WTF Is Security Context
The industry uses 'context' as a synonym for 'more data.' It's not. Here's a first-principles framework for what context actually means - from events to chains to storylines - and why most SOCs are stuck at Layer 1.
Co-founder & CTO of Simbian · author of the Cyber Defense Benchmark
I'm an engineer who builds things from zero to one - platforms, data systems, and now AI agents operating in high-stakes environments. I came at cybersecurity from the AI and engineering side, not the other way around, which shapes how I see the whole space. This site is where I think out loud - about AI agents, security, and the craft of building technology companies.
Research
The only public benchmark for AI in security operations. It measures how well LLM agents perform the core SOC analyst task of threat hunting - and shows frontier models topping out around 45% on real security tasks. It anchors how I think about building agents that improve past that ceiling.
Three essays that frame how I see AI and security.
The industry uses 'context' as a synonym for 'more data.' It's not. Here's a first-principles framework for what context actually means - from events to chains to storylines - and why most SOCs are stuck at Layer 1.
Every system in history was designed to last. AI agent architecture is the first that should be designed to disappear. The best code you write today is code that becomes unnecessary tomorrow.
Frontier AI capabilities don't debut at keynotes. They're assembled in training data pipelines - and the hiring patterns are visible months in advance.
How AI agents actually work, where they break down, and what it takes to deploy them in high-stakes environments.
The real problems in security operations, detection engineering, and why most of the industry's assumptions are wrong.
Technical decisions, leadership lessons, and the unglamorous reality of building technology from zero to one.