Daniel Miessler's Blog, page 23

 *|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|*MEMBER EDITION | NO. 379 | APR 24 2023 | Subscribe | Online | Audio*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|*STANDARD EDITION (UPGRADE) | NO. 379 | APR 24 2023 | Subscribe | Online | Audio*|END:INTERESTED|* Happy RSA Monday—I hope you’re having a good one so far!If you see me around RSA this week please come get a wave, fist bump, or hug (your choice). I’d love to say hi! And don’t forget we have a member lunch/meet-up on Thursday!Have a great week! In this episode:Discover AI’s game-changing role in transparency🌩️ Unravel Microsoft’s stormy threat actor namesExplore China’s AI chatbot rules & secret NYPD basePeek into Apple’s journaling app & savings accountEmbrace psychedelics for mental health in the USGartner’s 2023 guide to cloud-native app protectionAI controls and more!MY WORKAI is a Gift to TransparencyA collection of real-world use cases for what we can do with AI-provided transparency into human challenges. MORESECURITY NEWSMicrosoft will start naming threat actors after weather events. Not the campaigns, but the actors themselves. Interesting concept. Here are the first mappings.Blizzard -> RussiaTyphoon -> ChinaSandstorm -> IranSleet -> North KoreaDust -> TurkeyCyclone -> VietnamRain -> LebanonHail -> South KoreaTempest -> Financially motivatedTsunami -> Private Sector attackerFlood -> Influence operationStorm -> Groups in development China Applies AI ControlsChina proposes new checks on AI chatbots, slowing tech industry’s rollout.• Draft measures require security reviews and user identity verification• AI-generated content must embody core socialist values• Alibaba, SenseTime, and Baidu recently launched ChatGPT-like bots• Regulators and state media warn against speculative frenzy in AI stocks MORESecret Chinese Police StationThe US charged 40 Chinese individuals for running a troll farm and secret NY police station.• Alleged efforts to intimidate, harass, and censor China’s critics overseas• Secret police station in Manhattan’s Chinatown• Massive online troll farm spreading disinformation and harassment• Only two New York-based officers arrested so far MORESponsor Love is UL Love — Sponsors help us produce this newsletter full-time. We spend a lot of time and effort picking the companies we promote here, and we pass on many of them because we care about what we’re showing you. Do us a favor and explore the sponsors we share . It helps us keep doing what we love, which is bringing you great ideas and analysis full-time.Sponsor Discover the Future of Cloud Security with the Gartner® 2023 Market Guide for CNAPP As cloud-native applications evolve, so do security threats. Stay ahead of the curve with Gartner’s comprehensive 2023 Market Guide for Cloud-Native Application Protection Platforms (CNAPP). Learn how to protect your cloud infrastructure and applications from development to production with a single, integrated platform.🛡️Key insights include:The increasing attack surface of cloud-native applications How CNAPPs streamline security and risk managementRecommendations for evaluating and deploying CNAPP solutionsDon’t miss out on this essential guide to securing your cloud-native applications! Download the Gartner® CNAPP Market Guide Now wiz.io/lp/gartner-market-guide-cnapp-2023Download NowTECHNOLOGY NEWSLyft announces more layoffs. I am not sure how much longer they’ll last. I used them for a few months when Uber was being gross to female employees, but the Lyft interface and experience was always worse for me. Question is: would the US let them merge? MOREIs Apple launching a journaling app? I’d love to see this. Hope it’s true. MOREGooglers say Bard is worse than useless. MORENiantic is making a real-world Monster Hunter game. MOREGoogle consolidates AI labs into DeepMind. MOREHUMAN NEWSLegalized Psychedelics?In 2023, the US government may approve the use of hallucinogenic drugs for mental illness treatment, with MAPS seeking FDA approval for MDMA as a PTSD treatment.– MAPS has completed two successful clinical trials on MDMA’s effectiveness for treating PTSD.– Australia approved MDMA as a PTSD treatment in February, with restrictions.– There are concerns about how MDMA will be administered and its potential financial incentives.– MAPS envisions global treatment centers where people can safely use psychedelics under therapist guidance.I really hope this happens. Everything I’ve seen and read and seen anecdatally has indicated this will be massive for mental health. And we really need that right now. Combine that with more access to good therapy through AI and I think we could seriously help millions of people. MOREApple Savings AccountApple just introduced a high-yield savings account with 4.15% APY.– Savings account by Goldman Sachs– No fees, minimum deposits, or balance requirements– Manage account directly from Apple Card in Wallet– Savings dashboard for tracking balance and interestI think this is going to be one of those moves where, when people look back, it’s marked as one of Apple’s main milestones towards lifeOS. Tech. Education. Health. Now finance. lifeOS seems imminent. MORETrump Catching DeSantisTrump now has a 13-point lead over DeSantis in a new Wall Street Journal Poll. I keep telling people not to count Trump out. People keep ignoring me. MORETrump Resilience68% of GOP voters support Trump despite indictment and investigations.– 26% of Republicans prefer a less-distracted candidate– 46% would support Trump in GOP primary today– 60% of general voters say Trump shouldn’t run– 70% don’t want Biden to run again MOREIDEAS & ANALYSISAI is a Gift to TransparencyA collection of real-world use cases for what we can do with AI-provided transparency into human challenges. MOREThe CCP and GPTI bet the CCP is super scared of AI models they don’t have explicit control over. Especially local ones! No need to bypass the Great Firewall if you can get honest answers from software running locally. MOREData Becomes Important, AgainWe’ve heard for a long time now that ‘data is the new oil’, and I guess that has been true in many cases. But it’s about to get a whole lot more true when everyone is running an SPQA stack. State requires data. And training large models requires data. People who have more data, and more access to newer and more unique data, will be winners. A big problem we’ll have soon is having tons of the new data coming out being produced by GPTs. It’ll become derivative. So the companies that have access to new, raw, human-generated data will have a major advantage. Think about who those companies might be. Data brokers? MANGA companies? Shadow companies like Palantir? This will be a major battleground.NOTESSuper hyped to share that UL member and buddy in crime Joseph Thacker (@rez0) and another great hacker @rhynorater are launching a new company called WeHackAI (wehack.ai). The service is designed to help companies launching AI-based or AI-augmented products—or that are adding AI to their existing offerings—by finding vulnerabilities throughout their stack. That includes not just the AI components, but the supporting infrastructure as well. I believe so much in the vision and in the pedigree of the founders that I’ll be an advisor for the company as well! Stay tuned for more info from them, and in the meantime go sign up here to get the latest. And if you know anyone building AI stuff, or adding AI to their stuff, point them to wehack.ai.I keep hearing about how Picard Season 3 is a love letter to STTNG, and I can’t wait to watch it. AI has seriously crushed my media consumption, and TV-watching especially, which was already quite minimal. But I make exceptions for Captain Picard and crew.I just got to catch up with a friend I met online in my first online community, DSLR. His name is Steve Friedl, and he’s awesome. He wrote a consulting guide called So You Want to be a Consultant  way back then that served as the foundation of my consulting philosophy for years, and still does. Talking with Steve on the phone for the first time was fantastic, and I can’t wait to grow the relationship even more. Thanks, Steve, for your mentorship when I was starting out. And I hope to be like Steve when I grow up because he’s still crushing consulting today just like the day I met him almost 25 years ago. Goals. FOLLOW STEVEI’m thinking about trying a new format for news stories. I have some possible format examples here in this episode. It would look something like this:—⛓️ Embedded Supply Chain HacksThe X_Trader software supply chain attack led to the 3CX breach and affected critical infrastructure organizations in the US and Europe.– North Korean-backed threat groups involved– Trojanized installer used for attack– Multi-stage modular backdoor deployed– Victims’ systems compromised– US and European critical infrastructure impactedThis is another example of how deep the rabbithole goes on supply chain stuff. We will never get to the bottom of this until we can clearly 1) see, and 2) understand everything we have installed, everywhere—including its current version, patch levels, and configuration—all at the same time. Until then we’re just grasping and hoping when it comes to supply chain vulnerabilities. MORE | MORE

