I am proud to announce that Sierra has been certified FedRAMP High — the standard for cloud companies working with U.S. federal agencies.
Hundreds of millions of people rely on the U.S. federal government for services — from navigating Social Security, Medicare, and Veterans Affairs to filing their tax return or renewing their passport. AI agents built on Sierra can help make them simpler and faster. https://t.co/u2qfyA0wnH
Sierra is raising $950 million from new and existing investors, led by Tiger Global and GV, at a valuation of over $15 billion. We now have more than $1 billion to invest in becoming the global standard for companies wanting to transform their customer experiences with AI.
We’ve never had such conviction in the opportunity for Sierra and our customers. Just a couple of years ago, we had four design partners. Now, Sierra is serving over 40% of the Fortune 50, and agents built on our platform are powering billions of customer interactions — everything from refinancing homes to processing insurance claims, returning orders, and helping people raise millions in fundraisers.
We’re deeply grateful to our customers for helping show what’s possible. If you’re not yet using Sierra, we’d love to partner with you. https://t.co/tT4tBSeSoR
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. https://t.co/ule9gaXzc1
🚨 UPDATE: Full Post-Mortem On Cursor Security Incident
In yesterday’s thread I explained how I got drained after installing a malicious extension in @cursor_ai.
This is the deeper dive into what I found, what I did, and how you can avoid it.
🧵 👇
We deployed 44 AI agents and offered the internet $170K to attack them.
1.8M attempts, 62K breaches, including data leakage and financial loss.
🚨 Concerningly, the same exploits transfer to live production agents… (example: exfiltrating emails through calendar event) 🧵
Introducing: Notion MCP Server (hosted, v2)
We worked with the @cursor_ai team to rebuild our MCP from the ground up:
- 1-click OAuth install for Claude, ChatGPT, and Cursor...
- inventing a Notion-flavored Markdown that combines the power of Notion blocks with the compactness of Markdown
Here's how we built it + the open sourced repo:
As CrowdStrike continues to work with customers and partners to resolve this incident, our team has written a technical overview of today’s events. We will continue to update our findings as the investigation progresses. https://t.co/xIDlV7yKVh
Another Monday, another article with sensational claims about AI’s ability to ‘find coding errors’. The best vulnerability researchers in the world have been looking at this problem and have repeatedly demonstrated that current state of the art models aren’t capable of this yet. When these models are capable of performing zero-shot 0day discovery the cyber security industry will never be the same, and that will be a good thing.
Generating phishing emails does not demonstrate significant adversary uplift, it simply proves that measuring user intent is difficult for a model.
Yes the efficiency gains are undeniable for both good and bad actors alike. Emerging technologies often have dual uses, which means the same capability is available to a good actor. And the good actors in cyber are already at an asymmetric disadvantage. They need all the help they can get.
Drake and Kendrick Lamar have been working intensely, shipping fast, and focusing diligently
It reminds me of what is needed in a high-growth fast paced setting
Here are some things I learned as a PM at a Series B 🧵 👇🏻
I think back to when we built the storage system at Dropbox and migrated Dropbox away from Amazon S3. We designed that storage system with less than a handful of engineers, and we did most of the work in a matter of months.
The only way we were able to build such a large system in such a short period of time was having a religious obsession with simplicity.
The counterintuitive thing for a lot of junior engineers is discovering that simple is hard. Simple is not a sign of a lack of sophistication - it’s the hallmark of sophistication.
We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨
Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
The unsung heroes of today are all the backdoor authors who do proper benchmarking and profiling, so that they don't get caught because SSH logins are too slow.
I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand.
I'll update it as new information comes to light ✨
All the automated scanners, million dollar AI-enabled security tools, and VC-backed solutions in the world, and at the end of the day, this was caught by a human who felt like something was off and decided to investigate.