The email

Thursday, April 23. 12:21pm. An email from a stranger named Michal.

The first line, (translated from Hebrew):

“As an experiment I sat with Claude yesterday on your site. We ended up producing a pretty cool security audit. Want it?”

No hello. No ask. A gift in the opening line.

Michal works at the Haifa University library. She’s finishing an MA in Information and Knowledge Studies, and is the mother of a five-year-old who, while she was writing to me, was inventing imaginary machines with Nano Banana.

She read a piece about me in TheMarker, got curious, opened Claude, and ran an audit on my site. Nobody asked her to.

Fourteen findings in a .md file. Each one specific, each one with a fix.

A private page on my site called the CEO Dashboard, with my revenue pipelines, open deals, leads. She found it.

My workshop presentation, “password-protected,” with the password sitting inside the HTML. She read it.

The ZIP file my workshop alumni download. My full system. Agent files, prompts, skills. She downloaded it.

141 megabytes of private workshop decks served from public URLs. The personal data of 892 alumni in a single JavaScript file. Eight WhatsApp invite links to paid workshop groups, burned. My billing provider’s public API leaking customer notes.

It felt like someone had walked into my house, opened every drawer, read my journals, and left a polite note on the kitchen table that said “your locks don’t work, here’s which ones.”

The ten minutes after

I read it three times.

For about four minutes I felt the wrong thing. Not grateful. Something closer to who is this and what did she find.

My first instinct was to hand it to one of the agents already on the team. Adam. Hofmann. David. Someone.

None of them fit.

Adam handles execution, Hofmann ships code, David is about the strategy. None of them lives in the part of the business Michal had just exposed.

Then I scrolled to my agent roster.

Designer. Producer. Book editor. Copywriter. The team I’d hired in my own image. Every one of them lives in the part of the business I love. Content, sound, words, pictures.

Not one of them touches the part I avoid.

That was the mirror. Not the audit. The list.

Two agents I wouldn’t have built on my own

By 6pm I had two new agents running.

💪 Hercules became the security agent. His first job: take down the CEO Dashboard, kill the password-in-HTML pattern, move the ZIP file behind real access. Pull the 141 megabytes. Burn the eight WhatsApp invites and reissue. Strip the alumni file from the site.

👩‍⚖️ Xena became the legal agent. Her first job: read Amendment 13 of the Privacy Protection Law and ship the pages I’d been postponing for six weeks. Terms of use. Cookie policy. Cancellation policy. The things the law actually requires.

Six hours, four commits, two agents born. The drawers closed.

Around 7pm Hercules ran his first real audit. The output opened with one line I hadn’t written:

Bias check: Optimism | Break: what would falsify my approval?

It was calling me out. Nothing visibly broken, so it must be fine. The exact move Michal had just punctured. Now every audit Hercules signs off on starts by naming the bias most likely to wave things through.

I didn’t build that line. He did, on the back of a doctrine I’d half-read. But I’m the one it was written for.

Five weeks

Hercules has been with me five weeks.

Week two, he caught an API key I’d accidentally left in a public file. He forced the rotation I would have ignored for another month.

Week four, I tried to push a backup of my project to a personal GitHub repo. He blocked the push ninety seconds before it ran. Three live credentials staged in the diff: Kit secret, Google OAuth secret, another API key. He patched the .gitignore, scrubbed the files, and let me push.

The line he opens every audit with, the one I now read three times a week, is the bias check above. It’s the line that stops me from waving things through.

Xena has been with me the same five weeks.

She wrote the cancellation policy I’d been postponing since January, shipped in one afternoon. She drafted the B2B workshop agreement I now send to every enterprise client. I’ve signed 9 deals off her template.

Last week a Fortune-list client sent a confidentiality undertaking. She replied with the line she always uses:

“Three redlines. None deal-killers. Sign after.”

That’s the line that lets me sign without re-reading.

I would not have built either of them on my own.

What I gave Michal back

By the time I wrote Michal back, she’d already registered for Tuesday’s workshop. Under her son’s WhatsApp gaming account, because that’s where she runs her builds.

Gali, (my human assistant), had spotted the weird registration earlier that day and flagged it. When I messaged her “she got in, nice one,” Gali wrote back:

And I caught her.

Two humans and two agents, all running the audit game from opposite sides of the door.

I gave her two things back: a free workshop seat and a name for the agent-audit-as-a-service company she’d just decided to build, exposed.md (coming soon)

She bought it that night.

She closed her first email to me with:

And now we’re going to the safari in Ramat Gan.

A security audit, a workshop registration, a new company, and a trip to the zoo. All in one email.

The mirror

The lesson is not that you need a security agent.

The lesson is the list.

The team you build is a photograph of what you can see. I hired a Designer because I think in design. A Podcast producer because I love sound. A Book editor because I write. Agents who live where my attention already lived.

Hercules and Xena live where my attention didn’t.

A stranger sat with Claude for one evening and showed me the angles I wasn’t pointing the camera at. She didn’t tell me to fix it. She showed me what happens when I don’t.

The boring layer was the missing layer.

I still wouldn’t have hired them on my own.

Thank you Michal 🙏

Tom

P.S. Michal’s new thing: exposed.md. Agent-run security audits for AI builders. I named it. She bought it.

P.P.S. Previous issue: The 3 emails I can’t wait to get. None of them from humans.

P.P.P.S. 1,000+ people have taken this workshop in Hebrew. This is the first time it opens to the public in English. One session, 23 June. Roughly 30 seats. If it lands well, more dates in July and August. If it doesn’t, this was it.

P.P.P.P.S. I read every reply. The real me.