—

That’s not a great analysis example because it was a made-up one, and some stories won’t have analysis anyway. But the point is that you could get away with just the first sentence. Or you could get the bullets for the second level. Or the analysis for the third level. Finally, you’ll have the MORE links for even more if you want it.I plan on using some of my own custom AI for some of the summary stuff, such as the bullets, and then writing the analysis myself (it’ll be a while before an AI can do that without it being generic). So we get the advantages of both worlds (AI summarization + human analysis).Thoughts? Reply to this email or start a thread in chat.DISCOVERY🤖 ProfileGPT: Reveals user’s personality using ChatGPT data– Analyzes personal data, hobbies, and traits– Assesses mental health and future predictions– Python >=3.8 and ChatGPT data needed– Promotes awareness of data usage MORE | BY SAHBIC bloop: AI-powered code search and understanding tool– Natural language search for internal libraries– Summarizes and explains code intention– Supports 20+ languages and regex matching– Offers precise code navigation and unlimited free tier for self-hosted open source users MORE | BY HAMEL HUSAINMaintaining this site fucking sucks MOREYou can buy a house in Japan for $25,000 MOREWho will you be after ChatGPT takes your job? MORESo you want to start an AI startup MOREWriters are becoming AI Prompt Engineers MORE90% of my skills are now worth $0, but the other 10% are worth 1000x MOREPrompt Injection: What’s the worst that could happen? MORELooks like da Vinci was Jewish. MOREThey’re acquaintances, but they’re still important. MOREWhy people are fleeing blue cities for red states MORERECOMMENDATION OF THE WEEKIf you care about AI’s threat to your business, or you are a builder thinking about the future of applications, you need to be watching Langchain as close or closer than OpenAI. It’s not about the boards and nails and drywall. It’s about the buildings we can build with them. Learn Langchain. LANGCHAIN DOCS | INTRO VIDEOAPHORISM OF THE WEEK“The art of life lies in a constant readjustment to our surroundings.”Kakuzo Okakura*|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|*Hey, you. Yes. You. Thank you for being a member. Seriously appreciated.*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|*Thank you for reading. To become a member of UL and get more content and access to the community, you can become a member.*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|* Follow via RSS*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|* Forward UL to friends Tweet about UL Share UL with colleagues*|END:INTERESTED|*Refer | Share | Unsubscribe | Update Your PreferencesCopyright © 1999-2023 Daniel Miessler, All Rights Reserved.

hts Reserved.

No related posts.

The recent RSA conference has left me concerned for the many companies in attendance. It seems we are at a turning point in software history, divided into two epochs: Pre-LLM and Post-LLM.

Pre-LLM software is limited in scope, only aware of its specific database and rigid schema. It operates through narrow, brittle queries. In contrast, Post-LLM software is based on understanding. It deals with knowledge and wisdom rather than data and information. Instead of requesting specific rows of data, you can simply ask for the insight itself.

Pre-LLM software is characterized by rigidity, narrowness, and self-centeredness, while Post-LLM software is flexible, cohesive, and powered by context. LLMs have access to a vast array of knowledge, with large models like GPT-4 containing a significant snapshot of human knowledge. The interface is language, allowing for better questions and insights through natural language.

The value of Pre-LLM software is capped due to its lack of context and inability to integrate it. Consider an Incident Response/SOC software that now has access to real-time knowledge of people’s locations, backgrounds, relationships, and cloud infrastructure details. This information is crucial for determining whether a connection is malicious or not.

LLMs excel in this environment, using context to connect the dots when answering questions. Instead of a Tier 1 analyst spending hours researching, we can simply ask the LLM if a connection is malicious and why. The LLM can provide a detailed response based on context, saving time and effort.

In this new world, software becomes a combination of context and questions. The more context and better questions we have, the more we can improve. This is the realm of LLMs, and the transformation is beginning now.

Initially, companies will use vector embedding databases to bring context to LLMs. Eventually, as prices decrease, we’ll see custom models built on top of massive, general models. Companies will train their own LLMs on their data, making them queryable and capable of not only identifying problems but also helping to fix them.

We are at a critical juncture in software history, with Spring 2023 marking the transition point. It’s time to prepare ourselves and our companies for the Post-LLM reality, where databases and queries are replaced by custom LLMs trained on our data, answering our questions, and taking action towards our desired outcomes.

Don’t wait. Start your transition now.

GPT-based AI is about to give us unprecedented public transparency. Imagine being able to input a public figure’s name and instantly access everything they’ve ever said on any given topic. That’s cool, right? Well, it’s just the beginning.

We’re about to have “Me Too Search Engines”.

The true power lies in the ability to query a comprehensive dataset on an individual, about anything. For example, you could track the evolution of someone’s political views over their entire online presence, or assess the accuracy of their predictions throughout their career.

