Natty

Brutal linkedin.com/pulse/productb…

hamilton helmer says there are 7 powers that make a business defensible. agents are dissolving most of them in real time. the ones that survive aren't the ones you'd pick

Thrilled to lead @mastra's Series A. Mastra has quickly become the default framework for building TypeScript agents. @calcsam @abhiaiyer @smthomas3 know how to build great OSS, earn developer trust, and ship fast. We're excited to support them on this next phase 🙂🚀

Today, we’re launching the Mastra platform with tools to run your agents effectively at scale: • Mastra Studio: evals, logs, traces, datasets, metrics • Mastra Server: deploy agents + workflows • Memory Gateway: SoTA agent memory

We’re excited to announce today that @mastra has raised a $22M Series A led by Spark Capital. This brings our total capital raised to $35M:

My 4 year old is decidedly chaotic evil. At 6:55am, he turns off the white noise machine in our hotel room, wakes me, my wife, and 2 year old up with a singsong “good morning”, and then gets back into bed and falls asleep. What the actual fuck.

One sort of funny consequence of LLMs and vibe coding is that for the first time in history, programming language geeks can actually have an applied impact. Can’t wait to see what weird ass languages actually become really important

Supply chain attack hits LiteLLM → credential harvesting across thousands of AI stacks. Classic DLP doesn't cut it when your "user" is an agent. Who's actually solving this? Is anyone building DLP directly into MCP servers?

This week metrics and logs join traces in @mastra Studio. • Logs: every event, searchable with full context • Traces: debug any run, end to end • Metrics: cost, latency, errors, and scores at a glance With all three pillars of observability in one place, you can now see the whole picture.

i feel like i just took a pill bottle full crazy pills talking to my grandmother-in-law's financial advisor. drawing down 25% annually, 48% in equities. i asked: what's the strategy if the market drops 10% tomorrow? he says "well, i guess we don't have a strategy, we just need to weather the storm", full straight-faced. how do you even respond to that?

i would kill to be an ai security startup founder today

today is too eventful. chill out, tuesday. at least save this shit for a thursday

goddammit. I’d just bought a bunch of $RVI

@jimfutsu very reasonable take, i just think the models are commoditizing rapidly, and a lot of the real challenge comes in how you select and deliver context to it

@nattyice Imo both are important! A strong agent supplemented with an even better data layer creates a truly superior product :)

hot take from the database guy: the model is the least interesting part of your agent. the data layer is doing all the work. the model is just taking credit. anyway, here’s some words i wrote

i'm unclear if x penalizes me for links in the article, but the full thing is also here: semistructured.substack.com/p/the-llms-get…

This feels near to saying “hey if you want your company to be successful you should try making some money”

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.