Matt MacInnis

Today, we launched @Rippling Automated Compliance, starting with SOC 2. We have a unique advantage here: we aren't telling you how to fix your stack, because we ARE your stack. device management, identity and access management, HR, performance management...

Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies were flowing into production faster than anyone could vet them. AI has massively accelerated that. Code is being written, shipped, and deployed before any human reads it. Security has to operate at that same speed. One data point from Thrive's diligence that I keep coming back to: they first discovered Socket because @cursor_ai, @OpenAI, and @AnthropicAI all independently told them it was the most important security tool they'd adopted for AI-driven development. Three of the most sophisticated AI companies converging on the same vendor unprompted. Since our Series B, Socket has grown to more than 20,000 organizations, protecting over 1.5 million repositories and blocking more than 1,000 supply chain attacks every week. The team is now over 100 people. Three out of five FAANG companies are Socket customers. So are the companies building the most ambitious AI products: @AnthropicAI, @cursor_ai, @xai, @figma, @vercel, @Replit, @scale_AI, @GustoHQ, @Mercadolibre, and @cribl_io, alongside Fortune 100s in financial services and global media. What we've shipped since the last round: • Socket Firewall blocks malicious packages at install time, before they reach a developer's laptop or CI pipeline. Free for everyone. • Reachability analysis via our acquisition of Coana, eliminating 50-80% of irrelevant vulnerability alerts by focusing only on CVEs that are actually exploitable. • Socket Certified Patches for remediating exploitable CVEs in seconds without waiting on upstream maintainers. • Coverage extending to browser extensions, editor extensions, MCP servers, and AI tools via our acquisition of @secureannex. When the Axios compromise hit, our detection systems flagged the malicious dependency within six minutes. Within 24 hours, more than 2,000 organizations onboarded to Socket to block it. Where the funding goes: deeper investment in Firewall, massively expanding Certified Patches, moving protection closer to every point of install across the developer toolchain, and new product launches pushing Socket into a category we haven't entered before. We're hiring across engineering, sales, customer success, and threat intel. ❤️ Thank you to our customers, investors, and the open-source community for your support. Together, we’re making software safer for everyone.

I miss the days of payrollmaxxing

NOT DEAD!!

If you send me LLMslop messages, I am going to put my reply through my "MAX LLMSLOP" filter before I send it to you.

omg, she wants all upside and no downside 😅 all winners, no losers all sweet, no salty that is not how the universe works

This poisonous mindset is creating a wave of young right-wingers. It's breathtaking.

Bring back elevator operators

Whether it’s existing consulting firms, new ones that emerge, FDEs from agent vendors, or new internal agent engineering roles, the amount of work that is going to be created to implement agents in enterprises will exceed anything we imagine today. The complexity of implementing agents in any existing organizations is very real. When I talk to large enterprises, as you move from a chat paradigm to agents that participate in meaningful workflows, there are a number of things they need to do. First, you have to get agents to be able to talk to your data securely across your systems. In many cases, enterprises have decades of legacy infrastructure that contain the valuable context for AI agents. That’s going to take a ton of work to go modernize and move to systems that work well with agents. Then, you need to ensure that you’ve implemented agents with the right access controls and entitlements, the right scopes to be safely used, and have ways of monitoring, logging, and securing the work that they do. Next, you need to actually document the processes in the organization in a way that agents can utilize for doing the work. You also need to figure out what the new workflow looks like when agents and people are working together on a process, and who steps in where. Just replicating the old workflow will mute the gains. Oh and you likely need to create evals for your top new end-state processes. Finally, you have to keep up with a rapidly changing set of best practices and architectural shifts happening in the agent space. While it’s fun for people to change their personal productivity tools on a dime, it’s 100X harder to do this in a business process. The speed of change is a blessing and a curse right now for anyone trying to keep a stable system design. All of this means that individuals and companies that develop expertise on the above set of components (and more) are going to be needed to help organizations actually implement agents at scale. This is also the rationale for vertical AI agents right now that can go in deep on a business domain and help bring automation to it. This is a huge opportunity right now whether you’re doing this internally or as an external business provider.

Bring back elevator operators

i made you another drink

Vanta is also a scam. These big compliance companies are all really sleazy and try to upsell you into some crap product at every opportunity they have

Vanta doesn’t do SOC 2. It gives your scramble a nicer dashboard. The audit usually doesn’t fail on automation. It fails when evidence lives in Slack, Drive, Notion, and one engineer’s memory. Compliance gets sold like software. It breaks like ops. Pressure reveals who actually owns the system.

I will never use @TrustVanta again after how they just treated us. My company was acquired in August of 2025. We promptly emailed Vanta to inform them that we are shutting down our business and need to cancel. After 1 month, they finally replied with direction. "Can you send us acquisition documents?" I replied back and said "I can't legally share our acquisition documents with a vendor, what do you need?" They then ghosted us until January of 2026 (5 months later). During this time, they charged us for 2 quarterly payments (about $5K total). In January 2026, they finally said they need a certificate of dissolution, which I sent to them. They then refunded us $700. I asked for a refund dating back to August 26th when we initially sent the cancellation email. They responded with, "we cannot refund you because the Vanta software was still running until January of 2026. " It was running BECAUSE YOU GHOSTED US AND DIDN'T PROCESS OUR CANCELLATION. @christinacaci is this how you do business and treat your customers who trusted you for 2+ years?

This is why RAM is so expensive

@ashtonteng @ycombinator @Rippling legitimately sorry that happened to you and me :(

@stanine @ycombinator @Rippling couldn't you have launched this sooner before I paid $6000 🥲

Today, we launched @Rippling Automated Compliance, starting with SOC 2. We have a unique advantage here: we aren't telling you how to fix your stack, because we ARE your stack. device management, identity and access management, HR, performance management...

we know how to ship, but not like Ryan

i made you a drink

@VCBrags Let me know how I can be helpful

Thank goodness someone is talking about SOC2. Nothing much interesting or dramatic has been happening in this space over the past few weeks. Glad someone is shaking things up a bit.

If you're building a company and want the easy button for SOC 2, we built this for you: rippling.com/soc2

The majority of evidence needed for SOC 2 is already in the system. And when we find a gap, we help you close it without any tickets or side quests.