It’ll be used to attack people, research people’s contributions, and to construct remarkable narratives about their evolution as a person over time. But mostly—at least at first—it’ll be used to expose people.

> The growth of the Internet will slow drastically, as the flaw in ‘Metcalfe’s law’ becomes apparent: most people have nothing to say to each other! By 2005 or so, it will become clear that the Internet’s impact on the economy has been no greater than the fax machine’s.

Paul Krugman, 1998

Consider influential figures like Paul Krugman, who has made numerous predictions from his prominent position at the New York Times. With AI, we could evaluate every prediction he’s made and rate their overall effectiveness in terms of confidence and accuracy.

The software architecture that will power this will be something like SPQA.

The real significance of this technology is not in any specific application, but rather in the unprecedented transparency it offers to any use case. AI enables us to view an entire body of information on a subject and ask targeted questions, providing unparalleled insight and understanding.

I’m going to add timestamps to keep myself honest.

This article serves as an intro to the concept and my own capture of interesting applications.

Transparency applicationsPrediction Evaluation: Look at every prediction a public figure has made and give them a score based on 1) how important the topic was, 2) how strong the claim was, 3) how confident they were they were right, and 4) how wrong or right they were.

Keep in mind this will be all publicly accessible accounts, anywhere, ever.

The Me Too Search Engine: Look at everything a public person has said, and find every instance of where they were racist, sexist, or otherwise outside the lines of what’s currently acceptable in society.

The ‘That’s Not Me Anymore’ Redemption Engine: A system that can read the same corpus of data as the Me Too Search Engine and come up with why this person shouldn’t be canceled into oblivion. It’ll look at good things they’ve done, progress over time as they got older, etc., and it’ll put together a corresponding set of public campaigns to counter the MTSE attacks.

The Corruption Detector: For every public government official, find every donation ever made, by every donor. Find every piece of legislation they voted on. Fully analyze all the different ways it would help different groups. Find all the votes they made on that legislation. Find the full list of donors and rate their biases and goals based on their track record as a donor. Finally, produce a corruption score for each government representative based on how often they voted based on the money or benefits they received.

The Hiring Helper: If you’re hiring for a teacher or church position maybe you don’t want people who have expressed certain views in the past. Perhaps unless they have properly evolved out of those views. Software will be developed that looks at the entire arc of a public person’s contributions and estimates their moral character. And this will be used to inform decisions about all sorts of things, including hiring. Will this be illegal? Maybe. Probably. In lots of places. But it’ll still be used.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…Get a weekly breakdown of what's happening in security and tech—and why it matters.

The Match Maker: Sticking with hiring and extending to dating, what if everyone perfectly described what they were about, and what they wanted to do, and what they’d be happiest doing, and what they’d be best at doing. This would be helped by AI as well, of course. Then we would throw all of those people together in a giant salad bowl of millions of people and we’d ask, “Which of these people would make the best lifelong partners together? The best business partners? The best employers and employees? The best local acquaintances? AI will be really good at that because it has the wisdom of every psychology study, every dating expert, every business expert, etc.—all built into it. It’s the perfect match maker. All it needs is the right context to be provided for each person and entity, and for us to ask it the right questions. Hell, we can just describe our goals and it’ll ask the right questions itself.

The Risk Adjuster: Insurance has always been a context game. The more they know about you the better they can determine how much risk you pose to their bottom line. We already see insurance companies giving people discounts if they share their health data. Now imagine that it has your life history as well, and your social connection network, and a stream of your public writings. Now there will be a much larger split between safe people to insure and those that should pay super-high premiums or not get a policy at all. This applies to everything from e-bike insurance to insuring the cybersecurity readiness of a Fortune 500 company.

The New Detection/Response Model: What if you knew the current context of every host, application, dataset, and system in the company, along with the context of every user? The biggest part of detection and response is knowing all the things. This is what good IR people do. They track things down. They figure out what the systems are in the source and destination. They connect dots. Humans suck at that. Especially in massive and complex environments. Thousands of systems. Thousands of edge cases. You know what doesn’t suck at that? LLMs. LLMs are the big brains of connecting dots. It’s their favorite thing. So, it’s 2:47AM PST and Julie’s system just made a connection to fileshare Y. Is that malicious? Can you tell me from what I just wrote? No, you can’t. And neither can an IR specialist. They have to go research. An LLM with context on every user, and every system in the company won’t have to research. No, it’s not malicious. Because Julie said in Slack 3 hours ago that she’d be connecting once she landed home in Japan, where she also went to college, and where she’s now living since she moved 6 months ago. LLMs know that because they have the context for everyone at this 49,000 person company. The new IR employee, Rishi, didn’t know that about Julie. Rishi started yesterday.

Spoiler: I’m building this one right now.

The Security Program Builder: Like we talked about above, the problem with doing security in any complex environment is that you can’t 1) see, and 2) prioritize everything all at once. There is too much to hold in a human brain. Vendors. Software installs. Vulnerabilities. Requirements from stakeholders. Compliance and regulation. Attackers and their goals and techniques. It’s too much. So what we do is flail around with OKRs and Jira tickets, trying to do the best we can. That all goes away with SPQA-based transparency. Because now we don’t try to hold that in our brains anymore. Now we let language models hold that in their heads, and all we do is ask it questions. So we take everything we have—our mission, our goals, our problems, our systems, our assets, our teams, our people, our Slack messages, our meeting transcripts, etc.—and tell it our desires. We describe the type of program we want, who we want to do business with, what we consider good and bad, and we write that all in natural language. Then we ask it questions (Q). Or give it commands for action (A). Using this structure it’ll be able to write our strategy docs, create QSRs, find active attackers, prioritize remediation, patch systems, approve or deny vendors, approve or deny hires, etc. All by doing two things: 1) asking questions, 2) using context.Summary

These are just a few examples of what transparency can give us in this post-AI world of software. Before we had to force everything. We had to force the data into a forced schema. And then force queries against that database. It’s rigid. It’s fragile. And it’s so very limited.

Nobody should blindly take such answers and go, but rather use the answers to properly focus their decisions.

In this model we don’t force anything. We’re simply feeding context to something that understands things, and we’re asking questions. Who voted most with their donors? Who was most right in their predictions? Who’s my best match for a life partner? What’s the best investment for our business given my preferences? Which risk poses the most danger to our business given everything you know about our company?

Extraordinary things happen when you can hold the entire picture in your brain at once while making a decision. LLMs can do that. We can’t.

