Category: Tech news

Stephen Colbert will get an extra segment on his show tonight, funded by a sponsorship from Google.

Variety reports that CBS and Google have struck a deal that will reduce commercial time on Colbert’s Late Show. He’ll fill that extra time with a new segment (it’s not clear where it will fall during the show, or what the content will be), which he’ll introduce with a plug for Google’s new smart doorbell: “More Show Presented by: Google’s Nest Hello video doorbell.”

In some ways, this might just feel like the latest twist on the old-school TV sponsorship, but it also helps advertisers reach audiences who might otherwise skip through the commercials, or who watch the show through digital platforms like Google-owned YouTube (where the Late Show has been surging).

And again, it should mean more Colbert and less advertising for viewers.

Jo Ann Ross, president and chief advertising officer at CBS, told Variety that this is “just the beginning: We will continue to work with the show, and across all of our dayparts, to innovate and expand on what we offer our advertisers.”

Uber, after suspending its self-driving car operations in all markets following a fatal crash, has decided not to re-apply for its self-driving car permit in California. Uber’s current permit in California expires March 31.

“We proactively suspended our self-driving operations, including in California, immediately following the Tempe incident,” an Uber spokesperson told TechCrunch. “Given this, we decided to not reapply for a California permit with the understanding that our self-driving vehicles would not operate in the state in the immediate future.”

Uber’s decision not to reapply comes in tandem with a letter the DMV sent to Uber’s head of public affairs, Austin Heyworth, today. The letter pertains to the fatal self-driving car crash that happened in Tempe, Arizona last week.

“In addition to this decision to suspend testing throughout the country, Uber has indicated that it will not renew its current permit to test autonomous vehicles in California,” DMV Deputy Director/Chief Counsel Brian Soublet wrote in the letter. “By the terms of its current permit, Uber’s authority to test autonomous vehicles on California public roads will end on March 31, 2018.”

This comes following Arizona’s decision to block Uber’s self-driving cars in its city. In Arizona Governor Doug Ducey’s letter to Uber CEO Dara Khosrowshahi, Ducey said the video from the accident was “disturbing and alarming.”

California requires a number of things from autonomous car makers, like special vehicle registrations for the cars and the car operators, accident report submissions as well as reports pertaining to when and how often a safety driver needs to take over.

If Uber wants to at some point continue its self-driving car tests in California, the company will need to apply for a new permit, as well as “address any follow-up analysis or investigations from the recent crash in Arizona,” Soublet wrote. Uber may also need to set up a meeting with the DMV.

As companies gather increasing amounts of data, they face a choice over bottlenecks. They can have it in the storage component or the backend compute system. Some companies have attacked the problem by using GPUs to streamline the back end problem or Flash storage to speed up the storage problem. Pure Storage wants to give customers the best of both worlds.

Today it announced, Airi, a complete data storage solution for AI workloads in a box.

Under the hood Airi starts with a Pure Storage FlashBlade, a storage solution that Pure created specifically with AI and machine learning kind of processing in mind. NVidia contributes the pure power with four NVIDIA DGX-1 supercomputers, delivering four petaFLOPS of performance with NVIDIA ® Tesla ® V100 GPUs. Arista provides the networking hardware to make it all work together with Arista 100GbE switches. The software glue layer comes from the NVIDIA GPU Cloud deep learning stack and Pure Storage AIRI Scaling Toolkit.

One interesting aspect of this deal is that the FlashBlade product operates as a separate product inside of the Pure Storage organization. They have put together a team of engineers with AI and data pipeline understanding with the focus inside the company on finding ways to move beyond the traditional storage market and find out where the market is going.

This approach certainly does that, but the question is do companies want to chase the on-prem hardware approach or take this kind of data to the cloud. Pure would argue that the data gravity of AI workloads would make this difficult to achieve with a cloud solution, but we are seeing increasingly large amounts of data moving to the cloud with the cloud vendors providing tools for data scientists to process that data.

If companies choose to go the hardware route over the cloud, each vendor in this equation — whether Nvidia, Pure Storage or Arista — should benefit from a multi-vendor sale. The idea ultimately is to provide customers with a one-stop solution they can install quickly inside a data center if that’s the approach they want to take.

If this is the future of hybrids, I’m all in. Volkswagen just took the cover off its Atlas Cross Sport SUV, which features a plug-in hybrid drive powertrain that features two electric motors and a V6 engine. Together, they produce 355 horsepower. And it looks great, too.

The inside and out of this concept is loaded with future-leaning technology including a massive screen, digital cockpit and a seemingly endless amount of LEDs. The center infotainment system can be controlled by touch or gesture though since this example is just a concept, it’s unclear if gesture controls will make it into production.

The powertrain is the most exciting part. The Atlas Cross Sport is equipped with the same 3.6L V6 engine found in the standard Atlas. But the Cross Sport features dual electric motors with a 54 hp motor in the front and a rear motor that outputs 114 hp. An 18.0 kWh lithium-ion battery housed in the vehicle’s central tunnel powers the battery. Volkswagen says its configuration allows the output to be 355 HP, up from 310 hp if a conventional hybrid system was used.

The company expects the SUV to hit 60 mph in 6.5 seconds, thus proving it’s worthy of the Sport badging as the regular Atlas runs 60 mph at 7.9 seconds.

