Andreas Bayer

Time to be fair.... In past posts, I have been less than complimentary of the DLC regulations that now make it more difficult to implement SMS into an application. I understand that all sorts of organizations use (and misuse) SMS millions (billions?) of times daily. I get that the new regulations make an attempt to reduce, as much as possible, SMS Spam. All in all, it just seemed like another example of hand-cuffing the good guys while trying to put some limits on the bad actors. My experience at the time was with #Twilio... and I tried to make it very clear that my frustration wasn't necessarily with them - they were doing the best they could to handle an avalanche of organizations trying to comply with new rules that everyone was stumbling their way through. I've been using Twilio for years and can't complain AT ALL about the platform performance for my particular small-scale needs. It was the nearly impossible approval process that really soured me. After nearly a year of living without application-based SMS (email only), I decided to revisit. The application was already all wired up for the feature - it was just dormant. This time around I was able to get up and running in 3 days... 99% of which was the DLC approval - which happened today. Kudos #Twilio for suffering through the tough days and making SMS once again something that can be done with very little pain. #twilio #sms #dlcapproval

2

One of the most interesting things to come out of of crypto - where the exchange of rewards is so fluid, and fraud is so rampant - is the creation of systems to define which users are real / not bots, and actually generating value. Airlines, hotels, and coffee shops have been in the loyalty business forever... but not with this kind of global reach or velocity. Everyone is already an influencer - but only some are big enough to get marketing contracts. Crypto is showing that anyone can get paid to help build or grow a product. https://lnkd.in/g_wci5tU

7

More news from Socure!

31

One phase of Delighted's quarterly product planning is reviewing upcoming breaking changes across our ecosystem / internal tech stack. We currently run each integration + tool in our infrastructure stack through Perplexity's API with a fairly specific prompt (e.g. reviewing dev + change logs). The output is a clear checklist of what needs to be done to keep our tech stack in functioning order, and with what priority. Most often than not, there's nothing critical to address. But better to spend 15 minutes now vs. pivot our roadmap mid-quarter. If you're interested in doing something similar for your team, give me a nudge and I'll share over more detailed steps / prompts to get something similar using 100% free tools. No catch - keen to see if this approach is helpful for anyone else!

10

The implosion of banking-as-a-service pioneer Synapse Financial Technologies is shining a harsh and unflattering light on a key link that has enabled the growth of the digital banking industry in recent years. #synapse #tabapay #forbes #fintech #fintechnews

2

Llama3 is out!! Surprisingly they did not take the MOE route - 8B and 70B parameter models - Improvements in pretraining data and instruction fine-tuning - New trust and safety tools like Llama Guard 2, Code Shield, and CyberSec Eval 2 - Plans to introduce new capabilities like multimodality, longer context windows - Upcoming release of larger models (over 400B parameters) with additional capabilities - Planned publication of a detailed research paper on Llama 3 Vincent Terrasi, Abdallah Arioua, Raffi Tchakmakjian, Gabriel Lespérance, Hanyin CHEN, Armel Beaudry KEMBE TCHEMEUBE, Aimé Toumelin

19

4 Comments

We just launched Convex Auth (https://convex.dev/auth), an authentication library that works directly with Convex. It’s an easy way to jump start your project with a users table backed by real credentials. I’m really excited to see all the things people will build with it. You might ask, “Why build another Auth solution when good solutions already exist?” And for the last few months, we’d probably just respond with “Good point.” We’ve always recommended and still recommend that people use third party auth services like clerk.com with their Convex projects. (In fact, solutions like Clerk are required for advanced use cases like 2 factor, passkeys, and all the other bells and whistles). Our community, though, was running into a common hurdle: having user data readily available on their backend. - You want to be able to join a query against a user table. - You want to be able to easily access people’s email address and names in a background process to send a notification email. - You want to build complex user profile information that extends the base credential information. Very quickly in an app’s lifecycle you’re trying to figure out how to setup a webhook or stuffing information into a JWT that you can write through in some way—things get complicated fast! Our hope is that for most straightforward auth needs, Convex Auth can sidestep requiring a third party tool. Just like other great fullstack frameworks like Django, Rails, and Laravel, you get a users table right in your app, authenticated with Magic Links, OAuth, or passwords. Convex Auth is now launched in beta. Give it a try, and do give us feedback in our community. https://lnkd.in/g-TJrUyJ