AI is about to move human problem-solving from alchemy to chemistry.

Notes Unfortunately, the Me Too Search Engine will also be paired with Me Too Extortion Monetization. Many businesses will pop up that find everything bad you’ve ever said, turn that into tweets, emails, letters, etc., to your boss and your loved ones, and then send that content to you, saying, “Here’s what I’m about to send. If you don’t want it to go out, send me X amount of money to this address.” I wasn’t going to write about this because it gives people ideas, but the bad guys will see the potential as soon as it’s possible within the tech. Thanks to someone in the UL community for coming up with the redemption arc idea after I explained the Me Too Search Engine. Great idea. I’ll be adding more Use Cases to the end of the list as I add them, with timestamps.

This is harder than it should be. Way harder.

0. Enable your terminal to make changes

Open System Settings -> Privacy & Security -> App Management and give permission to your Terminal program

1. Install Xcode

Xcode-select --install (enter your password)

2. Remove the existing signature

sudo codesign --remove-signature "/Applications/Discord.app/Contents/Frameworks/Discord Helper (Renderer).app"

3. Re-sign the app

sudo codesign --sign - "/Applications/Discord.app/Contents/Frameworks/Discord Helper (Renderer).app"

If you don’t do step 0 you’re not going to be able to remove the signature in step 2.

Why is this so hard in 2023?

*|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|* MEMBER EDITION | NO. 378 | APR 17 2023 | Subscribe | Online | Audio *|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|* STANDARD EDITION (UPGRADE) | NO. 378 | APR 17 2023 | Subscribe | Online | Audio *|END:INTERESTED|* Happy Monday—I hope you’re doing well!

Ok, here’s the idea of the week: Maloch. It’s a race to the bottom that we can’t avoid running. We don’t want to run it. We know it’s bad for us. But we feel compelled to. And plus, everyone else is doing it so we don’t want to be the only left out! 

And with that happy thought, let’s get into the week!



In this episode:

🤖 AI vulnerability scale
🌌 Moloch’s danger
🌐 Post-GPT world
🕵️‍♂️ Discord leak
🛡️ OpenAI bounty
🇰🇵 North Korea vs. 3CX
📱 Israeli spyware
🤖 NYC robots
🚕 Robotaxi success
😢 Teen mental health crisis
🚫 AI bans, and more!


MY WORK
The Hierarchy of Content
A rating scale for how vulnerable your content is to being replaced by AI. MORE

Moloch: The Most Dangerous Idea
If we are alone in the universe, this is probably why. MORE

6 Phases of the Post-GPT World
The implications of connecting GPT-4 to the internet, and the tech that will result. MORE


SECURITY NEWS
Discord Intelligence Leak
A US National Guardsman named Jack Teixeira leaked a number of Top Secret military documents in his Discord Server group over a number of months. The documents were further shared elsewhere, causing them to leak all over the internet. The leak detailed Ukraine’s plans for a counter-offensive, as well as details about various European countries that were giving aid to Ukraine. Teixeira has been arrested under the Espionage Act. MORE | NYTIMES | BELLINGCAT

OpenAI Bug Bounty Program
OpenAI launched its Bug Bounty Program with BugCrowd, inviting hackers to help identify and address vulnerabilities in their AI systems. Rewards range from $200 to $20,000 based on severity and impact. Great job to both teams! I can only imagine the firehose of vulns people have been sitting on. MORE | PROGRAM

North Korea vs. 3CX
Mandiant has been investigating the 3CX supply chain attack and has concluded that it’s the work of a North Korean threat actor called UNC4736. The attackers targeted with malware called Taxhaul, which deploys a downloader called Coldcat. 3CX has shared YARA rules and IOCs to detect the malware. MORE

More Israeli Spyware
A little-known Israeli spyware company has been using its software against journalists and political figures across three continents. Citizen Lab and Microsoft Threat Intelligence published reports calling out QuaDream for its Rein software, which is “a suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices.” MORE Sponsor
 Hyperproof: Next Level Compliance and Risk Management 
Hyperproof is the industry-leading compliance operations and risk management platform. Cut the time spent preparing for audits in half, automate evidence collection, and increase team productivity by 70%.  

With 75+ out-of-the-box framework templates, including SOC 2, NIST, FedRAMP, and ISO 27001, our built-in requirements and customizable controls will satisfy the needs of your products and industry. Connect your controls to risks to better protect your business and see where you stand in real time with our risk register.

Book a demo today to see why Hyperproof is G2’s #1 trending software for IT Risk Management and GRC.
 learn.hyperproof.io/built-to-scale-unsupervised  Book a Demo Amazon S3 Security Update
Amazon S3 has started deploying two new default security settings for all new buckets, including enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new buckets. Rejoice! MORE

NCR Aloha POS Outage
NCR’s Aloha point-of-sale platform suffered an outage due to a ransomware attack by the BlackCat/ALPHV gang, impacting hospitality customers and business operations. MORE

FBI Warns Against Public Chargers
The FBI says people should avoid using public USB charging stations for their mobile phones. They said the stations in places like malls and airports may be compromised and could install malware on connected devices. MORE 

Cyber Investment Down 58%
Venture-backed cybersecurity startups saw 58% less investment than a year ago, which represented a 45% drop (149 total) in deal flow. MORE 

NYC Robots
New York City abandoned its robot dog plans after a massive outcry two years ago, but now it’s bringing them back. They’ve ordered two of the Boston Dynamics Spot Bots. The city says the $75K bots will mostly be used like bomb robots for now and they won’t be run autonomously. They’re also deploying a Knitescope K5 robot, which is designed to counter vandalism and break-ins. Really wish that one looked less like a Dalek. MORE | THE KNITESCOPE K5

Fake Chinese Officials
The FBI is warning Chinese people in America to not fall for scammers claiming to be part of the PRC. They say scammers are posing as officials and stealing money from Chinese citizens. This works well because newly arrived Chinese people anywhere in the world are still strongly tied to China, and feel beholden to Chinese authorities. The FBI says to call them if you believe you have a legitimate request from China, as they are required to register with the FBI for such activities. MORE | MORE

Vulnerabilities Microsoft issues fixes for 97 flaws, including an actively used ransomware exploit MORE
 TECHNOLOGY NEWS
The SIMS + AI
Google and Stanford collaborated to create human-like AI characters that operate in a SIMS like environment called Smallville. There are 25 separate personas that wak up, have breakfast, and go on about their days. They interact with each other and do many other human-like activities. The whole thing is seeded with just one paragraph of prompt text for each character, and they take it from there. Researchers interviewed the characters after they had been running for a while and found that some had careers. One had decided to run for mayor and described his plans after he took office. MORE | MORE