The concept features several drive modes though it’s not clear at this time if the production vehicle will have similar abilities. In E-Mode, the vehicle drives on just the rear motor and has a range of around 26 miles. Like the Chevy Volt

Volkswagen says this is headed to production, too, with a 2019 release. The company’s Chattanooga, Tennessee facility will build the vehicle.

This concept is built off the MQB platform that’s responsible for the seven-seat Atlas. In this variation, the vehicle is 7.5 inches shorter than the Atlas though the wheelbase is the same. It shows the flexibility of the platform, which can result in a traditional 7-seat people hauler or a 5-passenger sports SUV with different powertrains and dimensions.

Volkswagen is not alone in adding hybrid powertrains to SUVs. Ford announced two weeks ago it intends to offer five hybrid SUV models in the coming years.

Hybrid systems could see a resurgence in popularity as models such as the Cross Sport show they can be used for more than just increasing fuel economy.

Apple didn’t livestream this morning’s education event at Lane Tech High School in Chicago, so reading along live was the next best thing. Thankfully, for those who weren’t crammed into the auditorium seating with the rest of us, the whole shebang is now online and viewable through Apple’s site.

The event was, as expected, focused entirely on Apple’s education play, as the company looks to reassert itself in school in the wake of the massive success of Chromebooks. Tim Cook and company took a deep dive into the software solutions aimed helping teachers streamline the in-class iPad usage, along with the various ways in which mainstream Apple apps like Clips and Garage Band are being used in the class.

And then, of course, there are those new, cheap, iPads.

Nvidia CEO Jensen Huang faced a number of questions regarding Uber’s recent self-driving test vehicle accident, in which an SUV equipped with Uber’s autonomous technology struck and killed 49-year old Elaine Herzberg in Tempe, Arizona.

Earlier on Tuesday, Reuters broke the news that Nvidia was suspending its own autonomous testing programs around the world. Huang didn’t address the suspension on stage, but he did express sympathy for the victim during the keynote, which he reiterated during the Q&A.

“First of all, what happened is tragic and sad,” Huang said in response to a question about whether he believes the accident might impact appetite among other companies for developing autonomous technologies. “It also is a reminder of exactly why we’re doing this.”

Huang explained that in fact, as a result of the accident, he actually believes that investment will rise in self-driving system design, specifically because previously companies might have thought they could get away with meager or minimal investment in those areas, and instead will be realizing it’s the one area where they can’t compromise in favor of attempting to lower costs.

“I think that the world is going to, as a result, be much more serious about investing in development systems, which is good,” he said.

Meanwhile, Huang also urged caution regarding anyone being too quick to judge Uber’s engineers or their intentions and diligence.

Huang said that Uber has engineers who are “intensely serious about what they do,” and said that he “wouldn’t judge them” until we have more information about what occurred with the accident. “We don’t know exactly what happened,” he said. “And we gotta give them the chance to go and understand for themselves.”

On the subject of Nvidia’s suspension of its own program, and the motivation behind doing so, Huang said it was all about engaging an abundance of caution in an area where safety must always come first.

“We use extreme caution, and the best practices that we know in testing our cars,” he said. “First of all, it’s of course a safety concern, because our engineers are actually in the car. So it’s something we take incredibly seriously.”

He added that the reason for the suspension was “simple,” since the accident means that there’s now “a new data point” that has to be taken into consideration, and as “good engineers,” Nvidia must “wait to see what we can learn from the incident” before continuing testing activities.

 

It’s easier than ever to build software, which makes it harder than ever to build a defensible software business. So it’s no wonder investors and entrepreneurs are optimistic about the potential of data to form a new competitive advantage. Some have even hailed data as “the new oil.” We invest exclusively in startups leveraging data and AI to solve business problems, so we certainly see the appeal — but the oil analogy is flawed.

In all the enthusiasm for big data, it’s easy to lose sight of the fact that all data is not created equal. Startups and large corporations alike boast about the volume of data they’ve amassed, ranging from terabytes of data to quantities surpassing all of the information contained in the Library of Congress. Quantity alone does not make a “data moat.”

Firstly, raw data is not nearly as valuable as data employed to solve a problem. We see this in the public markets: companies that serve as aggregators and merchants of data, such as Nielsen and Acxiom, sustain much lower valuation multiples than companies that build products powered by data in combination with algorithms and ML, such as Netflix or Facebook. The current generation of AI startups recognize this difference and apply machine learning models to extract value from the data they collect.

Even when data is put to work powering ML-based solutions, the size of the data set is only one part of the story. The value of a data set, the strength of a data moat, comes from context. Some applications require models to be trained to a high degree of accuracy before they can provide any value to a customer, while others need little or no data at all. Some data sets are truly proprietary, others are readily duplicated. Some data decays in value over time, while other data sets are evergreen. The application determines the value of the data.

Defining the “data appetite”

Machine learning applications can require widely different amounts of data to provide valuable features to the end user.

MAP threshold

In the cloud era, the idea of the minimum viable product (or MVP) has taken hold — that collection of software features which has just enough value to seek initial customers. In the intelligence era, we see the analog emerging for data and models: the minimum level of accurate intelligence required to justify adoption. We call this the minimum algorithmic performance (MAP).

