This week’s hiring signals were the kind that don’t show up in product demos, but absolutely show up in budgets. GitHub confirmed a breach involving ~3,800 internal repositories after a poisoned VS Code extension compromised an employee device. Meta’s AI restructuring continues to ripple, with leadership messaging focused on “no more company-wide layoffs” after a 10% cut and ~7,000 internal reassignments to AI workflows. And the most “AI is physical now” signal of the week: NextEra agreed to buy Dominion in a $66.8B deal explicitly framed around surging AI-driven data center power demand.

The Drop

1) GitHub breach: ~3,800 internal repos accessed via poisoned VS Code extension

What happened: GitHub said it “detected and contained” a compromise of an employee device involving a poisoned VS Code extension and reported no evidence of customer data impact beyond internal repositories. Reporting puts the internal repo count around 3,800, with the intrusion tied to broader supply-chain tactics.
Why it matters for hiring: This pushes security hiring and dev-platform controls up the priority list, especially for companies with large engineering orgs or high IP sensitivity. It also makes “secure dev workflow” a real expectation for senior hires.

2) Meta: “no more company-wide layoffs” memo after a 10% cut and AI reassignments

What happened: Reuters reported Zuckerberg told staff he does not expect more company-wide layoffs this year after layoffs and reassignments tied to AI workflows.
Why it matters for hiring: Two-way impact: (1) more experienced talent enters the market, and (2) the roles that stay funded skew hard toward AI productization, infra, and “agent-driven” internal workflows..

3) Modal Labs raises $355M, valuation jumps to $4.65B as AI coding demand spikes

What happened: Modal raised $355M Series C valuing it at $4.65B. Reuters reported its annualized revenue jumped from $60M (Sept) to $300M, and it expanded from 5 to 13 cloud providers.
Why it matters for hiring: “AI coding” demand is becoming compute demand. Hiring will follow into infra, platform reliability, and sandboxing/eval tooling that keeps AI-generated code safe in production.
Roles likely to spike:

4) OpenAI opens first applied AI lab outside the US, in Singapore

What happened: Reuters reports OpenAI will open its first applied AI lab outside the US in Singapore.
Why it matters for hiring: This signals more applied AI “delivery” hiring globally: forward-deployed engineers, solutions teams, and applied research tied to real deployments rather than lab-only work.

5) Power becomes the bottleneck: NextEra to buy Dominion in $66.8B deal

What happened: NextEra announced a plan to acquire Dominion in a $66.8B deal, explicitly framed around AI-driven data center electricity demand.
Why it matters for hiring: AI scaling is increasingly gated by power, permitting, and grid capacity. Expect hiring growth in energy strategy, capacity planning, and infra buildout roles across hyperscalers and AI infra suppliers.

AI Tool of the Week

CodeSignal Proctoring and Fraud Detection

What it does: CodeSignal offers proctoring for assessments and interviews including identity verification (government ID), audio/video/screen recording, and session review to detect suspicious activity.

Who it’s for: Hiring teams doing remote technical assessments who want integrity without turning every interview into a paranoid thriller.

Quick pilot idea (this week):

• Pick one role with consistent cheating risk (mid/senior SWE, infra, security).

• Run 20 candidates through a proctored assessment.

• Compare results to your current pass-through and onsite performance.
  Metrics to track:

• Completion rate (invited → completed)

• Reviewer flag rate (sessions flagged / total)

• Correlation to onsite pass rate (are “strong” assessments predictive?)

• Drop-off caused by friction (if it spikes, tune the workflow)

Hiring / Interview Insight

“Secure-by-default” is becoming part of your hiring bar

A poisoned VS Code extension taking down GitHub’s internal repos is a reminder that modern attacks target developer tooling, not just servers.

One change to implement this week: add a 20-minute “secure workflow” station for engineering roles:

• How they manage secrets locally

• How they choose extensions and dependencies

• How they handle access tokens, SSH keys, and MFA

• What they do when a dependency is compromised

Metrics to track:

• Number of security incidents tied to developer tooling

• Time to rotate credentials after an incident

• New hire compliance rate on endpoint hardening policies

Funding Watch

• Modal Labs | $355M Series C | $4.65B valuation | revenue run-rate cited at $300M 
  Likely hires: infra, multi-cloud reliability, eval/sandboxing tooling.

• Mercury | $200M | $5.2B valuation | $650M annualized revenue, 300,000+ customers, profitable 4 consecutive years 
  Likely hires: product engineering, risk, platform, banking ops.

• Exa | $250M Series C | $2.2B valuation 
  Likely hires: retrieval/search infra, agent tooling, data quality.

Quick Bytes

• CISA contractor leak: reports say a contractor exposed sensitive AWS keys and materials on GitHub, adding fuel to “secrets hygiene is non-negotiable.”

• WiseTech redundancies: The Guardian reports layoffs tied to AI transformation, with legal caution influencing internal comms in China.

• ChatGPT inside PowerPoint: Engadget reports an AI add-in for PowerPoint, pushing “agentic office workflow” further into normal enterprise work.

What to do this week

1) Run a supply-chain “hygiene sprint”

Action: enforce extension allowlists, dependency scanning, secrets scanning, and token rotation playbooks.
Metric: secrets found and rotated; time-to-rotate; number of privileged tokens reduced.

2) Add a proctored integrity layer to one technical assessment

Metric: flagged rate + correlation to onsite pass-through.

3) Assign a capacity owner for AI-heavy roadmaps

Metric: utilization, cost per inference unit, lead time to add capacity.

This week was a clean reminder that AI hiring is now tied to real-world constraints: security posture, infrastructure capacity, and power availability. The companies that win won’t just “hire more engineers.” They’ll hire the people who make AI systems safer, cheaper, and operable at scale.

That’s all for this week’s Tech Talent Drop — stay informed, and see you next week!