How seven workflow steps led to $1.3 billion

Welcome to Runtime! Today: Tines co-founder and CEO Eoin Hinchy talks about workflow automation and agentic AI skepticism, Oracle Cloud customers push back against its claim that none of their data was stolen, and the latest enterprise moves.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Step by step

Long before the enterprise software community was swept away by the agentic AI wave, companies that wanted to automate some of the most basic steps in their business processes — without asking developers to build complex internal applications — were intrigued by low-code and no-code tools, which allowed the people in the finance or marketing departments that best understood their day-to-day requirements to take action on their own. That category never quite panned out, but the desire to automate those workflows never went away.

That's how Tines co-founder and CEO Eoin Hinchy got started building a company that raised $125 million in new funding last month, bringing its valuation to $1.125 billion. Hinchy, a former security team leader at DocuSign, wanted to automate some of the most repetitive tasks his group encountered on a daily basis, he said in a recent interview.

• We're talking about tasks like "running down phishing emails, responding to security alerts, taking data from one tool, copying and pasting it into another tool, taking the result from that tool, putting it into another tool … that was leading to things like human error, burnout, team churn, exhaustion, and security incidents," he said.
• After spending about six months looking for a product that could allow his security engineers — who were experts in their domain, but lacked coding experience — to automate those tasks, Hinchy realized there was nothing on the market that could really solve that problem to his satisfaction.
• "Our belief has always been that the only people qualified to automate a use case are the people on the front line closest to the problem, and those people are not always software engineers and don't have the skills required" to get that job done, Hinchy said.

One of the first things Hinchy did after co-founding Tines in 2018 with Thomas Kinsella was ask all of his friends and colleagues about the workflows they navigated to do their jobs. After printing out about 500 of those workflows and laying them out in a pattern that he said made him "look like a little bit of a crazy conspiracy theorist or something," some common threads started to emerge.

• "Across all 500 of the workloads that represented a broad spectrum of use cases and company and technology stacks, I actually only needed to be able to support seven individual steps or action types," Hinchy said.
• Those seven steps were webhook; send email; receive email; HTTP request; event transformation; trigger; and send to story.
• Last year Tines added an eighth step: AI, which allows automated workflows to interact with large-language models.
• Hinchy was skeptical about generative AI when it started to blow up 2.5 years ago — "I'd seen vendors promise the sun, the moon and the stars with AI, only for them to deliver lead balloons" — but quickly realized "this was going to represent a tectonic technology shift."

Fast forward a couple of years and basically every enterprise software vendor has released a platform for building AI agents, which promise to automate a lot of the same workflows that companies find tedious or repetitive. But the problem with agentic AI is that it produces "non-deterministic" outputs, which means "you can't predict exactly the way that they're going to perform," Hinchy said.

• "I fundamentally believe that for mission-critical workflows like cybersecurity, we're a long way away from full-autonomous agentic environments. The impact of an incorrect decision or action performed by an agent is too high risk for any kind of important workload," he said.
• Instead, Hinchy believes that companies will use LLMs to organize or summarize large amounts of information that can be fed into deterministic workflows like Tines, which can take action based on those inputs.
• That's obviously a self-serving take, but it does address some of the early concerns about agents.
• "When you combine these two technologies, you really have the best of both worlds: You've got the summarization of information, the tool selection, and then you've got the deterministic workflows and access to proprietary systems," he said.

Check the receipts

Days after Oracle denied any suggestion that customer data was compromised in a breach of its systems, Oracle Cloud customers are coming forward to confirm that their data actually did appear in a sample released by the hacker claiming responsibility for the breach. The incident raises a lot of questions about Oracle's commitment to security and transparency with its customer base.

Bleeping Computer reported Thursday that it "has confirmed with multiple companies that associated data samples shared by the threat actor are valid." That follows a similar conclusion reached by CloudSEK earlier this week, after it reported the original incident last week.

"BleepingComputer has emailed Oracle numerous times about this information but has not received any response" beyond a blanket denial last week, it said Thursday. Needless to say, this is not a good look for a cloud infrastructure provider entrusted with customer data; security incidents are bound to happen to every company, and pretending otherwise insults the intelligence of their customers.

Enterprise moves

Jean English is the new chief marketing officer at CoreWeave, joining the GPU infrastructure provider following similar roles at Juniper Networks and Palo Alto Networks.

Sean Meeks and Bill Smith are the new president of brands and chief sales officer, respectively, at Rithium. 

Kevin Paige and Mark Costigan are the new field CISO and vice president of finance, respectively, at ConductorOne.

The Runtime roundup

OpenAI said it will support Model Context Protocol, giving further credibility to a technology that lots of AI companies believe will solve some of the initial hurdles faced by companies trying to deploy AI agents.

Microsoft no longer plans to build 2 gigawatts of data-center capacity in the U.S. and Europe, according to Bloomberg, as the great AI infrastructure reset settles in.

Databricks signed a five-year deal with Anthropic to make Claude 3.7 Sonnet available to Databricks customers running on the Big Three cloud providers.

Thanks for reading — see you Saturday!