Most applications don’t require 100 percent accuracy to create value. For example, a productivity tool for doctors might initially streamline data entry into electronic health record systems, but over time could automate data entry by learning from what doctors enter in the system. In this case, the MAP is zero, because the application has value from day one based on software features alone. Intelligence can be added later. However, solutions where AI is central to the product (for example, a tool to identify strokes from CT scans), would likely need to equal the accuracy of status quo (human-based) solutions. In this case the MAP is to match the performance of human radiologists, and an immense volume of data might be needed before a commercial launch is viable.

Performance threshold

Not every problem can be solved with near 100 percent accuracy. Some problems are too complex to fully model given the current state of the art; in that case, volume of data won’t be a silver bullet. Adding data might incrementally improve the model’s performance, but quickly hit diminishing marginal returns.

At the other extreme, some problems can be solved with near 100 percent accuracy with a very small training set, because the problem being modeled is relatively simple, with few dimensions to track and few variations in outcome.

In short, the amount of data you need to effectively solve a problem varies widely. We call the amount of training data needed to reach viable levels of accuracy the performance threshold.

AI-powered contract processing is a good example of an application with a low performance threshold. There are thousands of contract types, but most of them share key fields: the parties involved, the items of value being exchanged, time frame, etc. Specific document types like mortgage applications or rental agreements are highly standardized in order to comply with regulation. Across multiple startups, we’ve seen algorithms that automatically process documents needing only a few hundred examples to train to an acceptable degree of accuracy.

Entrepreneurs need to thread a needle. If the performance threshold is high, you’ll have a bootstrap problem acquiring enough data to create a product to drive customer usage and more data collection. Too low, and you haven’t built much of a data moat!

Stability threshold

Machine learning models train on examples taken from the real-world environment they represent. If conditions change over time, gradually or suddenly, and the model doesn’t change with it, the model will decay. In other words, the model’s predictions will no longer be reliable.

For example, Constructor.io is a startup that uses machine learning to rank search results for e-commerce websites. The system observes customer clicks on search results and uses that data to predict the best order for future search results. But e-commerce product catalogs are constantly changing. A model that weighs all clicks equally, or trained only on a data set from one period of time, risks overvaluing older products at the expense of newly introduced and currently popular products.

Keeping the model stable requires ingesting fresh training data at the same rate that the environment changes. We call this rate of data acquisition the stability threshold.

Perishable data doesn’t make for a very good data moat. On the other hand, ongoing access to abundant fresh data can be a formidable barrier to entry when the stability threshold is low.

Identifying opportunities with long-term defensibility

The MAP, performance threshold and stability threshold are all central elements to identifying strong data moats.

First-movers may have a low MAP to enter a new category, but once they have created a category and lead it, the minimum bar for future entrants is to equal or exceed the first mover.

Domains requiring less data to reach the performance threshold and less data to maintain that performance (the stability threshold) are not very defensible. New entrants can readily amass enough data and match or leapfrog your solution. On the other hand, companies attacking problems with low performance threshold (don’t require too much data) and a low stability threshold (data decays rapidly) could still build a moat by acquiring new data faster than the competition.

More elements of a strong data moat

AI investors talk enthusiastically about “public data” versus “proprietary data” to classify data sets, but the strength of a data moat has more dimensions, including:

• Accessibility
• Time — how quickly can the data be amassed and used in the model? Can the data be accessed instantly, or does it take a significant amount of time to obtain and process?
• Cost — how much money is needed to acquire this data? Does the user of the data need to pay for licensing rights or pay humans to label the data?
• Uniqueness — is similar data widely available to others who could then build a model and achieve the same result? Such so-called proprietary data might better be termed “commodity data” — for example: job listings, widely available document types (like NDAs or loan applications), images of human faces.
• Dimensionality — how many different attributes are described in a data set? Are many of them relevant to solving the problem?
• Breadth — how widely do the values of attributes vary? Does the data set account for edge cases and rare exceptions? Can data or learnings be pooled across customers to provide greater breadth of coverage than data from just one customer?
• Perishability — how broadly applicable over time is this data? Is a model trained from this data durable over a long time period, or does it need regular updates?
• Virtuous loop — can outcomes such as performance feedback or predictive accuracy be used as inputs to improve the algorithm? Can performance compound over time?

Software is now a commodity, making data moats more important than ever for companies to build a long-term competitive advantage. With tech titans democratizing access to AI toolkits to attract cloud computing customers, data sets are one of the most important ways to differentiate. A truly defensible data moat doesn’t come from just amassing the largest volume of data. The best data moats are tied to a particular problem domain, in which unique, fresh, data compounds in value as it solves problems for customers.

There’s currently a shortage of Nvidia GPUs and Nvidia’s CEO pointed to Ethereum distributed ledgers as the cause. Today at Nvidia’s GTC conference he spoke to a group of journalists following his keynote address and addressed the shortage.

Huang simply stated that Nvidia is not in the business of cryptocurrency or distributed ledgers. As such, he stated he preferred if his company’s GPUs were used the areas Nvidia is targeting though explained why Nvidia’s products are used for crypto mining.

“[Cryptocurrency] is not our business,” he said. “Gaming is growing and workstation is growing because of ray tracing.” He noted that Nvidia’s high performance business is also growing and these are the areas he wished Nvidia could allocate units for.

Huang explained why crypto miners are using Nvidia’s products echoing what he told me in an interview last week.

“We’re sold out of many of our high-end SKUs, and so it’s a real challenge keeping [graphic cards] in the marketplace for games,” he said, adding “At the highest level the way to think about that is because of the philosophy of cryptocurrency — which is really about taking advantage of distributed high-performance computing — there are supercomputers in the hands of almost everybody in the world so that no singular force or entity that can control the currency.”

