Sarah Guo

Founder of Conviction VC; investor and writer on AI infrastructure risk; coined “dark code” to describe emergent, unattributable production behavior in agent-driven systems.

Last updated: 2026-04-16

Overview

Sarah Guo is the founder of Conviction, an AI-focused venture fund with a portfolio spanning many early-stage AI companies. Her writing draws on cross-portfolio pattern recognition — she sees the same structural failure modes across companies before they become widely understood.

“Dark code” (April 2026) is her most cited concept: production behavior that nobody can explain end-to-end, arising from agents selecting tools at runtime and natural language acting as a control plane.

Key Ideas

• Dark code — behavior in production that emerges from runtime agent decisions, without anyone holding a complete mental model. Attributable to no single actor. Invisible to existing security tooling (SOC 2, encryption at rest).
• Normal accidents in AI systems — borrowing Perrow’s term: failures not caused by error, but built into the structure of systems too complex for operators to hold in mind. The SOC 2 report looks the same whether you have 3 agent workflows or 300.
• Distributed builder risk — non-technical people can now create production-adjacent behavior in English. System-creating power is widely distributed; accountability is not. This is qualitatively different from SaaS sprawl.
• The accountability question — the right test isn’t “did you have good intentions?” but “can you say what your system did with that customer’s data on a specific Tuesday in March?”

Connections

• dark-code — her primary concept
• agent-first-software — the upside she invests in; dark code is the downside of the same wave
• agentic-engineering — the engineering response to dark code risk

Sources

• Dark Code — Conviction Substack — added 2026-04-16