AI Wage Discrimination
Companies like Uber and Amazon use AI to pay workers different wages for the same work, raising concerns about “algorithmic wage discrimination” spreading to other industries. MORE

Robotaxi Success
Robotaxis in San Francisco seem to be running quite smoothly. The city required them to keep detailed logs on how much disruption was being caused by Cruise and Waymo robotaxis, and the numbers are remarkably small. There were evidently only 12 driverless-caused reports from September 2022 to March of 2023. MORE

33% SF Vacancy
Office vacancies in San Francisco have hit 33%, and 23% in Silicon Valley. Both are records. MORE


HUMAN NEWS
Teen Girls’ Mental Health Crisis
A new CDC report reveals that nearly 1/3 of teen girls have considered attempting suicide. 30%! And nearly 3 in 5 (57%) felt persistently sad or hopeless in 2021. That’s double the number of boys, and up nearly 60% from the past decade. CDC

Whole Foods Closes Flagship SF Store
Whole Foods is closing its main store in San Francisco due to safety concerns for its workers. MORE


IDEAS & ANALYSIS
Expect AI Bans?
I am of two minds about what’s going to happen with AI. If things go slow enough I think it’ll pull us out of our recession and start a new productivity boom. But if things go too quickly I think we’ll have acute job losses and world governments will start banning AI replacement of jobs. I’m currently siding a bit more towards the latter. When I predicted the recession piece it was before GPT-4, plugins, and Langchain Agents. I’m now thinking governments are more likely to get spooked and pull out the ban hammer. MORE


NOTES
I’ve got Agents working in Langchain! And not just working, but calling my own APIs. In my most recent run I ask my Agent to analyze the Solarwinds incident so it makes two requests—one to Google to learn about the incident, and one to my API to analyze the incident. Completely insane!  I’ll share the screenshot and maybe some code as well in chat.

The stuff I wrote about in my book in 2016 is starting to happen. I’m going to be talking a bit more about that in the next few weeks. I actually re-read the book and it’s not nearly as bad as I thought it was. So crazy that it’s all happening this fast. I had high confidence the things I wrote about would happen, but I honestly thought it would be another 10-15 years.

I’ll be around the RSA area, so if you’re in town let me know. We’ll be doing another UL Dinner as well so look out for the invite in chat! 


DISCOVERY
⚒️ chatbot-ui — Run your own local ChatGPT interface using your API key instead of OpenAI’s web interface. It’s faster and doesn’t have the query limits of the official interface. MORE | BY MCKAY WRIGLEY | MY SCREENSHOT

⚒️ Auto-GPT — an experimental open-source application showcasing the capabilities of the GPT-4 language model. This program, driven by GPT-4, chains together LLM “thoughts”, to autonomously achieve whatever goal you set. MORE | BY SIGNIFICANT GRAVITAS

⚒️ Ben’s Bites — Hacker News, but for AI MORE

It happened to me today ($80/hr writer replaced by ChatGPT) MORE

How much would someone have to pay you to switch from iPhone to Android forever? MORE

Laid off by big tech and then recruited for contract work—at the same place. MORE

Hyperproof (Sponsor) — Cut your time preparing for audits in half, automate evidence collection, and increase audit team productivity by 70%. MORE

Cole Comfort from our UL Community has a new podcast. Check out the first episode with Toby Amodio! MORE

JupiterOne’s 2023 State of Cyber Assets Report MORE

Nick St. Pierre is the best natural photography prompter in the world. MORE

Sam Altman says they’re not training GPT-5 and ‘won’t for some time’. MORE

Huberman Labs’ Sleep Toolkit MORE

ProjectDiscovery is having a meetup for users on Tuesday, April 25th at RSA. There will be demos and swag! MORE

Altman also says the parameter count is a lot like the gigahertz race from the 1990s, and that ultimately it won’t matter as much as other factors. MORE

MacOS Cursors MORE


RECOMMENDATION OF THE WEEK
Programming 0 -> 1
It’s hard to know what skills we will need to thrive post-AI, but I’m pretty certain that programming just became even more important. Not super deep programming in any particular language, but programming concepts. The fundamentals. The ability to stitch code together and make things. I asked Twitter for the best way to get those fundamentals and the CS50 course from Harvard was a favorite. If you don’t consider yourself a programmer, go take that course (it’s free), and start getting dirty with GPT-4 and Lanchain. It’s the new literacy. CS50

 
APHORISM OF THE WEEK
“The unknown is the greatest enemy, but curiosity is the greatest weapon.”

Matshona Dhliwayo *|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|* Hey, you. Yes. You. Thank you for being a member. Seriously appreciated. *|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|* Thank you for reading. To become a member of UL and get more content and access to the community, you can become a member. *|END:INTERESTED|* *|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|* Follow via RSS *|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|* Forward UL to friends Tweet about UL Share UL with colleagues *|END:INTERESTED|* Refer | Share | Unsubscribe | Update Your Preferences

Copyright © 1999-2023 Daniel Miessler, All Rights Reserved.

No related posts.

Moloch is a strong candidate for the most dangerous idea. If we’re alone in this universe, it’s likely because of Moloch.

It’s pronounced MOL-uck.

What is it? Practically speaking, it’s something like an accelerating race towards a goal that has both a tremendous payoff and that guarantees our destruction. It’s a race to the bottom, where the bottom is the destruction of our species.

Moloch is a race that’ll probably kill us, but that we can’t help but run.

I heard Max Tegmark talk about the concept recently on Lex Fridman’s podcast, and have heard the term a few times elsewhere in the last few months. But never before that, which is curious.

Wikipedia’s Article

The concept ( מלך mlk in Hebrew) comes from the Old Testament as a name of a Canaanite god associated with human sacrifice, but some scholars also think it might refer to sacrifice itself. Either way it was considered a bad thing in the Bible wherever it was mentioned.

Johann Lund’s 18th Century Depiction of Moloch

That definition also fits well with the modern interpretation. Sacrifices were done to gain something from the gods, so it’s essentially, “doing something bad so that you can get something in return”.

Another interpretation is one that Max mentioned in the podcast with Lex, which is a demon that convinces you to play this game. So in that model it’s not the game itself that’s the enemy, but the force that’s enticing us to play the game.