So what is he going to do about it? “We have to build a whole lot more,” he told TechCrunch last week. “The video supply chain is working really hard, and you know all of our partners are working around the clock. We’ve got to come closer to the demand of the market. And right now, we’re not anywhere near close to that and so we’re just going to have to keep running.”

Just a day after General Catalyst, the 18-year-old venture firm, revealed plans in an SEC filing to raise a record $1.375 billion in capital, another firm that we’d said was likely to file any second has done just that.

According to a fresh SEC filing, Lightspeed Venture Partners, also 18 years old, is raising a record $1.8 billion in new capital commitments from its investors, just two years after raising what was then a record for the firm: $1.2 billion in funding across two funds (one early-stage and the other for “select” companies in its portfolio that had garnered traction).

Still on our watch list: news of bigger-and-better-than-ever funds from other firms that announced their latest funds roughly two years ago, including Founders Fund, Andreessen Horowitz and Accel Partners.

The supersizing of venture firms isn’t a shock, as we wrote yesterday — though it’s also not necessarily good for returns, as we also noted. Right now, venture firms are reacting in part to the $100 billion SoftBank Vision Fund, which SoftBank has hinted is merely the first of more gigantic funds it plans to raise, including from investors in the Middle East who’d like to plug more money into Silicon Valley than they’ve been able to do historically.

The game, as ever, has also changed, these firms could argue. For one thing, the size of rounds has soared in recent years, making it easy for venture firms to convince themselves that to “stay in the game,” they need to have more cash at their disposal.

Further, so-called limited partners from universities, pension funds and elsewhere want to plug more money into venture capital, given the lackluster performance some other asset classes have produced.

When they want to write bigger checks to the funds in which they are already investors, the funds often try accommodating them out of loyalty. (We’re guessing the greater management fees they receive, which are tied to the amount of assets they manage, are also persuasive.)

What’s neglected in this race is the fact that the biggest outcomes can usually be traced to the earlier rounds in which VCs participate. Look at Sequoia’s early investment in Dropbox, for example, or Lightspeed’s early check to Snapchat. No matter the outcome of these companies, short of total failure, both venture firms will have made a mint, unlike later investors that might not be able to say the same.

There is also ample evidence that it’s far harder to produce meaningful returns to investors when managing a giant fund. (This Kaufmann study from 2012 is among the mostly highly cited, if you’re curious.)

Whether raising so much will prove wise for Lightspeed is an open question. What is not in doubt: Lightspeed is right now among the best-performing venture firms in Silicon Valley.

In addition to being the first institutional investor in now publicly traded Snap, the company wrote early checks to MuleSoft, which staged a successful IPO in 2018; in StitchFix, which staged a successful IPO in 2018; in AppDynamics, which sold to Cisco for $3.7 billion last year. It was an early investor in Nimble Storage, which sold to Hewlett Packard Enterprise for just north of $1 billion in cash last March. And just two weeks ago, another of its portfolio companies, Zscaler, also staged a successful IPO.

At a StrictlyVC event hosted last year by this editor, firm co-founders Ravi Mhatre and Barry Eggers talked about their very long “overnight” success story, and about the importance of funding companies early to help them set up durable businesses.

It will be interesting to see whether this new capital is invested in more early-stage deals, or the firm sees growing opportunity to compete at the growth stage. Probably both? Stay tuned.

Pictured, left to right: investors Semil Shah, Ravi Mhatre, and Barry Eggers.

The smash dockless scooter rental startup, Bird, is expanding beyond its Southern California nest with a new rollout in San Francisco, San Jose, Calif. and Washington, DC, the company said today.

And as his company makes its migration across the country, Bird chief executive Travis VanderZanden is determined not to make the same mistakes that bedeviled his former bosses at Uber .

As part of the rollout, Bird is offering to remit $1 daily for each of its scooters deployed in every city in which it’s operating. That’s all part of an outreach effort that Bird is framing as a commitment to “Save Our Sidewalks.”

The initiative, which Bird is encouraging other scooter-sharing services like LimeBike, Mobike, Ofo and Spin to join, includes a commitment to collect vehicles every night; reposition them to meet demand in the mornings; provide regular maintenance; and only add capacity when every vehicle in a fleet is used three times per day.

The dollar per day commitment is a nice attempt by Bird to get in front of tariffs or fees that may be imposed by local jurisdictions which could be far higher. For instance, cities would make far more money charging Bird a smaller fee per ride rather than per day.

Bird prices its rides at $1 to rent the scooter and 15 cents per minute traveled.

The company’s services are already available in Los Angeles, San Diego and Santa Monica, Calif.

Ahead of Equal Pay Day on April 10, Lyft is committing to conducting yearly equal pay audits to ensure there are no pay discrepancies across race and gender. Last year, Lyft said it found pay discrepancies for less than 1 percent of its employees, and spent about $100,000 to adjust their salaries accordingly. Lyft has yet to conduct its second annual pay audit.

Other companies that have previously committed to equal pay include Facebook, Google and Salesforce. In March, Google disclosed it had spent about $270,000 to close any pay gaps at the company. Salesforce, on the other hand, had more significant gaps, having to spend about $3 million over the span of one year to adjust compensation and bonuses for 11 percent of its employees. Since 2015, Salesforce has spent about $6 million to close the wage gap.