23

3 Comments

Robust #PreSeed VC Contact Compilation. Explore a database of 250+ VC firms and 1,000+ professionals (partners and principals), complete with 900 email addresses for outreach. https://payhip.com/b/1bm6W #startup #startups #vc #venturecapital #investmentbanking #privateequity #managementconsulting #b2b #founders #entrepreneurs

1

This is really great and resonates - thanks Bryan Solar for the link! Couldnt align more to this - why add YAF (Yet Another Feature) when you can refine, prune, and streamline a feature in your existing product offering... On the engineering side this is also beneficial as it is less Cognitive Load and more time to cover Engineering PASS (Performance, Availability, Security, & Scalability)

15

Using LLMs to do one trillion pairwise comparisons in entity resolution is a costly move that would likely bankrupt any company. That said, using LLMs to perform QA checks on the outputs of the entity resolution could save a lot of manual QA time and costs.

4

Stripe just launched an SDK for AI agents enabling LLMs to ‘access financial services and earn and spend funds’. You can imagine this as part of an AI agentic workflow booking and paying for your trip, for example. Worth heeding the warning at this point: “This SDK is an early exploration of integrating Stripe into agentic workflows. As the behavior of agents is non-deterministic, we recommend exploring the SDK in test mode and running evaluations to assess the performance of your application. Additionally, we recommend using restricted API keys to scope access to the functionality your agent requires.” The more I learn, the more convinced I am this is the future we’re heading towards. “With the Stripe agent toolkit you can now easily integrate Stripe into the most popular agent frameworks. This enables you to automate common workflows that depend on Stripe and also helps unlock new use-cases by providing agents access to financial services on tools. In addition, usage-based billing can quickly integrate in these agent frameworks to bill your customers. Take a look at agent toolkit documentation to explore more of its capabilities and how Stripe is supporting agent businesses.” Lot to learn, and sort out, though. #genai #innovation #startups

24

6 Comments

What do venture capital firms look for when investing in AI-First cyber security companies? Menlo Ventures just published on this topic, and I was specifically interested in this one: ◾ Products that are “dead simple” to use. “In a market flooded with complex tools, we are looking for companies that prioritize user experience and transparency. Those that set the standard for what is “easy” distinguish themselves by deeply understanding the pain points of their customers and providing the most frictionless solutions. For security, “dead simple” use is often accomplished by enabling customers to quickly and seamlessly embed their own processes into the tool. This not only improves user experience, but also drives data collection, enhances model performance, and increases product stickiness. Here, AI is a means to that end. Companies like Semgrep, a next-gen SAST platform, use AI to allow enterprise AppSec engineers to generate rules specific to their companies (i.e., rulesets for security audits) via natural language, lowering barriers to adoption.” Coincidentally, Ross Haleliuk, just published “5 skills and potential career paths for cybersecurity of the future” on his excellent Venture in Security Substack, which includes the roles, cybersecurity UX and product management: ◾ Cybersecurity User Experience “While having a deep understanding of human psychology and behavior is critical, it is not enough. We must find a way to use that understanding to shape how cybersecurity solutions work and how they fit into people’s day-to-day lives.” ◾ Cybersecurity Product Management “The role of product managers in today’s technology world is hard to overestimate. Behind every successful technology product is a team led by a product leader (while their titles may vary, the nature of the role is similar across most organizations). I have observed that cybersecurity is yet to fully realize the importance of product management, both for security teams and for security vendors.” There is such a need for UX and product management in both cybersecurity and AI, and now in, AI cybersecurity. I’ll pop the links in below. #productmanagement #cybersecurity #UX

36

5 Comments

Comprehensive #Seed VC Contact Database. Access a list of over 1,250 venture capital firms, 7,400+ VC professionals (including partners and principals), and 6,400 email addresses. https://payhip.com/b/cs7UQ #startup #startups #vc #venturecapital #investmentbanking #privateequity #managementconsulting #b2b #founders #entrepreneurs

