It’s more fun getting attention by doing it publicly and being the victim (security researchers love hitting the 'nobody respects us' button) than putting basic effort in.

A single email bouncing is frustrating of course, but he then posted that an easily found vulnerability existed on Twitter, while a16z:

- has a contact page page https://a16z.com/connect/ with 4x emails to their offices at the bottom (despite claims the main site had no other emails)

- links to their Twitter where DMs are open https://x.com/a16z same with instagram, FB, and linkedin, all open

it would be easy to just email all of them at once and waiting a couple days to see if it gets escalated.