While the gender pay gap has narrowed over recent years, it still exists. In 1980, the median hourly earnings for women was $12.48 compared to $19.42 for men. Fast-forward to 2016 and the median hourly earnings for women went up to $16 compared to $19.63 for men, according to the Pew Research Center. That means the median working woman earned 83 cents for every dollar earned by men.

The racial pay gap also continues to exist. Similar to the gender pay gap, the racial pay gap has narrowed in recent years, but white men continue to out-earn black and Hispanic men, and all groups of women.

 

 

Rumors of a new ASIC mining rig from Bitmain have driven Ethereum prices well below their one-week high of $585. An ASIC – or Application-specific integrated circuit – in the cryptocurrency world is a chip that designers create for the specific purpose of mining a single currency. Early Bitcoin ASICs, for example, drove adoption up and then, in some eyes, centralized Bitcoin mining in a few hands, thereby thwarting the decentralized ethos of die-hard cryptocurrency fans.

According to a CNBC report, analyst Christopher Rolland visited China where he unearthed rumors of a new ASIC chip dedicated to Ethereum mining.

“During our travels through Asia last week, we confirmed that Bitmain has already developed an ASIC [application-specific integrated circuit] for mining Ethereum, and is readying the supply chain for shipments in 2Q18,” analyst Christopher Rolland wrote in a note to clients Monday. “While Bitmain is likely to be the largest ASIC vendor (currently 70-80% of Bitcoin mining ASICs) and the first to market with this product, we have learned of at least three other companies working on Ethereum ASICs, all at various stages of development.”

Historically users have mined Ethereum using GPUs which, in turn, led to the unavailability of GPUs for gaming and graphics. However, an ASIC would change the mining equation entirely, resulting in a certain amount of centralization as big players – including Bitmain – created higher barrier to entry for casual miners.

“Ethereum is of the most profitable coins available for GPU mining,” said Mikhail Avady, founder of TryMining.com. “It’s going to affect a lot of the market. Without understanding the hash power of these Bitmain machines we can’t tell if it will make GPUs obsolete or not.”

“It can be seen as an attack on the network. It’s a centralization problem,” he said.

Avady points out that there is a constant debate among cryptocurrency aficionados regarding ASICs and their effect on the market. Some are expecting a move to more mineable coins including Monero and ZCash.

“What would be bad is if there was only one Ethereum ASIC manufacturer,” he said. “But with Samsung and a couple other players getting into the game it won’t be bad for long.”

There is also concern over ICO launches and actual utility of Ethereum-based smart contract tokens. “The price of ETH is becoming consolidated as people become more realistic about blockchain technology,” said Sky Guo, CEO of Cypherium. “People are looking for higher quality blockchain projects. I believe a rebound in ETH’s price will come soon as panic surrounding regulations begins to fade.”

Auris Health (née Auris Surgical Robots) has done a pretty good job flying under the radar, in spite of raising a massive amount of capital and listing one of the key people behind the da Vinci surgical robot among its founders. With FDA clearance finally out of the way, however, the Redwood City-based startup medical startup is ready to start talking.

This week, Auris revealed the Monarch Platform, which swaps the da Vinci’s surgical approach for something far less invasive. The system utilizes the common endoscopy procedure to a insert a flexible robot into hard to reach places inside the human body. A doctor trained on the system uses a video game-style controller to navigate inside, with help from 3D models.

Monarch’s first target is lung cancer, the which tops the list of deadliest cancers. More deaths could be stopped, if doctors were able to catch the disease in its early stages, but the lung’s complex structures, combined with current techniques, make the process difficult. According to the company,  “More than 90-percent of people diagnosed with lung cancer do not survive, in part because it is often found at an advanced stage.”

“A CT scan shows a mass or a lesion,” CEO Frederic Moll tells TechCrunch. “It doesn’t tell you what it is. Then you have to get a piece of lung, and if it’s a small lesion. It isn’t that easy — it can be quite a traumatic procedure. So you’d like to do it a very systematic and minimally invasive fashion. Currently it’s difficult with manual techniques and 40-percent of the time, there is no diagnosis. This is has been a problem for many years and [inhibits] the ability of a clinician to diagnose and treat early-stage cancer.

Auris was founded half a dozen years ago, in which time the company has managed to raise a jaw-dropping $500 million, courtesy of Mithril Capital Management, Lux Capital, Coatue Management and Highland Capital. The company says the large VC raise and long runway were necessary factors in building its robust platform.

“We are incredibly fortunate to have an investor base that is supportive of our vision and committed to us for the long-term,” CSO Josh DeFonzo tells TechCrunch. “The investments that have been made in Auris are to support both the development of a very robust product pipeline, as well as successful clinical adoption of our technology to improve patient outcomes.”

With that funding and FDA approval for Monarch out of the way, the company has an aggressive timeline. Moll says Auris is hoping to bring the system to hospitals and outpatient centers by the end of the year. And once it’s out in the wild, Monarch’s disease detecting capabilities will eventually extend beyond lung cancer.

“We have developed what we call a platform technology,” says Moll. “Bronchoscopy is the first application, but this platform will do other robotic endoscopies.”

