Extracting the kernel sounds like a good idea, but it sort of depends on having a reasonable executive who'll take the time. Some executives won't tell you the kernel, may not know it themselves and the power gradient can make it hard to ask (you don't want to look foolish).

Any lessons learned from the 2024 incident? Was/is it possible to put in place internal controls to prevent future compromise?

https://news.ycombinator.com/item?id=38897363

And I guess related to the section and post on heavily and quickly adopting LLMs: Do you have any thoughts on how to ensure that sensitive customer/shareholder data is not inadvertently mixed in to some new workflow involving third-parties while keeping it accessible for production apps and services?

Keeping confidential/sensitive data from leaking into marketing workflows seems to have been a historical and relatively recent challenge for Carta so would love to hear how you were able to transition from that to securely managing the mentioned level of LLM deployment integrating across the org.

> Extract the kernel

If you follow the link within the article, he goes on to say:

> The most frequent issue I see is when a literal communicator insists on engaging in the details with a less literal executive. I call the remedy, “extracting the kernel.”

Most engineers I’ve worked with have been “literal communicators.” Of course, both parties can always improve. But part of being a good leader is having excellent communication skills, and that includes anticipating how your audience will receive your message. The bulk of the responsibility is, and should be, on the leader to avoid misunderstandings in the first place.