In medieval England the ringing of the town bells would often be a somber occasion as it would announce the death of someone in the town. This week, I recalled a famous line of poetry that instructs one to upon hearing the bells, not ask for whom the bells tolls as it tolls for thee. That is to say it is not someone else's death being announced, it is your own! Mankind shares a common thread and the death of one effects us all. Moreover, it is a reminder to our own mortality; the bell rings for others, and the bell will ring for you as well one day.
I thought of this because the last couple of weeks have been an absolute bloodbath in startup world in terms of security. Mercor, a multi billion dollar startup, had ALL of it's data compromised by a supply chain hack. Their data -- which ranges from source code, to API keys, to hundreds of hours of recordings of applicant interviews -- is currently for sale on the dark web. Additionally, as a result of the leak, multiple former contractors are pursuing legal action . Mercor is not the only startup having an awful quarter because of security concerns. Delve, a successful compliance startup has recently been accused of falsifying their audit reports and committing fraud. As a result of the findings, Delve has sustained severe reputational damage, has been asked to leave YC and is being mercilessly cyberbullied on the internet.
I know little, to nothing, about Mercor or Delve and their business practices. I have absolutely no desire to pass judgement on them. What I do know, in my heart, is that Mercor and Delve will not be the last ones to suffer due to a sophisticated hack or due to less than perfect security practices. The era of AI has gifted us great and terrible wonders. We now have voice cloning is so good that you don't know if you are listening to your co-worker's voice or a hyper realistic deep fake. We have vibe coding so productive that you can generate more lines of code in a day than one could review in a month. Most of all, I feel in the air a manic need to move fast at all costs. While moving fast certainly has it's benefits, the faster you move the more likely you are to make mistakes.
At Sarj the posture I would like to take is to be extremely paranoid and careful. In this last week I have gone through every tool we use at Sarj to ensure we are using the strictest security settings available. I have also fervently searched for potential attack surfaces to eliminate. I have purged our old Notion, archived Github repos and walled off as much as I can.
Overall, I am not a futurist. I do not know if AGI will happen in the next five years. I do not know what talking to AI will to do our brains. I do not know what Sarj will look like as a company in six months (hopefully, even larger and more successful!). However, what I do know is that this is not the last time this year we will "hear the bells ring" for an unlucky startup.