Who’s to blame for the leaking of 50 million Facebook users’ data? Facebook founder and CEO Mark Zuckerberg broke several days of silence in the face of a raging privacy storm to go on CNN this week to say he was sorry. He also admitted the company had made mistakes; said it had breached the trust of users; and said he regretted not telling Facebookers at the time their information had been misappropriated.

Meanwhile, shares in the company have been taking a battering. And Facebook is now facing multiple shareholder and user lawsuits.

Pressed on why he didn’t inform users, in 2015, when Facebook says it found out about this policy breach, Zuckerberg avoided a direct answer — instead fixing on what the company did (asked Cambridge Analytica and the developer whose app was used to suck out data to delete the data) — rather than explaining the thinking behind the thing it did not do (tell affected Facebook users their personal information had been misappropriated).

Essentially Facebook’s line is that it believed the data had been deleted — and presumably, therefore, it calculated (wrongly) that it didn’t need to inform users because it had made the leak problem go away via its own backchannels.

Except of course it hadn’t. Because people who want to do nefarious things with data rarely play exactly by your rules just because you ask them to.

There’s an interesting parallel here with Uber’s response to a 2016 data breach of its systems. In that case, instead of informing the ~57M affected users and drivers that their personal data had been compromised, Uber’s senior management also decided to try and make the problem go away — by asking (and in their case paying) hackers to delete the data.

Aka the trigger response for both tech companies to massive data protection fuck-ups was: Cover up; don’t disclose.

Facebook denies the Cambridge Analytica instance is a data breach — because, well, its systems were so laxly designed as to actively encourage vast amounts of data to be sucked out, via API, without the check and balance of those third parties having to gain individual level consent.

So in that sense Facebook is entirely right; technically what Cambridge Analytica did wasn’t a breach at all. It was a feature, not a bug.

Clearly that’s also the opposite of reassuring.

Yet Facebook and Uber are companies whose businesses rely entirely on users trusting them to safeguard personal data. The disconnect here is gapingly obvious.

What’s also crystal clear is that rules and systems designed to protect and control personal data, combined with active enforcement of those rules and robust security to safeguard systems, are absolutely essential to prevent people’s information being misused at scale in today’s hyperconnected era.

But before you say hindsight is 20/20 vision, the history of this epic Facebook privacy fail is even longer than the under-disclosed events of 2015 suggest — i.e. when Facebook claims it found out about the breach as a result of investigations by journalists.

What the company very clearly turned a blind eye to is the risk posed by its own system of loose app permissions that in turn enabled developers to suck out vast amounts of data without having to worry about pesky user consent. And, ultimately, for Cambridge Analytica to get its hands on the profiles of ~50M US Facebookers for dark ad political targeting purposes.

European privacy campaigner and lawyer Max Schrems — a long time critic of Facebook — was actually raising concerns about the Facebook’s lax attitude to data protection and app permissions as long ago as 2011.

Indeed, in August 2011 Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that’s where Facebook’s European HQ is based).

“[T]his means that not the data subject but “friends” of the data subject are consenting to the use of personal data,” wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook’s friends’ data API. “Since an average facebook user has 130 friends, it is very likely that only one of the user’s friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users’ friends personal data (e.g. games, quizzes, apps that only post things on the user’s page) but Facebook Ireland does not offer a more limited level of access than “all the basic information of all friends”.

“The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific,” he added.

As a result of Schrems’ complaint, the Irish DPC audited and re-audited Facebook’s systems in 2011 and 2012. The result of those data audits included a recommendation that Facebook tighten app permissions on its platform, according to a spokesman for the Irish DPC, who we spoke to this week.

The spokesman said the DPC’s recommendation formed the basis of the major platform change Facebook announced in 2014 — aka shutting down the Friends data API — albeit too late to prevent Cambridge Analytica from being able to harvest millions of profiles’ worth of personal data via a survey app because Facebook only made the change gradually, finally closing the door in May 2015.

“Following the re-audit… one of the recommendations we made was in the area of the ability to use friends data through social media,” the DPC spokesman told us. “And that recommendation that we made in 2012, that was implemented by Facebook in 2014 as part of a wider platform change that they made. It’s that change that they made that means that the Cambridge Analytica thing cannot happen today.

“They made the platform change in 2014, their change was for anybody new coming onto the platform from 1st May 2014 they couldn’t do this. They gave a 12 month period for existing users to migrate across to their new platform… and it was in that period that… Cambridge Analytica’s use of the information for their data emerged.

“But from 2015 — for absolutely everybody — this issue with CA cannot happen now. And that was following our recommendation that we made in 2012.”

Given his 2011 complaint about Facebook’s expansive and abusive historical app permissions, Schrems has this week raised an eyebrow and expressed surprise at Zuckerberg’s claim to be “outraged” by the Cambridge Analytica revelations — now snowballing into a massive privacy scandal.

In a statement reflecting on developments he writes: “Facebook has millions of times illegally distributed data of its users to various dodgy apps — without the consent of those affected. In 2011 we sent a legal complaint to the Irish Data Protection Commissioner on this. Facebook argued that this data transfer is perfectly legal and no changes were made. Now after the outrage surrounding Cambridge Analytica the Internet giant suddenly feels betrayed seven years later. Our records show: Facebook knew about this betrayal for years and previously argues that these practices are perfectly legal.”

So why did it take Facebook from September 2012 — when the DPC made its recommendations — until May 2014 and May 2015 to implement the changes and tighten app permissions?

