I wonder if I could start a US-based company with good data regulation and just serve open-weight models at a competitive price. I feel like the real barrier is just that most companies willing to adopt AI usage enough to make it worth it at this point don't want to be using inferior models.
Here's a free startup idea: operate an open-weight model service, and offer "Verified AI Integrity," which signs the input tokens, the seed for the randomness in selecting outputs, and the model ID, proving that the result of the call to AI was completely "organic" and was not interfered with.
Your main audience would be snake oil salesmen trying to prove their AI products are unbiased and not under the thumb of any outside influence. This doesn't address the biases of the model itself, but that's not your business. Your business is selling tokens and security certificates. If you can get the right angel investor, you could maybe have your new standard required for some government applications.
Yes, you can. There are multiple inference providers out there. The problem is, it’s hard to beat the Chinese providers in cost. And you also have to compete with frontier model providers’ subsidized offerings.
They charge the exact same prices. So many people in these comments have no idea what they're talking about. Even if they did charge less, nobody is going to deal with the latency of sending requests to China.
edit: Actually American inference providers are cheaper for Chinese models. There's way more competition here because the Chinese aren't idiots and investing every last dollar they have into data centers for llms that don't make money..
Can you please link me DeepSeekV4 provider that's cheaper than their official offering? And not all tasks require low latency.
Also, there are a lot of competition in China. Like a lot. You might know better than me as well, but although the biggest AI-labs are based in USA, the adoption is weirdly global. Like as a general sense of what's going on - you can see AI-related ads literally everywhere in Tokyo, almost all the time, in every single screen in public.
Of course though they are not necessarily a viable solution for companies with security requirements etc. given it is just a single person project, but they still serve as a proof it can be done.
Deepseek's api platform for V4 Pro is the only example of this, and Deepseek V4 Flash is cheaper (usually) than from Deepseek itself on openrouter via DeepInfra.
Deepseek shot themselves in the foot because they never intended to serve V4 Pro for .80c mm ouput, that was a promotional price that was meant to expire (and still might). They intended for v4 to cost $4.00 per million but Western inference providers drove down the price because they can operate at negative margins to try and push competition out. I can assure you they are losing a ton of money @ ~80cents.
My point is, its Western inference providers that are establishing the floor price of inference. They are willing to operate at a loss in order to put their competition out of business. Chinese providers are typically at or above the prices set by American/western providers if you go looking on the Chinese internet. You aren't going to get deals from China for inference except through this one instance with Deepseek v4 Pro which wasn't even supposed to be permanent pricing.
By "cost" I think the parent means the provider's own costs, not the cost of inference to the customer. The cost of land, labor, and electricity are significantly lower in China than in the US.
There are plenty of US-based inference providers available, including AWS, that serve Chinese models at competitive prices (vs frontier US models). They also have lots of usage. Not necessarily for coding, but for other enterprise tasks.
It's called AWS. Bedrock is right there. Price or data policy is never the issue. The models themselves are the problem -- most large US companies are not going to touch them.
Source: directly involved in these discussions. You can downvote as much as you'd like but you can't ignore the facts.
Some suits with no understanding of how LLMs work are scared that the models might hack them, or believe that they'd have to send data to China because they do not know that open models can be run on your own infra.
You've gotta leverage your network and find friends you know who work at Meta/IG. I was able to get my account back without asking friends at IG (because mine wasn't fully disabled just password changed), but people I know who lost their accounts have had to ask multiple people very up the chain at IG to do some special restoration.
This happened to my instagram yesterday night while I was asleep. I don't have a particularly high value username (it's probably worth somewhere in between $300-500), but still incredibly frustrating to deal with. True to the article, I had already enabled 2FA last night and it didn't matter.
Thankfully, IG gave me the option of restoring my username when I logged back into my account today.
> Thankfully, IG gave me the option of restoring my username when I logged back into my account today.
The hackers read all your formerly private messages, saw all your private photos, saw all the photos your friends wanted only their social circle to see. They could have social-engineered a thousand scamss.
I'm glad it worked out for you. But honestly, your baseline is kind of off.
While I agree with this, the hackers have an incentive to get in and out as soon as possible (at least, with accounts that have valuable usernames), because they want to swap the username over to an account they fully control before the rightful owner takes the account back. While DMs were read during this exploit in some cases (I've seen this be the case for several musicians), valuable usernames were likely signed into, swapped, and then signed out of. That's how rare username theft on Instagram generally works, anyways.
I don't follow. It seems obvious that there's more to gain for attackers using AI agents to exploit open source repositories, than there is for good samaritan defenders. In this new closed-source world (for Cal.com), there's nothing stopping them from running their own internal security agent audits, all whilst at least blocking the easiest method of finding zero-days - that is, being open source.
This really just seems like Strix marketing. Which is totally fair, but let's be reasonable here, any open-source business stands to lose way more by continuing to be open-source vs. relying on the benevolence of people scanning their code for them.
