- The CloudSec Rocket
- Posts
- The AI exponential continues—here’s how to ride the wave (ouch, my brain)
The AI exponential continues—here’s how to ride the wave (ouch, my brain)
Drinking from the AI firehose without drowning
Nelson R
May 31, 2025
Howdy my friend!
In today’s piece:
A mental framework to deal with recent AI progress
How to choose which career skills to invest in
Azure AI Foundry updates
OpenAI’s o3 model discovers a zero-day Linux vulnerability
Private repo exposure with GitHub’s MCP server
10 other handpicked things I think you’ll like
Coping with AI progress (a mental framework)
The last two weeks have been bonkers for AI progress.
We had a tsunami of announcements from Google I/O, Microsoft Build, and Anthropic.
Google alone announced over 100 new things. They even put out a blog post titled “100 things we announced at I/O.” Yep, you read that right… triple digit announcements.
We’re at the “holy sh*&#-balls” point on the AI progress curve.
How can we cope with the recent progress without our brains exploding?
I have a day job, and you probably do too.
One framework to “drink the firehose without drowning” is to characterise new developments as either “category makers” or “category crowders”.
A category maker is an AI system that unlocks a new type of experience.
Think ChatGPT’s launch (first time talking to a machine like a real human), GitHub Copilot (first generative AI coding assistant), or bolt.new / Loveable (first autonomous coding agents that actually worked).
These are no-brainers to pay attention to. They are iconic and era-defining developments.
Category crowders are new additions to an existing space. Think new model releases like Gemini 2.5 Flash or Claude 4 that extend earlier models’ capabilities.
These are valuable to follow, but less critical than category makers.
Category crowders show where AI adds value. Notice which areas AI solutions are coalescing around, and you’ll see where the value is accruing.
What key categories have emerged, relevant for us cloud security folks?
Here are five that come to mind:
AI coding agents (Bolt, Loveable, v0, Cursor Agent, Replit, Jules, Codex, Cline)
Use cases: quickly creating scripts or apps to work more effectively, solving cloud security problems, and building personal websites or portfolios.
AI research agents (ChatGPT Deep Research, Gemini Deep Research, Perplexity)
Use cases: finding answers to technical questions, staying updated with industry news.
AI security agents and platforms (Opus Security, Dropzone AI, Torq AI, Lakera AI, Invariant Labs, ZEST AI Security)
Use cases: automating your SOC function, automating vulnerability discovery and remediation, and protecting against new AI threats.
Scientific research agents (Microsoft Discovery, FutureHouse’s Robin, AlphaEvolve, Isomorphic Labs)
Use cases: we all benefit indirectly from these (all tech progress is downstream of scientific discovery), and new health discoveries could be relevant for all of us.
General-purpose models (o3, o4-mini, Gemini 2.5 Pro, Claude 4)
Use cases: quickly answering questions, code analysis, general reasoning tasks, brainstorming, and content summarisation.
Build a mental map of these categories and you quickly understand where new announcements fit and how they might help you.
Choosing which skills to invest in
In rapidly changing fields like Cloud Security and AI, there’s a squillion things to learn.
More things than we have time to learn.
How do you choose which skills to invest in professionally?
I read an insightful answer to that question years ago — less obvious than “identify what’s in demand and learn that.”
It’s an answer that could have a massive payoff in terms of your career, but takes 2 minutes to understand.
If you want the answer, I’ll shamelessly ask you to fill out a quick 30-second subscriber survey here.
At the end of the survey, you’ll get a secret blog post answering the question :)
Plus, it helps me understand your interests and how I can make this newsletter helpful to you.
But enough preamble. Onto recent AI highlights…
Key Developments
Nelson’s summary:
Flurry of updates to Azure AI Foundry, Microsoft’s platform for managing and deploying AI within Azure. Ten major updates were announced, including new models, a new model router to automatically select the best one, general availability of the Azure AI Foundry Agent Service, enterprise-grade identity for agents, and more.
Why it matters:
Microsoft is fully committed to AI development. Every time I blink, the range of capabilities expands. Following these announcements is a great way to keep your finger on the pulse of where the industry is going and how you can “surf the wave.”
Emerging trends from these updates include the big bet on agents, automatically selecting the right model instead of manual selection, and making AI more enterprise-grade in terms of security and observability.
Nelson’s summary:
Researcher Sean Heelan used OpenAI’s o3 to uncover a new zero-day vulnerability in the Linux kernel (CVE-2025-37899). The vulnerability is a remote, unauthenticated use-after-free in a kernel module’s SMB logoff path that can lead to kernel-level code execution.