The regulator’s spokesman told us it was “engaging” with Facebook over that period of time “to ensure that the change was made”. But he also said Facebook spent some time pushing back — questioning why changes to app permissions were necessary and dragging its feet on shuttering the friends’ data API.

“I think the reality is Facebook had questions as to whether they felt there was a need for them to make the changes that we were recommending,” said the spokesman. “And that was, I suppose, the level of engagement that we had with them. Because we were relatively strong that we felt yes we made the recommendation because we felt the change needed to be made. And that was the nature of the discussion. And as I say ultimately, ultimately the reality is that the change has been made. And it’s been made to an extent that such an issue couldn’t occur today.”

“That is a matter for Facebook themselves to answer as to why they took that period of time,” he added.

Of course we asked Facebook why it pushed back against the DPC’s recommendation in September 2012 — and whether it regrets not acting more swiftly to implement the changes to its APIs, given the crisis its business is now faced having breached user trust by failing to safeguard people’s data.

We also asked why Facebook users should trust Zuckerberg’s claim, also made in the CNN interview, that it’s now ‘open to being regulated’ — when its historical playbook is packed with examples of the polar opposite behavior, including ongoing attempts to circumvent existing EU privacy rules.

A Facebook spokeswoman acknowledged receipt of our questions this week — but the company has not responded to any of them.

The Irish DPC chief, Helen Dixon, also went on CNN this week to give her response to the Facebook-Cambridge Analytica data misuse crisis — calling for assurances from Facebook that it will properly police its own data protection policies in future.

“Even where Facebook have terms and policies in place for app developers, it doesn’t necessarily give us the assurance that those app developers are abiding by the policies Facebook have set, and that Facebook is active in terms of overseeing that there’s no leakage of personal data. And that conditions, such as the prohibition on selling on data to further third parties is being adhered to by app developers,” said Dixon.

“So I suppose what we want to see change and what we want to oversee with Facebook now and what we’re demanding answers from Facebook in relation to, is first of all what pre-clearance and what pre-authorization do they do before permitting app developers onto their platform. And secondly, once those app developers are operative and have apps collecting personal data what kind of follow up and active oversight steps does Facebook take to give us all reassurance that the type of issue that appears to have occurred in relation to Cambridge Analytica won’t happen again.”

Firefighting the raging privacy crisis, Zuckerberg has committed to conducting a historical audit of every app that had access to “a large amount” of user data around the time that Cambridge Analytica was able to harvest so much data.

So it remains to be seen what other data misuses Facebook will unearth — and have to confess to now, long after the fact.

But any other embarrassing data leaks will sit within the same unfortunate context — which is to say that Facebook could have prevented these problems if it had listened to the very valid concerns data protection experts were raising more than six years ago.

Instead, it chose to drag its feet. And the list of awkward questions for the Facebook CEO keeps getting longer.

There is a familiar trope in Hollywood cyberwarfare movies. A lone whiz kid hacker (often with blue, pink, or platinum hair) fights an evil government. Despite combatting dozens of cyber defenders, each of whom appears to be working around the clock and has very little need to use the facilities, the hacker is able to defeat all security and gain access to the secret weapon plans or whatever have you. The weapon stopped, the hacker becomes a hero.

The real world of security operations centers (SOCs) couldn’t be further from this silver screen fiction. Today’s hackers (who are the bad guys, by the way) don’t have the time to custom hack a system and play cat-and-mouse with security professionals. Instead, they increasingly build a toolbox of automated scripts and simultaneously hit hundreds of targets using, say, a newly discovered zero-day vulnerability and trying to take advantage of it as much as possible before it is patched.

Security analysts working in a SOC are increasingly overburdened and overwhelmed by the sheer number of attacks they have to process. Yet, despite the promises of automation, they are often still using manual processes to counter these attacks. Fighting automated attacks with manual actions is like fighting mechanized armor with horses: futile.

Nonetheless, that’s the current state of things in the security operations world, but as V.Jay LaRosa, the VP of Global Security Architecture of payroll and HR company ADP explained to me, “The industry, in general from a SOC operations perspective, it is about to go through a massive revolution.”

That revolution is automation. Many companies have claimed that they are bringing machine learning and artificial intelligence to security operations, and the buzzword has been a mainstay of security startup pitch decks for some times. Results in many cases have been nothing short of lackluster at best. But a new generation of startups is now replacing soaring claims with hard science, and focusing on the time-consuming low-hanging fruit of the security analyst’s work.

One of those companies, as we will learn shortly, is JASK. The company, which is based in San Francisco and Austin, wants to create a new market for what it calls the “autonomous security operations center.” Our goal is to understand the current terrain for SOCs, and how such a platform might fit into the future of cybersecurity.

Data wrangling and the challenge of automating security

The security operations center is the central nervous system of corporate security departments today. Borrowing concepts from military organizational design, the modern SOC is designed to fuse streams of data into one place, giving security analysts a comprehensive overview of a company’s systems. Those data sources typically include network logs, an incident detection and response system, web application firewall data, internal reports, antivirus, and many more. Large companies can easily have dozens of data sources.

Once all of that information has been ingested, it is up to a team of security analysts to evaluate that data and start to “connect the dots.” These professionals are often overworked since the growth of the security team is generally reactive to the threat environment. Startups might start with a single security professional, and slowly expand that team as new threats to the business are discovered.

