We're coming out of stealth to announce our cyber defense research lab.
We are exploring data and post-training techniques to build superhuman cyber defenders.
Our mission is to make sure the West always wins.
The last 3 months we've built an automated data pipeline to create training data from 80k CVEs (aka public vulnerabilities).
Our next topic? Post training a model that's better at fixing all the vulnerabilities in your codebase.
Like really fixing them.
Not saying it's secure when there are still ways to exploit them.
Here are the questions that keep us awake at night:
How do you train a model to defend without improving its capabilities to attack? What's the right reward? How to measure the defense capabilities? How do you create synth training data that reproduces real systems? What kind of access do you give an ai cyber defender? How far can you trust it?
If you know insanely good cyber experts (red team, blue team, CTF aficionados) or ML engineers (synth data generation and post-training models), send them my way.
We need to make models far better at defending.
@paulg This is a more general principle of authority: have 2 heads rather than 1. Applies to consultants who have manager and a client. SWEs who have a manager and a PM etc.
@2lr I remember reading in “the hard thing about hard things” by @bhorowitz that most of his clients were dot com companies. In 2000, consanguinity was not the cause of the burst but it increased its impact.
Reactions to the next 40 announcement are an illustration of the influence of the French government. Every startup is communicating about it, thereby implicitly validating it.
Startup idea: a GV sprint tool for remote teams. I love sprint but it heavily relies on collaboration on a white board with sticky notes, stickers, etc.