1

Great session James Newell and thanks for hosting Jon Prentice and SVB! In terms of the answers and perspective shared from Voyager Capital and James…. The Good (for Seattle investing and VCs) —— * the opportunity in Seattle (and the wider PNW / Cascadia region) that Voyager is still capitalizing on, is that there is a ton of potential in Seed to Series A investing that isn’t as accessible elsewhere. * SF and other markets are saturated and less engaged as investors at this stage. * talent pool here is massive, especially on the engineering and product side. What would be a “Game Changer” for Seattle —— * there is a talent shortage especially in terms of sales and marketers locally. * Few sales and marketers want to do $0 - $1M journey again if prior successful. * Angels are more private here, and may not feel the need to give back to the start up community if that isn’t how they made their wealth Outside of Seattle specific feedback: —— * Founders need to be doers, not “leaders of leaders” (an issue with those coming from big tech); talent need to meet the stage and act accordingly. * AI as a tool and business foundation is only important in terms of delivering business value. * AI powered firms need to show they have an ability to access proprietary data or be linked intimately to workflows or both to be a sound investment [this is established consensus among investors] * Investing, especially very early stage, should be run as a process. Be your own best BDR for fundraising. And finally …. The top 2 pieces of advice most often given to founders…. 1) Try to avoid VC capital to the degree you can [which means you have a capital efficient business]. 2) find a co-founder to complement your skills vs doing it all on your own.

7

This is the least-sexy thing to get excited about, but.... CFPB 1033 just dropped!! What this means: the US has finally adopted Open Banking rules. FINALLY. https://lnkd.in/gSKqAHQQ The PDF is far too long to read, so we handed it off to a helpful LLM to summarize, and here's the TL;DR: Key Objectives: - Empower consumers: Give consumers access to their own financial data and authorize third parties to access it securely and reliably. - Promote competition: Reduce barriers to entry for new market participants, encourage innovation, and prevent market dominance by incumbents. - Protect consumers: Ensure data sharing with third parties is transparent and for the consumer's benefit, not the third party's own. Coverage: - Data providers: Depository institutions (including credit unions) and non-depository institutions issuing credit cards, holding transaction accounts, providing payment facilitation, etc. - Small Depository Institutions: Depository institutions with total assets below the SBA size standard (currently $850 million) are excluded from coverage. - Covered Data: Primarily focuses on transaction information, account balances, payment initiation information, terms and conditions, upcoming bill information, and basic account verification data. Data providers must: - Maintain consumer and developer interfaces for data access. - Make covered data available upon request in electronic form. - Not charge fees for access. Key Provisions: - Prohibition on fees: Data providers cannot charge for providing access to covered data. - Prohibition on screen scraping: Data providers cannot use screen scraping to enable third party access. - Standardized format: Data providers must make covered data available in a standardized, machine-readable format. - Reasonable access caps: Data providers can impose limits on the frequency of third party requests, but they must be reasonable and non-discriminatory. - Third party obligations: Restrict the collection, use, and retention of covered data to what is reasonably necessary to provide the consumer's requested product or service. - Secondary uses: Prohibit secondary uses of data, such as targeted advertising, cross-selling, and data sales, unless authorized by the consumer as a separate product or service. - De-identification: The rule does not allow for the use of de-identified data for secondary purposes, but the CFPB will monitor the market and consider future rule-making on this issue. - Transparency and accountability: Requires public disclosures by data providers about interface specifications and performance metrics. Implementation Timelines: - Data provider compliance: Staggered over five years, starting April 1, 2026, for the largest data providers. - Third party compliance: Effective immediately upon the rule's effective date.

22

3 Comments

If you're a founder who needs a SOC 2, here's a great post from Christina Cacioppo about what you should look for in a solution.

6

Folks, I'm looking for some women software engineers to mentor some women on my team. Ideally a mix of backend, frontend, and if anyone knows someone in SecOps who'd be open to being a mentor I'd really appreciate if you could show this post to them and encourage them to comment or DM me? #mentoring #womenInTech #softwareengineering #SecOps

373

70 Comments

I don't usually post about our podcast on here. But this episode was REALLY interesting. It got into what it's actually like to be an open source founder. Chatted to Julius Volz (PromLabs) about building Prometheus, open sourcing it, Prometheus' architecture and pull vs push model, etc. But the second half turned into a conversation about the more personal stuff that goes into building and maintaining an open source project. e.g. - Building in your free time - Weighing up VC and the fancy dinners, but also what the VC track means for your life - Wanting to be able to enjoy your life and sleep as a founder - Measuring success in tech and the success models you see on LinkedIn (and realising that they don't work for everyone) - "Happiness is an empty work calendar" https://lnkd.in/esXJpAVS

27

1 Comment