There are remarkably few definitions available anywhere, so this is my attempt at it.

I’m not sure that distinction matters much, so I’m going to refine the definition above and say it’s:

> A greed and/or FOMO-based race to the bottom where everyone loses as soon as someone wins.

The inevitable game

As Max talks about on the podcast, Moloch is toxically seductive. It stacks selfishness on top of FOMO on top of practicality.

Here are some examples:

There are smaller-scale moloch games as well.

The Race to AGINuclear ArmamentHuman CloningGene EditingGrowing Economies Using Fossil Fuels

Taking the game of the hour as an example, everyone is sprinting towards AGI at top speed not only because they want the benefits—which they do—but also because they know everyone else is sprinting. So that’s the FOMO aspect.

The worst part is that everyone knows they should stop running, but they can’t.

But we also know it’ll give us tremendous economic and military advantages. So the greed kicks in and makes us run even faster.

And finally we have good ol’ self-preservation. Living under a super-intelligence-powered China would not be fun for anyone. And that’s assuming China could control it.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…Get a weekly breakdown of what's happening in security and tech—and why it matters.

So even if the West was able to control its greed, and wanted to stop, we know China and Russia won’t. So we won’t either.

The Hail Mary solution

Individuals can’t stop the race because you need everyone to stop at the same time.

The depressing part is how difficult the solution is. It’s obvious. It’s right there in front of us. But nobody is going to do it.

We have to all stop together.

The US. China. Russia. Europe. Asia. The entire world has to stop together and say,

> Hey, let’s pause for a second and come up with some ground rules so we don’t destroy ourselves.

But we probably won’t do that—hence why this is probably the most dangerous idea in the world. Maybe it’s this Moloch Barrier that stops most civilizations from progressing beyond a certain point in their development.

All those trillions of stars out there—all those planets—and we haven’t seen anyone. Maybe they’re just too far away. Some experts believe that. But maybe billions of civilizations got to where we are and they just couldn’t make it past the Moloch Barrier.

Maybe they couldn’t find a way to exit the race before they killed themselves with AI, nukes, bioweapons, or whatever. We need to find a way out of this race.

Nothing is more important.

Notes Tegmark points out some examples of anti-molochs, include gossip, the legal system, and regulation. Howl, by Allen Ginsberg is a poem about Moloch. MORE

Humans are creative. It’s one of the things that separates us from the other animals. Other animals create things, but most don’t change what they create based on new ideas, or how they feel.

Much of our culture revolves around this. And our economies. Our very society is based on creating and sharing or selling new things. So it’s pretty significant when something like AI comes along with the ability to replicate much of that creation.

How much thought vs. leg-work is in your content? The more leg-work the more vulnerable you are.

This is a look at what types of creation there are, and which might be most vulnerable to replacement by artificial intelligence.

The hierarchy of content

This chart has nine total tiers which are three-part breakouts of three fundamental levels:

Higher is better.

CreatingAnalyzingCurating

Curating, organizing, and collecting are all combined into Curation in this 3-level system. Summarization, explanation, and analysis are combined into Analysis. And enhancement, thinking, and creating are combined into Creation.

A brief aside on curation

One thing to mention about Curation is that there are levels to that game, meaning Curation is only level 3 of this model, but one can argue that carefully filtering certain stories combined with Enhancing or Thinking can also be considered Curation, and that it’s much more valuable than level 3.

Curation can be quite advanced, but most is basic link filtering based on interest.

I agree with that, but I think most curation—in newsletters for example—isn’t so grand as presenting a life perspective. It’s more like link selection and presentation, which is to say that curation happens naturally when you ask people to choose what’s interesting to them. In other words, there’s basic curation and advanced curation. And the advanced version is somewhere up around level 8, while the most common one is at level 3.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…Get a weekly breakdown of what's happening in security and tech—and why it matters. Vulnerability to AI

The bottom of the chart is most vulnerable, and the top is the most safe.

You don’t want to be here

AI is extraordinarily good at collecting stuff, filtering it, organizing it, and yes—even selecting which things to include based on a set of preferences. So if you’re in the bottom three levels you should be thinking about how to pivot.

Example: Newsletters of links on various topics.

AI is really good at this too, so tread carefully

Next we have analysis, which feels a lot safer, but one of the things I use AI most for is explaining things. There’s a simple rule here that you should use. If you explain things well in your own unique voice, you have more time here. But if you just pull out the relevant information in a particular structure you’re at risk here as well.

Example: Newsletters of links with basic summarization.

The safest by a wide margin

Finally we have creation. This is where you’re either adding ideas to an existing idea, creating a new thing based on existing ideas, or creating something completely new based on a completely new idea. So building a company for example is either ENHANCE or CREATE.

A blog where you post new ideas is THINK. And a blog or newsletter where you come up with new ideas and ship something useful based on those ideas would be CREATE. This tier will survive for the longest, but I’ve already had significant success making completely new things with GPT-4, so it’s no place to relax.

SummaryIf you’re a creator, find where your content sits on this chartFigure out how to climb up a few rungsThink long-term about what your brand is and how you can eventually get it into the THINK and/or CREATE tiers for maximum survivability against AI

AI content is about to explode. Automated newsletters in precisely your space. New products, new services, new art, and everything in-between. Be ready.

STANDARD EDITION (UPGRADE) | NO. 377 | APR 10 2023 | Subscribe | Online | Audio Happy Monday—I hope you’re well!

I’ve been obsessed with langchain this past week. It’s like the coolest tech in AI right now, not counting GPT-4 and Midjourney. It’s basically the connective tissue for building AI applications. Think of it like the pipe “|” command in Linux. You should check it out. MORE

Meanwhile, let’s get into the week!