Why it matters:
This is one of the first publicly documented cases of an LLM independently finding a Linux-kernel zero-day. It showcases a step-change in AI code-reasoning capabilities.
It didn’t take clever tricks beyond using the base o3 model. In Sean’s words: “I found the vulnerability with nothing more complicated than the o3 API – no scaffolding, no agentic frameworks, no tool use.”
Quoting Sean:
“With O3, LLMs have made a leap forward in their ability to reason about code, and if you work in vulnerability research you should start paying close attention.
If you’re an expert-level vulnerability researcher or exploit developer, the machines aren’t about to replace you. In fact, it is quite the opposite: they are now at a stage where they can make you significantly more efficient and effective.
If you have a problem that can be represented in fewer than 10k lines of code, there is a reasonable chance o3 can either solve it, or help you solve it.”
Nelson’s summary:
Invariant Labs, an AI security lab, uncovered a critical “toxic agent flow” vulnerability in GitHub’s Model Context Protocol (MCP) integration. The vulnerability lets an attacker view private repository data via a malicious GitHub Issue (a form of prompt injection).
They discovered the vulnerability using an automated scanner designed to detect these types of vulnerabilities. This is a scalable research find!
Why it matters:
This shows how easily AI agents can become new exfiltration paths. I called it! Nascent protocols like MCP are prone to these new attack vectors, since our industry has yet to develop mature defences against them.
Check out Invariant Lab’s well-written post to understand more and how to mitigate against this type of attack.
Challenge Shout Out
Shout out to David, who first cracked my secret message challenge from two emails ago!
Well done mate! Have 100 magic internet points! Sorry for the delayed shout out. I just got back from a Europe trip and forgot to include it in my last email.
I finished my last post on a train ride in Norway and was distracted by the gorgeous landscapes. After that, it was depressing being back in Sydney, ‘straya!
Other Handpicked Things
There was too much to cover here. Each could be their own blog post (and may be soon if I can find the time).
Gemini Diffusion: a new experimental model by Google that uses diffusion to generate responses 5x quicker than existing autoregressive LLMs, while performing comparably to these larger models.
Veo 3: Google’s new video generation that generates audio with the video for the first time, including sound effects, dialogue, and ambient noises. Fascinating and fun development. Expect social media to get wild. The future where anyone can generate their own blockbuster movie is coming closer.
Flow: new AI filmmaking tool from Google for creating consistent scenes, clips, and stories using Veo 3. See comments above. I’m itching to play with this for the sheer fun of it.
Jules coding agent: Google’s new autonomous coding agent. I found it less helpful than bolt.new for creating a functioning full-stack app (especially frontend stuff). However, it’s probably great for software engineers improving an existing codebase (i.e. migrating to new package versions, refactoring, etc). The jury’s still out.
Claude 4: Anthropic’s newest model just dropped. It’s the best coding agent in the world, leading in SWE-Bench (72.5%) and Terminal-Bench (43.2%). It excels at complex, long-running tasks and agentic performance. Huge.
Codex: OpenAI’s new AI coding agent, built off their codex-1 model (a version of their o3 model optimised for coding). It’s OpenAI’s answer to Google’s Jules coding agent.
Native MCP support in Windows 11: Microsoft is offering built-in support for MCP servers in Windows 11. They claim “security is our top priority as we expand MCP capabilities,” which is great (if true). The linked article provides a decent overview of emerging MCP attack vectors.
FutureHouse medical discovery: FutureHouse’s multi-agent AI system Robin discovered a novel treatment for glaucoma called ripasudil. Read their blog post, as well as their paper here. Fascinating and exactly what we want AI for.
GitHub Copilot coding agent: Microsoft’s GitHub Copilot (the OG generative coding product) is hopping on the agent train too. Space is heating up!
Yoshua Bengio’s TED talk “The Catastrophic Risks of AI — and a Safer Path”: Turing Award winner and deep learning pioneer Yoshua Bengio’s unsettling but important talk about AI safety. Echoes ideas of fellow deep learning pioneer Geoffrey Hinton. I share their concern around AI risks, but try to balance my p(doom) with my p(utopia).
Before you go, I’d love to know what you thought of today’s newsletter. That way I can improve the experience for you and minimise suckiness.
What'd you think of this email? |
Take care.
Nelson, fellow AI enthusiast and cloud security dude.