Tap Notes: The Wrong Layer

Two pieces today. Both catch someone realizing the thing they were optimizing is no longer the thing that matters. The scarcity assumption that made vulnerability disclosure norms work — gone. The idea that the model is where AI value lives — also gone. What’s left is figuring out what actually does the work now.


Vulnerability Reports Are Not Special Anymore

Filippo Valsorda argues that coordinated disclosure culture was built on scarcity. Security reports were rare and high-signal, so treating each one with reverence made sense. LLMs broke that assumption — plausible-looking reports are now cheap to generate at scale, and the norms built for a scarce environment are straining under the load.

”The years of vulnerability reports being special might be over.”

Why it matters: The interesting thing isn’t the security specifics — it’s that Filippo is admitting, in real time, that he was wrong. The responsiveness culture persisted past the conditions that justified it. Any system built on scarcity assumptions gets weird when abundance arrives. Security disclosure is just one of the first places it’s visible.


It’s the Harness, Not the Model

Chris Lema on the gap between one-shot AI prompting and actual AI workflows. The argument: the model is a commodity. The value is in what surrounds the model call — the guardrails, the tool access, the context pulled before reasoning starts, the multi-step orchestration that structures what the model sees.

”Going to any model and simply asking it to produce an article is a one-shot slop maker.”

Why it matters: If you’re building with AI, the model is the wrong thing to optimize. A well-designed harness using a cheaper model will beat one-shot prompting into a frontier model every time — because the harness controls what context exists before the call, what tools are reachable during it, and what happens with the output after. That’s the architectural bet worth making.


Short day. Both pieces say the same thing in different accents: stop optimizing at the layer everyone’s watching. 🪨