Two seemingly unrelated posts stopped me in my tracks this week—each an urgent call to action, but from very different angles.

On one side, Gian Segato (Founding Data Scientist & Engineer at Replit) writes a powerful manifesto: “Agency is Eating the World.” At first glance, it feels like just another Silicon Valley techno-optimist take—but it’s deeper. Gian nails the mindset of today’s highest-impact founders: those who relentlessly take initiative, build at lightning speed, and ask for forgiveness rather than permission. It’s a rallying cry for founders who refuse to wait and are willing to shape the future now.

On the flip side, JPMorgan’s Global CISO, Pat Opet, fires off an urgent warning shot: “An Open Letter to Third-Party Suppliers.” Pat sharply lays out exactly how cybersecurity vendors are dropping the ball—failing basic cyber hygiene, neglecting permissions management, and ignoring critical open-source risks. It’s a blunt wake-up call, reminding us that as founders rush to ship, security is too often left behind, creating ticking time bombs that threaten the entire ecosystem.

Together, these two posts frame a critical tension for anyone building today:

Agency without security is reckless. Security without agency is irrelevant.

The strongest founders—and the smartest investors—will recognize that the new playbook demands both.

Let’s dive deeper:

In a world where AI handles the how, the who that wins is the one who moves fastest.

What Gian is really saying is this: we’ve reached a tipping point where AI isn’t replacing people — it’s amplifying them. The old moat was specialization. The new one is pure agency — the internal drive to just do things, figure it out, and keep building.

Startups like Midjourney ($500M+ rev, 40 people) and solo operators chasing $1B dreams aren’t edge cases — they’re the future. We’re seeing it across our portfolio too: founders doing the work of entire departments by leveraging agents, AI copilots, and automation. This is the inception moment for a new breed of company: AI-native, agency-led.

A few takeaways for builders:

• You don’t need permission. Just build, ship and create momentum.

• Execution velocity > credentials.

• The new archetype is the solo force-of-nature/small team who can build, adapt, ship, repeat.

Sounds wonderful, doesn’t it? But how does this Agency jive in the enterprise? Pat Opet, Global CISO of JPMorgan, wrote a call to arms for the SaaS community on the eve of RSA to do better.

More specifically, wake up vendors - that co-pilot of yours is opening up massive security headaches for me.

And speaking of auth - what happens when thousands of agents with access run amok in your enterprise?

Here’s the call to arms:

No matter how great your product is, you need to put security first and notice repeatedly auth and auth - authentication and authorization come up again and again - when your agents have agency, F-ups can sprial out of control at scale.

We’re living through an unprecedented wave of AI-driven agency, where speed and ambition unlock billion-dollar opportunities overnight. But as Pat Opet bluntly reminds us, this same agency—when unchecked—can expose catastrophic vulnerabilities, especially in the enterprise.

The winners in this new AI-native era won’t just be the fastest movers; they’ll be those who build with security embedded into every sprint from inception. Agency and security aren’t trade-offs—they’re two sides of the same coin. The winning founders won’t just move fast—they’ll embed security from inception. Because in this era of hyper-agency, speed without security isn’t innovation—it’s an invitation for disaster.

Move fast. Ship fast. But lock down faster—or risk losing it all.

BTW, if you are plugging in these security holes, JPMorgan is one of the best at partnering with startups from Inception or later. Read more from my colleague Ron Miller in FastForward’s latest profile on Larry Feinsmith to understand how JPM does this at scale!

If you’re interested in how other Fortune 500 enterprises are prioritizing AI and work with startups, then subscribe to Ron’s newsletter where he profiles leading executives from Salesforce, Goldman Sachs, Capital One and more!

LFG. See you at RSA in SF!

As always, 🙏🏼 for reading and please share with your friends and colleagues!

Scaling Startups

#💯 the moat is the team, always

#words of wisdom from the 🐐 Jensen

#Kevin Weil, CPO of OpenAI, chimes in on the idea of moats.

#🤔 how does this translate to the speed of the AI era?

#💎 ❤️ how Superhuman created its own playbook from the very beginning - read how to do it and why it’s so powerful

Enterprise Tech

#😲

#more on moats in AI along with one of key reasons ServiceNow paid $2.85B for Moveworks

#great post from Brandon Deer on how to think about the tension between the new folks and lifetimers when infusing change

#📈 now code generated by AI at 30%

#who’s making money in AI?

#🤔

#ahead of RSA next week lots of funding announcements for cybersecurity - this is just Thursday’s headlines alone 🔥 from StrictlyVC(Chainguard, Endor, Sentra)

along with portfolio co Reco.ai

#this is the way

#like magic 🪄 - worth 90 seconds to watch how Gong conversations can trigger workflows all in Clay

#more on their journey…

#as I continually mention…love vibe coding but not ready for prime time, esp. in the enterprise

#going to need AI to solve for this problem…

Scammers are increasingly turning to artificial intelligence to disguise their identities and create fake profiles when applying for remote jobs, according to recent research.

AI tools are now capable of assisting fraudsters at nearly every stage of the hiring process. From generating fabricated résumés and professional headshots to creating convincing LinkedIn profiles and personal websites, AI enables scammers to present themselves as ideal candidates.

Once hired, these individuals may exploit their access to steal sensitive company information or install malicious software.

While identity fraud is not a new phenomenon, the scalability offered by AI is making the problem worse. Research firm Gartner estimates that by 2028, one in four job applications could be fraudulent.

Markets

#you make the call! Would you have sold?