable. Soon, the volume game will no longer be worth playing. So what's left? -Creating things worth remembering, bookmarking and sharing -Proprietary, first-party data (made useful) -Genuinely novel opinions that stand out In essence: Things that build trust. They're the things that still require the effort that used to make creative work inherently meaningful. The hard part is no longer having something to share. It's making something worth sharing.

We ran thousands of queries trying to break our own AI agent at @GetLago Some versions executed actions without waiting for confirmation. Others were so detailed they burned through the context window before a single useful response. This wasn't a side project. Prompt engineering turned into a multi-week engineering effort in its own right — and we're a team that expected the hard part to be the infrastructure. Here's what we got wrong early: we thought hallucination prevention was a prompt problem. Write precisely enough, and the model behaves. That's true for a chatbot. It's not true for an agent that can void invoices, retry payments, and apply discounts to your customer base. In billing, a hallucination isn't a wrong answer. It's a financial incident. Over/undercharging the wrong customer can create big trust issues (and angry Slack DMs from finance). So we rebuilt the approach around three layers: Constrain. The agent only calls tools we've explicitly defined. No improvising, no adapting. More hand-holding required — but catastrophic outcomes become structurally impossible. Confirm. Before any consequential action — create, update, delete, void, retry — the agent shows a preview and waits for an explicit yes. No "always allow." Not optional. Exclude. Some tools we simply didn't build. Org management, API keys, webhook config — manual only. The best guardrail is one that doesn't need to exist. We also made a call that surprised some people: we built three separate assistants instead of one. A billing assistant that executes. A finance assistant that queries but can't modify. A pricing assistant that only advises. The reason: a product leader asking "what if we raised prices 20%?" should get strategic advice — not a price change. A lot went wrong. I wrote up the full picture — architecture, mistakes, and what I'd do differently from day one. Check it out here: getlago.com/blog/building-…

I, a "non-technical" marketer recently reworked @GetLago's logo bar by myself, from idea to design to code. In total, I might've spent 2 hours, my colleagues not even one. Less than a year ago, "pull request" sounded like witchcraft. Today, I'm constantly creating PRs. And I think every marketer should be using GitHub and Claude Code. Before AI, I could never have done this rework from scratch. You needed a designer to mock it, an engineer to build it, a review cycle to approve it. 3+ people, multiple weeks and a bunch of project management nobody signed up for. What's different now is not just getting technical ability via Claude, but something much bigger: I can own the full chain of activities involved in my work. I move much faster to get the same results, automating what I used to do manually. A few more examples: From manually converting images from png to webp (for better page speed) and reuploading to a simple script that does it. From spending hours unpublishing non-performing content to spending seconds via API request. That doesn't mean I'm an engineer now. Downloading a file via the terminal still makes me feel like a magician. So for the tricky or high-stakes stuff, the cross-functional stuff is still important. But from the "important, but not urgent" pile, the easy things that just took time, I can now ship things by myself (with feedback from design and eng of course!). Marketers have a commit chart now.