Are Assessments Dead? Should Infra report to the CISO? Copilot pauses new signups! Is AGI here?
Adrian Sanabria, Jason Haddix, Ross Haleliuk, Mo Gawdat and more
No in depth article, rant, or essay today. Instead I’m going to post some interesting articles and stories I ran across recently, mostly this week.
I used to include this at the bottom of my essays (I had this automated using raindrop) and I might return to that once I revamp my second brain system.
❓Got a 2nd brain system that works for you? Lmk in the comments.
❓I’m also looking to redo my personal site. Might take a stab tonight with Claude, but if you’ve seen some amazing ones, please reply to drop them in the comment!
Week in Review
Adrian Sanabria: A tale of two privilege escalation bugs
I listened to this on the way home the other day and I love how it was written so conversationally. Adrian Sanabria goes through what makes a good writeup.
Wow. WOW. This writeup has it all
Jason Haddix: Are Cybersecurity Assessments Dead?
Ok, I think I can rant on this one. Great post by Jason Haddix. People think that AI is here and it will discover all their problems. Umm, sure, keep thinking that. Just like any tool, you need to KNOW how to use it and where to point it to. It’s called confirmation bias.
It’s like just getting your driver’s license and saying you know how to drive already.
If I walk into an environment, I guarantee you I will find issues your AI prompt would never have found.
Ross Haleliuk: Infra + Security a match made in heaven?
I have talked about how IT should fall under security. Why? Because IT is the front lines of security. In fact, oftentimes many orgs don’t want to deal or manage IT, so why not give it to security!
Fast forward though, and I have been seeing a small but growing trend of Infra/DevOps/DevSecOps to live under security. So much so, that I’ve seen CIO’s reporting to CISO, a major shift from decades past. CISO’s reporting to CIO’s are an inherent (8/10) conflict of interest because they have conflicting priorities, but CIO to CISO does not!
Ross Haleliuk goes in depth not only on the case for having Infra under security, but also into the history organizationally of where cybersecurity lived and grew.
Replit Agent Free for 24 Hours!
Celebrating its 10 year anniversary, Replit made its agent free for 24 hours!
I can’t wait to see what people built.
Sent it to a family member and they were able to finally build that website they’ve always wanted. 💪🏼
Music is starting to stop: Subsidized AI no more?
Just like Uber used to subsidize rides, so are AI providers. Eventually though the music will stop, and providers will increase fees and decrease usage.
Oh wait, that’s been happening already. If you’re a Claude Max user, you may have noticed some changes.
But Github flat out changed its tiering and stopped new signups of copilot and is tightening usage.
Today we’re making the following changes to GitHub Copilot’s Individual plans to protect the experience for existing customers: pausing new sign-ups, tightening usage limits, and adjusting model availability. We know these changes are disruptive, and we want to be clear about why we’re making them and how they will affect you.
You can read their post here.
You can use Claude Code for Free, with a catch
First of all, many people don’t know that you can use Claude Code with open source models. Yes, you can. This video shows you how to hook it up to Openrouter. (Yes, the thumbnail is a bit click baity)
However, something to keep in mind when you use Openrouter as YT user BuildEdgeHQ points out:
The OpenRouter free model setup is clever, but worth flagging for non-devs watching: the free tier on most providers means your prompts and outputs are used for training. That's fine for personal projects but a real issue if you're building anything with client data, internal company info, or anything you'd consider sensitive. Worth checking each model's data policy before using it for work projects.
I'm a PM with 20+ years in cybersecurity, building products with Claude Code. Privacy trips up a lot of non-devs because nobody warns them
Pretty cool that she’s in cybersecurity as well.
So what is one to do?
Well, you can use a LOCAL model. I think in the future, most people will have a local model for their day-day tasks and maybe use frontier models for specialized work.
Here’s how to do it locally:
Setup Steps for Free Local Claude Code
Install Ollama: Download and install Ollama from ollama.com.
Download a Coding Model: Run
ollama pull qwen2.5-coder:7b(or a similar coding model likeglm4ordeepseek-coder) in your terminal.Install Claude Code: Install the Claude Code CLI using
npm install -g @anthropic-ai/claude-code.Configure Environment: Set the API base URL to your local Ollama instance.
Mac/Linux:
export ANTHROPIC_BASE_URL=http://localhost:11434/v1.Windows: Use
setxor set it in your environment variables.
Run Claude: Launch the tool using
claude --model ollama:qwen2.5-coder:7b. [1, 2, 3, 4, 5]
Source: https://www.google.com/search?q=claude+code+free+ollama
Some references if you want to explore more:
Is AGI here already?
Ok, this is kind of an inside scoop, so the juiciest for last. There are people saying that AGI is here already. There are shops making people sign NDAs for interviews where they can’t even disclose they interviewed for that company.
Even Mo Gawdat is betting his life that AGI will happen in 2026.
⚠️ Warning: Watching this video kinda may make you depressed.
That’s It
Thanks for reading. Hope you enjoyed the post! Feel free to share with friends or enemies.