In this episode:

🛡️ Semgrep + AI: Enhancing code security
📉 Goldman Sachs predicts AI’s impact on jobs
🤖 AI’s threat to newsletters & the future of content
🔍 Unmasking money and power with AI’s transparency
🌉 Exploring the gap between pre-AI and post-AI worlds
📚 AI replacing tutorial webpages with assistants
🚰 The power of building pipelines over fixing things
📚 NIST AI Risk Management Framework & playbook
🚗 Tesla’s video sharing privacy concerns
📸 Iranian women monitored by public cameras
🌆 Crime density stats: SF vs. Baltimore
💻 Microsoft’s TaskMatrix.AI & Langchain’s success
👴 Hiring older workers for their work ethic
🏭 US manufacturing resurgence & green efforts
🔭 JWST captures stunning Neptune image


MY WORK
AI‘s Threat to Newsletters
Most newsletters won’t survive the burst of AI-generated completion we’re about to see. Only one kind will likely survive. MORE

Unmasking Money and Power With AI
GPTs will magnify transparency in the world, and make it easier than ever to “follow the money”. MORE

The Pre-AI World, the Post-AI World, and the Gap In-between
Can AI lead us to a post-capitalist society focused on creativity and humanity? MORE

AI is the End of Tutorial Webpages
AI assistants will replace traditional tutorials and change how we consume information. MORE

Don’t Fix Things; Build Pipelines
Why pipelines are a superior mental model for problem-solving. MORE


SECURITY NEWS
Semgrep + AI
Semgrep added GPT-4 to their offering to help identify false positives and fix code. The integration allows them to auto-triage findings, fix code automatically, and provide direct assistance to developers. MORE

NIST AI Risk
NIST released its AI Risk Management Framework at the end of January, and it now has a companion playbook and video explainer. The framework is based on four primary concepts: Govern, Manage, Map, and Measure. FRAMEWORK | PLAYBOOK | EXPLAINER

Tesla Video Sharing
Ex-Tesla employees said it was possible to get access to sensitive in-car video recordings within Teslas, including ‘scenes of intimacy’. Pretty much the privacy nightmare—employees passing around stuff that can cause you reputational harm. MORE
 
CISA Orders BackupExec Patch
CISA added five issues to its list of vulnerabilities abused by threat actors, and three of them were Veritas Backup Agent issues used to deploy ransomware. MORE

Iranian Women Cameras
Iran is installing cameras in public to catch and penalize women who don’t wear the veil. The system starts with a warning text message informing them of the consequences. MORE

Crime Density Stats
Someone did some analysis on crimes per square foot of major cities, and San Francisco came out worse than Baltimore. MORE | MORE Sponsor
 Stay Compliant with hCaptcha’s Privacy White Paper 
Learn how global privacy laws can impact your organization and how to ensure compliance with hCaptcha‘s privacy white paper.

Discover how to meet international privacy requirements, navigate liability as an online property owner, and evaluate your security stack for privacy compliance. Stay ahead of the game – download our white paper now.
 hcaptcha.com/ul  Download hCaptcha’s White Paper Now TECHNOLOGY NEWS
Microsoft Taskmatrix.AI
Microsoft has introduced an AI API infrastructure called TaskMatrix.AI. It works by, “integrating foundation models with millions of existing models and system APIs, resulting in a “super-AI” that can perform various digital and physical tasks.” MORE | PAPER

Mild Layoffs?
Crunchbase says the massive layoffs of over 200K people in the last 14 months only add up to around 8% of the people hired after the pandemic. MORE 

Computer Shipment Declines
Computer sales are way down, with Mac shipments down 22% and most PC makers slumping over 40%. Related to that, Foxconn also dropped 21% in March, and they expect further decreases. MORE 

Langchain Raise
Langchain has raised a $10 million seed round led by Benchmark. It’s the tech powering a ton of the advanced GPT-based apps you’re seeing right now, and I think they’re crushing it. MORE 


HUMAN NEWS
Goldman AI Loss
Goldman Sachs says 300 million jobs will be lost or degraded by AI. Sounds directionally correct, but the real questions are 1) how many will also be created, and 2) how quickly all these things will happen, and 3) how people and economies will respond. MORE | PAPER

NATO Finland
Finland is now part of NATO. MORE 

SF Murder
A well-known tech entrepreneur, Bob Lee, was stabbed and killed in San Francisco last week. He had moved out of the city for safety reasons. As a former SF resident, this resonates strongly with me. I really do feel like the city is lawless, and as a liberal, this angers me. I was told by people growing up that you don’t want to live in liberal cities because they ruin everything. I didn’t believe them. I still don’t think that’s the case everywhere, but it sure seems true for San Francisco. Too much of it looks like a set for The Last of Us, and I feel uneasy whenever I’m there now. MORE 

Hiring Older
Bosses need hard workers, so they’re hiring older people who have a different work ethic. MORE 

America is Back in Manufacturing
The US spent $108 billion on manufacturing-focused construction in 2022, which is more than schools, healthcare facilities, or office buildings. The trend is tied to green efforts and a desire to secure our supply chains. MORE

JWST Neptune
The JWST telescope just caught a wicked photo of Neptune, showing its moons and its massive ice ring system. MORE


IDEAS & ANALYSIS
Mind the Font
If you’re blogging on a platform where the font looks the same no matter who’s writing—i.e., your content looks identical to everyone else’s—that means it’s their platform, not yours. When you read the New York Times, you’re not reading authors, you’re reading The Times. Maybe that’s ok if you’re building a career as a writer and you’re picking big names to establish credibility, like writing for the New Yorker, then The Atlantic, so you can make it to the New York Times. That makes sense. Or at least it did like a year ago (not sure about now). But as a new blogger that’s not your situation. Your goal should be broadcasting as yourself as purely as possible. And that means controlling the look and feel of your content. It should look and feel different than other people’s stuff. Blogging on Medium or Substack is like showing up to do a talk wearing a company uniform, covered in their logos. Again, not bad if it’s the best brand in the world, but probably not worth it if it’s not.

The End of Googling
We need a new word for Googling something. I’ve probably switched to GPT for 85% of my searches in the last month or so. Paul Graham said his 10-year-old doesn’t Google things anymore. He either uses GPT or Pokedex. Makes sense. So what’s the term? GPT’d? Too long. AI’d? Cumbersome. I wonder if it’ll just be called “searching”, and the Kleenex naming advantage Google had will just fall off. What are your guesses for the new verb?


NOTES
I’ve had my life elevated by a couple of utilities in the last week. 1) Espanso. It’s a Rust-based, YAML-configured text expansion system. It lets you run shell commands as well so I’ve integrated it with my AI APIs for doing quick little shortcuts like ;essay, ;correct, ;proofread, ;analyze-incident, etc. to get instant analysis within any text location, including in my terminal. 2) MacGPT. It’s a little utility that lets you call GPT directly from your Mac. You just call up the shortcut and a little window pops up and you type in your question. For whatever reason it’s lighting fast. The combination of these two things have accelerated my life greatly in the last couple of weeks.

