Skip navigation

Are We Becoming Children of the MagentAI?

(If you’d prefer, you can skip the intro blathering and just download the full white paper)

Back in 1997, a commercial airline captain noticed his fellow pilots had a problem: they’d gotten so used to following the magenta flight path lines on their fancy new navigation screens that they were forgetting how to actually fly the damn plane. He called them “children of the magenta line.”

Fast forward to now, and I can’t shake the feeling we’re watching the same movie play out in tech; except, the stakes are higher and no regulatory body forcing us to maintain our skills.

Look, I’m not here to tell you AI is bad. I use these tools daily. They’re genuinely useful in limited contexts. But when Dario Amodei (the dude running Anthropic, the company building Claude) goes on record saying AI could wipe out half of all entry-level white-collar jobs in the next few years and push unemployment to 10-20%, maybe we should pay attention.

“We, as the producers of this technology, have a duty and an obligation to be honest about what is coming,” he told Axios. “I don’t think this is on people’s radar.”

He’s not wrong.

The Data’s Already Ugly

Here’s what caught my attention while pulling this together:

Software developer employment for the 22-25 age bracket? Down almost 20% since ChatGPT dropped. Meanwhile, developers over 30 are doing fine. We’re not replacing jobs—we’re eliminating the ladder people used to climb into them.

More than half of engineering leaders are planning to hire fewer juniors because AI lets their senior folks handle the load. AWS’s CEO called this “one of the dumbest things I’ve ever heard” and asked the obvious question: who exactly is going to know anything in ten years?

And my personal favorite: a controlled study found developers using AI tools took 19% longer to complete tasks—while genuinely believing they were 20% faster. That’s a 39-point gap between vibes and reality.

Oh, and a Replit AI agent deleted someone’s entire production database during an explicit code freeze, then tried to cover its tracks by fabricating thousands of fake records. Cool cool cool.

What I Actually Wrote

The full paper traces this from that 1997 pilot observation through Dan Geer’s 2015 warnings (the man saw this coming a decade early) to the current mess. I dug into:

  • What the research actually shows vs. what the hype claims
  • Where aviation’s lessons translate and where we’re in uncharted territory
  • The security implications of AI-generated code (spoiler: not great)
  • What orgs, industries, and policymakers can actually do about it

This isn’t a “burn it all down” screed. It’s an attempt to think clearly about a transition that’s moving faster than our institutions can adapt.

The window to shape how this goes is still open. Probably not for long.

Grab the full PDF. Read it, argue with it, tell me where I’m wrong and what I missed in the comments.

Maine 2025 Ballot Questions Redux

QUESTION 1: “Do you want to change Maine election laws to eliminate two days of absentee voting, prohibit requests for absentee ballots by phone or family members, end ongoing absentee voter status for seniors and people with disabilities, ban prepaid postage on absentee ballot return envelopes, limit the number of drop boxes, require voters to show certain photo ID before voting, and make other changes to our elections?”

If you want to or do vote “yes” for question 1, you are not a real American, you are not a real Christian (if you profess to be one), you are not a decent human. You are at the very least a classist; you are also very likely a racist/bigot, and you have zero ability to think critically or with evidence. You hate Americans serving in the military or in any type of foreign service. You also very likely don’t look in the mirror since if you did you’d likely slap yourself for what you believe.

QUESTION 2: “Do you want to allow courts to temporarily prohibit a person from having dangerous weapons if law enforcement, family, or household members show that the person poses a significant danger of causing physical injury to themselves or others?”

If you want to or do vote “no” for question 2, you are anti-life (never, ever use the words “pro-life” to describe yourself if in my presence…it will end very badly for you), have no ability to use evidence to make decisions, and should never work in any profession that requires any level of decent judgement. Given your lack of mental acuity, your own firearms should be removed from your possession and you should likely be forced to take an annual driver’s test to ensure your mental acuity is up to snuff.

Decent people are for honest, free access to exercising their right to vote as an American citizen, and decent people are for sane gun regulations.

Now, excuse me while I go early voting to help ensure you continue top indeed be losers in life and also these initiatives.

Never Forget

A few things to keep in mind today:

— We have no idea of why/who re: Wed’s assassination.
— Today is the anniversary of a tragic event that has enabled much of the harm caused by the GOP this year.
— Trump is an adjudicated rapist & was involved at least in some way in the mass sexual assault of children.

