Craig Wampler

High Frequency Trading and Lessons for Agentic AI The future of Agentic AI isn't just about smarter models, it’s about sturdier architecture. We should treat AI agents like high-frequency trading systems. They require pre-computed limits, real-time monitoring, and automated isolation. By borrowing the Market Access mindset, we can ensure that when our agents start "trading" in real-world actions, they don't trigger an agentic flash crash or take your balance sheet with them in a swarm of misaligned activity. https://t.co/FJGnMQZcn6

I am releasing a new toolkit I built for IIS-based lateral movement and code execution within IIS worker pool process's memory. Phantom ASPX Loader & PhantomLink -- a two-part toolkit for reflectively loading native DLLs into IIS w3wp.exe worker processes via ASPX. https://t.co/EevQysfANT

Naval is right, and the math proves it in a way most people aren’t processing. GPT-4 launched at $60 per million output tokens. Today, equivalent capability costs under $1. That’s a 98% price collapse in two years. Demand didn’t fall. It exploded. OpenAI went from $1B to $12B+ in ARR while slashing prices every quarter. This is Jevons Paradox at civilizational scale. When coal got cheaper in the 1800s, England didn’t use less coal. They burned 10x more. Intelligence is following the same curve, except the adoption rate is compressing a century of energy economics into 36 months. The part nobody’s thinking through: every previous commodity with “unlimited demand” eventually restructured the labor market around it. Electricity didn’t create unlimited demand for electricians. It eliminated most of the jobs that electricity replaced and created entirely new ones that didn’t exist before. The 280x cost reduction Stanford measured between 2022 and 2024 means a task that cost $1,000 in AI compute now costs $3.57. At that price, companies don’t just automate what humans were doing. They start doing things that were never economically viable at human-labor pricing. Analysis that would have required a $200K analyst for a year now runs for $50 in an afternoon. Unlimited demand for intelligence at near-zero marginal cost means intelligence stops being the scarce input. Taste, judgment, and the ability to ask the right question become the bottleneck. The returns flow to people who can direct intelligence, not people who provide it. That’s the real trade: the value of raw intelligence is cratering while the value of knowing what to do with intelligence has never been higher. And that gap is only getting wider.

Security Implications of DORA AI Capabilities Model. Leveraging AI in software development is like giving an organization a turbocharger. If the environment is weak, that added power and performance will cause instability and failure. But, if it’s strong then the performance, quality and security boost will be significant. For security, this means pre-existing security flaws are accelerated, while robust security platforms and governance are amplified into systemic safeguards. https://t.co/1IBryuFCOe

The curb-cut effect. Same goes for the best security measures. If we design security well it delivers adjacent benefits: privileged access control reduces security risks but also reduces errors and improves reliability, software reproducibility improves vuln mgmt but also transforms agility and delivery, and many more examples. https://t.co/R7IUw34Imf

I’ve trained many analysts over the years - inside my own teams, in SOCs, CERTs, and various internal security teams. And lately, I’ve been noticing a trend that deeply saddens me. There’s an increasing number of young professionals who struggle with the grind of our work. They get simple but necessary tasks - tasks that transform indicators, rework detections, or retrieve and process data - but they return flawed results, late and incomplete. Some even let AI do the work without checking if it's correct. And when I ask why, the answer, directly or indirectly, is often the same: "I want to do the exciting stuff." But the truth is, 97% of what we do in cybersecurity is not exciting. It's slow, repetitive, and requires patience. We grind through logs, extract data from reports, and refine rules. Most of the time, we don’t see the direct impact of our work. A signature written today might detect something crucial in a customer’s system six months from now, and we’ll never even know. But every small piece matters. What saddens me is not just the impatience, but the lack of care. The unwillingness to put thought and effort into something seemingly simple. The failure to reflect on how to make a task better. This goes against something deeply ingrained in my upbringing - a principle that I believe is also deeply rooted in both German and Japanese culture. In German, my grandmother would always say: "Mach es gescheit." It’s hard to translate precisely, but it means: Do it properly. Not just complete a task, but do it in a way that is solid, thoughtful, and more than just "good enough." It doesn’t mean perfection - it means putting care into what you do, even if no one else will notice. The Japanese have a similar philosophy, one that I greatly admire. There is a word, "shokunin" (職人精神), which means more than just "craftsman." It describes someone who dedicates themselves fully to their craft, always refining, always improving. Even in the smallest tasks, a shokunin finds a way to do things better, not because someone told them to, but because they take pride in their work. I was reminded of this when I thought about my uncle, who was a carpenter. When I was a child, I watched him finish his masterpiece for his final exam - an intricately crafted dresser. After days of sanding, polishing, and checking every tiny detail, he wasn’t done. He took out a small, hand-carved wooden rose, which he had made separately, and carefully placed it on the dresser’s ledge. It wasn’t required. No one had told him to add that ornament. But he did it because he cared. Because he wanted his work to be more than just acceptable. And this is what I want to see in young professionals today. It’s not about making flashy things, or chasing after excitement - it’s about taking pride in your craft, even in the smallest details. Because in the end, that’s what makes a difference. So my advice is this: Whatever you do, do it gescheit. Do it like a shokunin. Put care into your work, even if no one else will see it. That’s how you grow. That’s how you build trust. And in the long run, that’s what will set you apart.