> It seems obvious that there's more to gain for attackers using AI agents to exploit open source repositories, than there is for good samaritan defenders.
Actually the opposite is obvious - the comment you replied too talked about an abundance of good Samaritan reports - it's strange to speculate on some nebulous "gain" when responding to facts about more then enough reports concerning open source code.
> In this new closed-source world (for Cal.com), there's nothing stopping them from running their own internal security agent audits
That's one good Samaritan for a closed source app vs many for an open source one. Open source wins again.
> any open-source business stands to lose way more
That doesn't make any sense - why would it lose more when it has many more good Samaritans working for it for free?
You seem to forget that the number of vulnerabilities in a certain app is finite, an open source app will reach a secure status much faster than a closed source one, in addition to also gaining from shorter time to market.
In fact, open source will soon be much better and more capable due to new and developing technological and organizational advancements which are next to impossible to happen under a closed source regime.
The main drawback is that you will need to be able to patch quick in the next 3-5 years. We are already seeing this in a few solutions getting attention from various AI-driven security topics and our previous stance of letting fixes "ripen" on the shelf for a while - a minor version or two - is most likely turning problematic. Especially if attackers start exploiting faster and botnets start picking up vulnerabilities faster.
But at that point, "fighting fire with fire" is still a good point. Assuming tokens are available, we could just dump the entire code base, changesets and all, our dependent configuration on the code base, company-internal domain knowledge and previous upgrade failures into a folder and tell the AI to figure out upgrade risks. Bonus points if you have decent integration tests or test setups to all of that through.
It won't be perfect, but combine that with a good tiered rollout and increasing velocity of rollouts are entirely possible.
It's kinda funny to me -- a lot of the agentic hype seems to be rewarding good practices - cooperation, documentation, unit testing, integration testing, local test setups hugely.
A new user is much more likely to scan the codebase and report vulnerabilities so they can be fixed than illegally exploit them since most people aren't criminals
Let's say finding a security issue takes 10M tokens. If one company has to pay for it, they most likely won't bother. It's purely a cost/benefit thing for them.
But if you have an open source project, you might get a 1000 people looking at it, each only has to spend 10k tokens to find the same flaws.
Some users might be tech sensitive and have the capacity to check the codebase
If a company want to use your platform, it can run an audit with its own staff
These are people really concerned about the code, not "good samaritans"
It would be easier if we could just block comments from green users. I get that it loses ~.1% of authors who might have made an account to comment on a blogpost of theirs that was posted here. I'd rather have that loss than have to deal with the 99.9% of spam.
Google and Apple didn't go through ten funding rounds like today's startups do. Apple had one angel and three rounds, Google had one angel and literally just an A round after that; then retail investors could capture all the upside. Now there's way more time for private investors to pick the bones clean before it gets dumped on the public.
I think you're both right. Those were great opportunities, but the proportion of such opportunities which are made available to retail traders has greatly diminished over time.
There's a great chart out there somewhere (I couldn't find it) which breaks down the impact of private equity on the availability of such opportunities in public markets. It showed a dozen or so companies (like Google, Apple, Uber, Stripe, etc) and broke down their market cap gains into two parts, "pre IPO" and "post IPO" gains. Of course, the pre-IPO gains were only available to private equity (or, at best, accredited investors), whereas the post-IPO gains were available to retail traders as well.
"Older" companies like GOOG & AAPL were much more likely to have experienced that vast majority of gains after their IPOs, meaning retail investors could have made big money by betting on them early. Meanwhile newer companies (like Facebook, Uber, Stripe, etc) were much more likely to have yielded the vast majority of their gains before their IPOs, meaning retail investors didn't have the opportunity to benefit from big returns.
I suspect that the reason those "newer" companies were able to have the majority of their gains reaped pre-IPO was that during that time period, it was easy to acquire capital from investors without resorting to public market IPOs, where as the era of google and apple have not got the same level of private investment.
And i think it has to do with low interest rates. During the google early years, it is difficult to obtain low-cost loans (for private investors that is). Therefore, public markets look like an easier path for companies to raise money.
The "newer" companies in your list are mostly post-GFC, during a period of ultra-low interest rate. This makes money easy for private investors to obtain, and so companies have an easier time getting funding from those private sources. The IPO is realistically not a funding mechanism, but an exit mechanism for those early private investors.
If you're familiar with Ray Kurzweil's work, I wonder whether this phenomenon might be related. Kurzweil notes that better technology begets better technology in a self-reinforcing and ever-accelerating cycle of technological advancement. His thesis implies rapidly evolving capital requirements. Massive amounts of nimble private capital, secure in the hands of highly competent people with relevant domain expertise, may well be an important precondition for continual acceleration.
Survivorship bias and the corporate finance world of today is completely unrecognizable from the world of Google and Apple. Just look at the resulting performance of the SPAC craze
Even for good assets there's a price you shouldn't pay. People are joking(?) about triple-layer SPVs where you can get pre-IPO exposure but at higher-than-IPO price.
reply