Given the scale and complexity of the data, investigating a single security alert can take significant time. An analyst might spend 50 minutes just pulling and cleaning the necessary data to be able to evaluate the likelihood of a threat to the company. Worse, alerts are sufficiently variable that the analyst often has to repeatedly perform this cleanup work for every alert.

Data wrangling is one of the most fundamental problems that every SOC faces. All of those streams of data need to be constantly managed to ensure that they are processed properly. As LaRosa from ADP explained, “The biggest challenge we deal with in this space is that [data] is transformed at the time of collection, and when it is transformed, you lose the raw information.” The challenge then is that “If you don’t transform that data properly, then … all that information becomes garbage.”

The challenges of data wrangling aren’t unique to security — teams across the enterprise struggle to design automated solutions. Nonetheless, just getting the right data to the right person is an incredible challenge. Many security teams still manually monitor data streams, and may even write their own ad-hoc batch processing scripts to get data ready for analysis.

Managing that data inside the SOC is the job of a security information and event management system (SIEM), which acts as a system of record for the activities and data flowing through security operations. Originally focused on compliance, these systems allow analysts to access the data they need, and also log the outcome of any alert investigation. Products like ArcSight and Splunk and many others here have owned this space for years, and the market is not going anywhere.

Due to their compliance focus though, security management systems often lack the kinds of automated features that would make analysts more efficient. One early response to this challenge was a market known as user entity behavior analytics (UEBA). These products, which include companies like Exabeam, analyze typical user behavior and search for anomalies. In this way, they are meant to integrate raw data together to highlight activities for security analysts, saving them time and attention. This market was originally standalone, but as Gartner has pointed out, these analytics products are increasingly migrating into the security information management space itself as a sort of “smarter SIEM.”

These analytics products added value, but they didn’t solve the comprehensive challenge of data wrangling. Ideally, a system would ingest all of the security data and start to automatically detect correlations, grouping disparate data together into a cohesive security alert that could be rapidly evaluated by a security analyst. This sort of autonomous security has been a dream of security analysts for years, but that dream increasingly looks like it could become reality quite soon.

LaRosa of ADP told me that “Organizationally, we have got to figure out how we help our humans to work smarter.” David Tsao, Global Information Security Officer of Veeva Systems, was more specific, asking “So how do you organize data in a way so that a security engineer … can see how these various events make sense?”

JASK and the future of “autonomous security”

That’s where a company like JASK comes in. Its goal, simply put, is to take all the disparate data streams entering the security operations center and automatically group them into attacks. From there, analysts can then evaluate each threat holistically, saving them time and allowing them to focus on the sophisticated analytical part of their work, instead of on monotonous data wrangling.

The startup was founded by Greg Martin, a security veteran who previously founded threat intelligence platform ThreatStream (now branded Anomali). Before that, he worked as an executive at ArcSight, a company that is one of the incumbent behemoths in security information management.

Martin explained to me that “we are now far and away past what we can do with just human-led SOCs.” The challenge is that every single security alert coming in has to go through manual review. “I really feel like the state of the art in security operations is really how we manufactured cars in the 1950s — hand-painting every car,” Martin said. “JASK was founded to just clean up the mess.”

Machine learning is one of these abused terms in the startup world, and certainly that is no exception in cybersecurity. Visionary security professionals wax poetic about automated systems that instantly detect a hacker as they attempt to gain access to the system and immediately respond with tested actions designed to thwart them. The reality is much less exciting: just connecting data from disparate sources is a major hurdle for AI researchers in the security space.

Martin’s philosophy with JASK is that the industry should walk before it runs. “We actually look to the autonomous car industry,” he said to me. “They broke the development roadmap into phases.” For JASK, “Phase one would be to collect all the data and prepare and identify it for machine learning,” he said. LaRosa of ADP, talking about the potential of this sort of automation, said that “you are taking forty to fifty minutes of busy work out of that process and allow [the security analysts] to get right to the root cause.”

This doesn’t mean that security analysts are suddenly out of a job, indeed far from it. Analysts still have to interpret the information that has been compiled, and even more importantly, they have to decide on what is the best course of action. Today’s companies are moving from “runbooks” of static response procedures to automated security orchestration systems. Machine learning realistically is far from being able to accomplish the full lifecycle of an alert today, although Martin is hopeful that such automation is coming in later phases of the roadmap.

Martin tells me that the technology is being used by twenty customers today. The company’s stack is built on technologies like Hadoop, allowing it to process significantly higher volumes of data compared to legacy security products.

JASK is essentially carving out a unique niche in the security market today, and the company is currently in beta. The company raised a $2m seed from Battery in early 2016, and a $12m series A led by Dell Technologies Capital, which saw its investment in security startup Zscaler IPO last week.

There are thousands of security products in the market, as any visit to the RSA conference will quickly convince you. Unfortunately though, SOCs can’t just be built with tech off the shelf. Every company has unique systems, processes, and threat concerns that security operations need to adapt to, and of course, hackers are not standing still. Products need to constantly change to adapt to those needs, which is why machine learning and its flexibility is so important.

Martin said that “we have to bias our algorithms so that you never trust any one individual or any one team. It is a careful controlled dance to build these types of systems to produce general purpose, general results that applies across organizations.” The nuance around artificial intelligence is refreshing in a space that can see incredible hype. Now the hard part is to keep moving that roadmap forward. Maybe that blue-haired silver screen hacker needs some employment.