One of the trickiest parts of MCP in practice has been auth propagation. As soon as the agent backend invokes the MCP server instead of the client, the original user’s auth context disappears—tools that require the user's session_id (or equivalent) suddenly only see a generic token. We ended up needing a pattern for:
- M2M-issued short-lived tokens for backend → MCP calls
- Per-request user metadata injection so tool calls can still act on behalf of the user
- Consistent OAuth2 / Okta validation so both layers trust each other
What’s happening here feels less like “Chinese models gaining share” and more like a substrate shift driven by cost physics. When inference drops from dollars to cents and quality converges to GPT-4-mini territory, the default stack for early-stage teams flips almost overnight. At that point founders optimize for runway, not sentiment, and open models become the path of least resistance.
The more interesting consequence is that when inference and fine-tuning are essentially free at startup scale, specialization becomes viable again. Instead of generic prompting against a closed API, teams can afford narrow, high-precision models tailored to their domain — something that used to be economically out of reach. Came across this interesting post - https://www.linkedin.com/feed/update/urn:li:activity:7396291...
I still cross-post occasionally with a canonical link and haven’t seen any negative SEO impact, but Medium doesn’t drive nearly as much traffic as it used to. It’s mostly useful for tapping into specific Medium publications or communities—otherwise the effort rarely pays off.
Conversions sound obvious, but most office buildings just weren’t designed for residential codes. NYC relaxing zoning and allowing more flexibility is probably the main reason it’s seeing so much activity compared to other cities.
Cyber Monday traffic is a different beast - it’s not just more load, it’s bursty, write-heavy, and tied to external systems. A small issue in auth or POS can ripple across the entire commerce stack.
Curious to see if Shopify publishes a postmortem; these incidents usually reveal interesting real-world bottlenecks.
It’s interesting how The Little Prince keeps resurfacing across generations. Even if someone doesn’t connect with every part of it, the themes loss, imagination, responsibility, friendship feel universal. It’s rare for something that short to stay relevant for so long.
Have been using HubSpot for CRM, supplemented with Pylon for CX. The combo has worked well for us because HubSpot handles the broader CRM workflows, while Pylon fills some of the gaps on the customer success side.
Pylon has been rolling out some interesting capabilities lately - Account Intelligence in particular has been useful for surfacing context automatically before a human jumps in. Still early, but it’s been helpful in reducing back-and-forth.
How does it approach keyword research? This is something that I have struggled with the most. Even if you have full access to tools such as semrush, search console, etc sifting thorough millions of data is cumbersome. Classic use case of a use case that machines can do better than humans.
Sam Altman has shifted his stance from calling ads a "last resort" and "uniquely unsettling" as recently as last May to saying he "finds ads somewhat distasteful but not a nonstarter" in a podcast this month, while CEO of applications Fidji Simo said in a companywide meeting in recent weeks that OpenAI was looking at advertising and how it could benefit users according to two current employees
Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider that OpenAI used for web analytics on the frontend interface for our API product (platform.openai.com). The incident occurred within Mixpanel’s systems and involved limited analytics data related to your API account.
This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.
What happened
On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information. Mixpanel notified OpenAI that they were investigating, and on November 25, 2025, they shared the affected dataset with us.
What this means for you
User profile information associated with use of platform.openai.com may have been included in data exported from Mixpanel. The information that may have been affected was limited to:
Name that was provided to us on the API account
Email address associated with the API account
Approximate coarse location based on API user browser (city, state, country)
Operating system and browser used to access the API account
Referring websites
Organization or User IDs associated with the API account
Our response
As part of our security investigation, we removed Mixpanel from our production services, reviewed the affected datasets, and are working closely with Mixpanel and other partners to fully understand the incident and its scope. We are in the process of notifying impacted organizations, admins, and users directly. While we have found no evidence of any effect on systems or data outside Mixpanel’s environment, we continue to monitor closely for any signs of misuse.
Trust, security, and privacy are foundational to our products, our organization, and our mission. We are committed to transparency, and are notifying all impacted customers and users. We also hold our partners and vendors accountable for the highest bar for security and privacy of their services. After reviewing this incident, OpenAI has terminated its use of Mixpanel.
Beyond Mixpanel, we are conducting additional and expanded security reviews across our vendor ecosystem and are elevating security requirements for all partners and vendors.
What you should keep in mind
The information that may have been affected here could be used as part of phishing or social engineering attacks against you or your organization.
Since names, email addresses, and OpenAI API metadata (e.g., user IDs) were included, we encourage you to remain vigilant for credible-looking phishing attempts or spam. As a reminder:
Treat unexpected emails or messages with caution, especially if they include links or attachments.
Double-check that any message claiming to be from OpenAI is sent from an official OpenAI domain.
OpenAI does not request passwords, API keys, or verification codes through email, text, or chat.
Further protect your account by enabling multi-factor authentication.
The security and privacy of our products are paramount, and we remain resolute in protecting your information and communicating transparently when issues arise. Thank you for your continued trust in us.
For more information about this incident and what it means for impacted users, please see our blog post here.
Please contact your account team or [email protected] if you have any questions or need our support.
Bourdain had a way of writing that made even throwaway lines feel meaningful, but so much of that era of content is basically disappearing. It’s nice to see someone do the unglamorous work of gathering the fragments before they fade completely.