My buddy Matt Jay has a new newsletter, and he’s on the sixth episode right now. It’s called Vulnerable U, and its focus is on how we can use vulnerabilities, and vulnerability, as a catalyst for growth. Matt’s content is spectacular, and I recommend you check it out. MORE 


DISCOVERY
⚒️ The Lex Fridman Podcast ChatGPT Plugin
ChatGPT now has access to every episode of Lex’s podcast. MORE | BY RILEY TOMASEK

⚒️ A GPT-powered Poem Clock
Someone made a clock out of poems, using GPT to create the rhymes. MORE | BY MATT WEBB

Why I Blog MORE | BY DANNY GUO

Langchain as a ChatGPT Plugin MORE

🔥 OpenAPIEndpointChain — Wraps a single API endpoint in a natural language interface. MORE

Everything is a Practice MORE | BY DANNY GUO

How to create a podcast search tool using Lanchain Tools. MORE

Video is the next target for Generative AI, and things are already getting crazy. MORE

Midjourney has banned all images of Chinese President Xi Jinping. MORE


RECOMMENDATION OF THE WEEK  Espanso for text expansion. MacGPT for immediate access to GPT-4. Constantly be thinking about the services you provide and where they sit in the hierarchy of ideas. What about what you do can be replaced easily, and what about what you do is resilient? Are you the SME? Are you creating AI tools? Or are you the polymath glue that solves problems with AI?  
APHORISM OF THE WEEK
“To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment.”

Ralph Waldo Emerson

Earn rewards for sharing UL…

You can now earn rewards by sharing UL with others! Share to earn:

– 5 Shares -> A PDF on How to Thrive in a World Full of AI

– 10 Shares -> 25% Off UL Membership

– 20 Shares -> 50% Off UL Membership

– 50 Referrals -> A Private 30-minute Mentoring Session With Daniel

– BONUS: Plus, each referral is an entry to win a pair of AirPods Pro 2 on May 31st!

– Congrats to Charles Blas for winning the first AirPods Pro 2 giveaway on February 28th!

Share this unique URL with your friends, networks, and socials and accrue referrals when they subscribe!

<<RH_REFLINK>>

FacebookTwitterWhatsappLinkedinEmail

PS: You have referred <<RH_TOTREF>> people so far…

See your current referral stats… Thank you for reading. To become a member of UL and get more content and access to the community, you can become a member. Forward UL to friends Tweet about UL Share UL with colleagues Refer | Share | Unsubscribe | Update Your Preferences

Copyright © 1999-2022 Daniel Miessler, All Rights Reserved.

No related posts.

AI-driven newsletters are almost here. As artificial intelligence improves, it poses a significant threat to the traditional newsletter format. In particular, three types of newsletters are at risk: raw collectors, curation and comment newsletters, and idea-based newsletters.

Raw collectors are the most vulnerable. These newsletters simply gather a large number of links and present them to readers with minimal context or commentary. As AI becomes more sophisticated, it will be able to perform this task more efficiently and effectively than humans, rendering raw collectors obsolete within a matter of months.

AI’s rapid advancement has already begun to outpace human curation abilities.

Curation and comment newsletters are the next in line. These newsletters select a few noteworthy items to highlight and provide a custom summary for each. While this format requires a higher level of AI sophistication to execute, that level of technology is quickly approaching. Within six months to a year, these newsletters will face serious competition from AI-driven alternatives.

The final, and least vulnerable, category is idea-based newsletters. These publications focus on presenting new and original ideas, which are more difficult for AI to replicate. However, even idea-based newsletters must adapt to the changing landscape by incorporating original content and a strong vision for the future.

The key to surviving the AI revolution is originality and vision.

A successful newsletter in the age of AI will follow the IDEA, BUILD, and SHOW model. This approach involves presenting an original idea, creating something useful based on that idea, and showcasing it to readers or allowing them to interact with it. This model can be applied to both blogs and newsletters, ensuring their survival in a world dominated by AI.

Even as AI encroaches on the territory of traditional newsletters, there will still be a place for discussing news and filtering stories for a specific audience. The crucial factor that will set successful newsletters apart is vision. Those with a clear perspective on the world and a plan for what they want to build within it will be able to provide value to their readers by offering informed opinions and insights on relevant news.

A strong vision and original ideas are essential for newsletters to thrive in the AI era.

In contrast, newsletters that lack a distinct point of view or original content will struggle to compete with AI-driven alternatives. As AI becomes increasingly adept at curating and summarizing news, these generic newsletters will find it difficult to maintain their relevance.

SummaryRaw collectors and curation/comment newsletters are at the greatest risk from AI.Idea-based newsletters can survive by focusing on original content and vision.The IDEA, BUILD, and SHOW model is crucial for success in the AI era.Newsletters with a strong vision can still provide value by discussing news and filtering stories for their audience.Generic newsletters without original ideas will struggle to compete with AI-driven alternatives.

To survive and thrive in this new era, newsletters must adapt by focusing on original content, vision, and the IDEA, BUILD, and SHOW model. By doing so, they can continue to provide value to their readers and maintain their relevance in a world increasingly dominated by AI.

I think one of the most powerful ideas in business—or any kind of organization really—is the distinction between fixing things vs. building pipelines.

I used to think about fixing things. You work a company. You see a problem. You talk to the right people, make the correction, and you move on.

Maybe you will stop that thing from happening once or twice, if that person is the one doing it, but if you haven’t changed the permanent process for how it gets done, you haven’t actually fixed anything.

So basically, everything that gets done can be thought of as a pipeline. Water goes in one side, lots of things happen to it along the way, and it comes out the other side.

If you want to change what comes out, you need to fully understand the entire pipeline and change the components that affect that outcome.

And not just change them, but document those changes (or start the documentation if it didn’t exist before), and then communicate the change. Finally, you have to make it very clear how changes to the process are handled.

Who submits a change? When and where is it discussed? How is it approved? How is it actually changed? And how is that communicated?

Once this is in place you now have a pipeline for that thing getting done. Maybe that’s a security assessment for new projects. Or maybe it’s a review of a vendor to see if they can work with the business.

It’s a permanent, documented, and communicated process with visible components that people can understand and know how to modify.

Don’t fix mistakes. Update pipelines.

SummaryPipeline thinking is a proactive approach to problem-solving that focuses on building systems rather than fixing individual issues.To build a pipeline, document the existing process, identify areas for improvement, and implement changes.Communicate the new process clearly and establish a system for reviewing and updating the pipeline as needed.Pipeline thinking fosters a culture of continuous improvement and innovation.