Oh, and never let anyone forget what happened on January 6th, too.

Delete Your Perplexity Account Today

Details: https://dailydrop.hrbrmstr.dev/2025/08/07/drop-691-2025-08-07-short-sweet/

EUVD API NPM And Go Packages + Nicer Docs

ENISA published docs for their European Vulnerability Database (EUVD) — https://euvd.enisa.europa.eu/apidoc.

I’ve got an easier-on-the-eyes version that supports light/dark mode and includes sample API JSON results at https://rud.is/euvd-api/. The Quarto markdown source for it can be found at https://rud.is/euvd-api/euvd-api.qmd.

I need to make an MCP (Model Context Protocol) server for the API, but not everyone wants an MCP server, so there’s a TypeScript NPM package for it — https://www.npmjs.com/package/@hrbrmstr/euvd (source: https://codeberg.org/hrbrmstr/euvd-ts). This comes with the added benefit of making it easier/cleaner to build an MCP server. Friends don’t let friends make icky Python-based MCP servers.

I also need to integrate it into pipeline stuff at $WORK, so there’s also a Golang API wrapper & CLI @ https://codeberg.org/hrbrmstr/euvd.

READMEs in both repos have all the details.

Suriest: Suricata Rule Validation As A (REST) Service

Meet Suriest — a new REST API service for validating Suricata rules, designed to be run by organizations to streamline rule validation workflows. Suriest supports Suricata 6.0 and later and offers features like secure configuration, S3-compatible storage for logging validation attempts, and a simple HTTP API to validate rules programmatically. While the project is intended for deployment within your own environment, there’s a live instance already available for immediate use at https://sigchk.hrbrmstr.app/validate-rule. You can test it easily with a curl command like:

curl --silent --request POST --url https://sigchk.hrbrmstr.app/validate-rule \
  --header "Content-Type: application/json" \
  --data '{"rule": "alert http any any -> any any (msg:\"Test Rule\"; content:\"test\"; sid:1000001; rev:1;)"}'

This live service currently runs Suricata 7, since Suricata 8 is still in beta. For full details on setup, configuration options (including S3 logging), and API usage, check out the README in the repository at https://codeberg.org/hrbrmstr/suriest. Suriest offers a practical, scalable solution for Suricata rule validation that integrates well into security operations and development pipelines.

New CISA KEV MCP Server

MCP servers let you wire up external services/APIs in a standard way for LLM/GPT tool-calling and other forms of automation.

I made a basic, but fairly comprehensive CISA KEV MCP server that I go into the details a bit more of here.

To test it, I hammered out some questions to it in Claude Desktop (and in oterm with a local Ollama config which you can see in the aforelinked post), and you can read whole session that is in pictures, below, at https://claude.ai/share/d73aa2be-a536-4c9d-977d-ea80ec6dce15, but these are some of those convos:

RSAC 2025 Sets A Dangerous Precedent for Cybersecurity Leadership

(I posted this on LI, but I like to own my content, so am also posting here.)

The cybersecurity community deserves better than what we’re witnessing at RSAC 2025, today.

While Kristi Noem delivers today’s keynote, the absence of traditional cybersecurity leaders from agencies like NSA and CISA speaks volumes about shifting priorities in our field. This contrast becomes even more troubling when viewed alongside recent developments with Chris Krebs. The former CISA director — widely respected for his defense of election security — has faced unprecedented retaliation: security clearances revoked, his employer SentinelOne effectively blacklisted, and federal investigations directed into his tenure for simply upholding the integrity of our democratic systems.

Meanwhile, Secretary Noem — who has publicly committed to “reining in” CISA’s disinformation efforts and called its election integrity work “shocking” — receives our industry’s most prestigious speaking platform. Her tenure at DHS has featured more political theater than substantive cybersecurity leadership — or just leadership in general — prioritizing spectacle over the technical expertise and collaborative approach our field demands.

RSAC has always represented rigorous, forward-thinking discussion about defending critical infrastructure and fostering trust in technology. By elevating political figures who undermine the very principles our community stands for — while one of our most principled voices faces silencing — we’re accepting a dangerous new standard.

The cybersecurity field requires leaders who value expertise, accountability, and the defense of democratic norms. We must ask ourselves: what message are we sending about our professional values when we applaud those who work to dismantle the very protections we’ve built?

Every individual involved with RSAC who had a part to play in this decision should be deeply, deeply ashamed of themselves.