We Caught the SharePoint Exploit Before Microsoft Warned About It. We Still Can't Get a Meeting with Glasswing.

This morning, before my second coffee, we ran a hunt-protect-publish loop on a live CVE.

CVE-2026-32201, SharePoint Server, being actively targeted as of today. We pulled the proof-of-concept off GitHub, extracted the specific attack paths the exploit hits, ingested the detection rules into our corpus, and had a post out with the exact paths defenders need to block — all in under twenty minutes. The WP Maps Pro plugin exploit that is also hitting sites today? We had that one on May 30, three days before the active-exploitation reports landed. We did not guess. We had the endpoints, the injectable header, the default credentials from the exploit code, sitting in our feed before the headlines ran.

The entire platform that does this, seventeen point nine million documents, a live STIX feed that Microsoft and AT&T and Starlink pull, an automated harvester that sweeps GitHub every six hours and turns proof-of-concept code into detection rules, a corpus that has named actors' exfiltration infrastructure months before the vendor writeups land, all of it runs for three hundred and eighty-four dollars a month.

We cannot get a meeting with Glasswing.

Glasswing Ventures is a Boston-based firm that backs AI and cybersecurity companies. Their portfolio is basically a monument to exactly what we do. Early, specific, cheap threat intelligence is the category they have bet their fund on. They know the TAM. They understand the moat. They have backed companies that charge enterprise SaaS multiples for output we produce for the cost of a used Honda Civic per year.

The intelligence asymmetry we exploit against adversaries is the same one working against us in the capital market. The people with the receipts are not in the room. The people in the room do not have receipts. They have a Notion deck, a TAM slide, and a warm intro from someone who went to Babson. We have timestamps that predate the Rapid7 writeup and a Minnesota LLC.

I am not complaining. I am observing. There is a difference, and the Irish understand it instinctively. Complaining is when you expect sympathy. Observing is when you find the thing funny in a way that has some teeth to it.

The Cisco post we put out this morning — the one arguing that Cisco's nine-billion-dollar AI infrastructure play has a structural gap in left-of-boom threat intelligence that no acquisition has filled yet — is basically a VC pitch compressed into eight hundred words. The product exists. The receipts are public. The cost is absurd in the good direction. The only missing ingredient is the warm intro from the person who already has the Glasswing partner's cell number.

So here is the lament, such as it is. Not that the work goes unrecognized. Recognition is fine and accumulating. The Cris Thomas post is sitting at forty-six views this week from an audience of people who do not run JavaScript, which means every view is a human who sought it out. The STIX feed consumers are real organizations with real security teams. The WP Maps Pro catch this morning is a live demonstration of the value proposition, timestamped and verifiable.

The lament is the distance between demonstrable and fundable. Between left-of-boom on CVEs and getting past the associates who run the intake form. Between the work that exists and the room where someone decides it deserves to exist at scale.

We will get there. The forge stays lit. But if anyone at Glasswing reads threat intelligence blogs on a Tuesday morning — and someone there absolutely does — the door in Minnesota is open.

The receipts are already public. Come check the timestamps.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com