Andrea Michi
@andreamichi
Followers
2K
Following
525
Media
13
Statuses
289
Co-Founder @depthfirstlabs / Building intelligence to detect and remediate software vulnerabilities / Prev post-training / RL for Gemini @GoogleDeepMind
San Francisco
Joined March 2009
A part of me will miss the long LinkedIn posts with 3 em-dashes per paragraph. The most sophisticated AI detection tool
Small-but-happy win: If you tell ChatGPT not to use em-dashes in your custom instructions, it finally does what it's supposed to do!
1
0
3
This is the way, kudos to @depthfirstlabs !
I asked AI to secure OSS analytics software and it found an RCE. The story of CVE-2025-59304: I tested our Security AI agents on Swetrix, a modern, lightweight, open-source, cookie-free, quick setup, and generally pretty cool web-analytics project. The platform (and their cloud
0
4
10
"The brief but enjoyable era where our research is greatly sped up by AI but AI still needs us"
the time it would have taken me would probably have been of order of magnitude an hour (an estimate that comes with quite wide error bars). So it looks as though we have entered the brief but enjoyable era where our research is greatly sped up by AI but AI still needs us. 3/3
0
0
0
First slowly and then all of a sudden
0
1
4
Honestly I'm so proud of @depthfirstlabs finding zero-days in critical open source like Netty. This is not a random Github project, it's a core libraries used by companies like Apple, Netflix, Twitter, etc
0
2
20
I'm so happy this is finally happening. Two years ago (!!) I was working with the DeepMind Fusion team on RL for magnetic confinement and realized how these problems become tractable only after you put Fusion and RL experts in the same room. CFS collaboration makes that possible
We’re announcing a research collaboration with @CFS_energy, one of the world’s leading nuclear fusion companies. Together, we’re helping speed up the development of clean, safe, limitless fusion power with AI. ⚛️
0
0
4
DeepMind friends it's now the time to start your papers with equations and Banach fixed point contraction proofs. If you happen to have any interesting empirical results hide them in Appendix C2. Your research is safe
iiuc Deepmind now has a 6 mth embargo on publishing research if product org flags any research as interesting during those 6 mths, then its effectively embargoed forever a sad result is that young researchers are basically muzzled from open idea sharing total opposite of china
0
1
19
This release can unlock so much value from both academia and startups. Bullish on this and can't wait to get to play with it. Thank you @thinkymachines
Tinker provides an abstraction layer that is the right one for post-training R&D -- it's the infrastructure I've always wanted. I'm excited to see what people build with it. "Civilization advances by extending the number of important operations which we can perform without
0
0
3
Our team at @depthfirstlabs has started testing our agents on open source and responsibly disclosing critical issues. Very excited about our recent progress both with open source and customers
A peek of what's cooking at depthfirst: our platform *autonomously* found a CVE!! CVE-2025-59305 is a critical vuln in Langfuse , an LLM platform with 16k github stars. The vuln risks db corruption and DOS. Thread 🧵on X (1/7); Full writeup here:
4
2
16
If you are solving a concrete task, please do build a set of evals. When possible, and data privacy is preserved, you should also leverage your user's feedback as part of the evals. You'll build both a better product and prevent regressions
1
0
1
Never worked directly with @agarwl_ but I have had a Google scholar alert for his new papers for a while. Always worth a read
Rishabh is an amazing researcher. His algorithms underpin post training at Gemini. I got to work together at meta for a short while and was truly impressed. Whichever group got Rishabh is so lucky to have him!
0
0
12
Yes! Hiring strong security researchers with experience in vulnerability discovery and passionate about leveraging AI to push the boundaries. Do reach out if you're interested, my DMs are open
@andreamichi you hiring sec researchers?
2
1
35
This says a lot about Lovable’s good product focus and even more about how robust Supabase has become as a backend platform
0
0
11
Lovable works so well because it does less: a good wrapper around Supabase + React. Turns out, that’s enough to build ~90% of the apps people actually want
5
1
55
We are building intelligence to detect and remediate all software vulnerabilities. Finding vulnerabilities before someone else does
2
1
108
This is the reason why I left DeepMind and decided to build an AI security company. I've seen first-hand what RL can do for code generation. Once you treat exploit generation as an RL problem, no software is safe.
the CIA is not ready for the RL era israeli intelligence guy just hacked into a live surveillance camera in front of me with an exploit generated by qwen vulnerable software is simulatable. penetration success is verifiable. hacking is RLable.
35
158
3K
Yes. Local models can access all sensitive data (conversations, history etc.). We need more of this
In preparation for OpenAI's upcoming open-source model, I'm building the world's best local agent It seamlessly integrates with my OS, auto accesses my clipboard, is Finder-aware, creates/reads files, searches the web, and updates text in any app. Local Jarvis.
0
0
13
Congrats to @xai on the impressive Grok release—crushing it! Now if only it could also crush the irresistible urge to use 50 shades of slightly-different blue-gray in its graphs
0
0
4
A useful compiler's output provides a valuable signal that can be easily leveraged during RL
0
0
0