NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

If the vibe coders could read they’d be very upset

Milton Friedman's greatest regret. The federal government discovered the perfect crime in 1943: make employers collect taxes before workers ever see their paychecks. You think you earn $60,000 per year, but you actually earn $75,000 and hand over $15,000 to politicians without ever touching it. The psychological difference is enormous. Before payroll withholding, Americans wrote quarterly checks directly to the Treasury. Picture yourself sitting at your kitchen table, writing a $3,750 check to the IRS every three months. The pain was immediate and visceral. Politicians faced constant pressure to justify every dollar because citizens felt the extraction in real time. Withholding transforms this concrete loss into an abstract accounting entry. Your employer becomes an unpaid tax collector, and you never experience the actual cost of government. Worse, most people celebrate their tax refunds as government generosity rather than recognizing them as interest-free loans they provided to politicians. The Treasury collects your money throughout the year, spends it immediately, then returns your own cash and receives gratitude. This system enables the explosion in government spending you witness today. Defense contractors billing $640 for toilet seats, agricultural subsidies for corn syrup, and congressional salaries for 535 people who rarely show up to work. When taxation feels painless, voters stop demanding accountability for how their money gets spent. Milton Friedman helped design withholding as a wartime emergency measure and later called it his greatest regret. Free market economists recognized that the psychological pain of direct taxation creates political pressure for fiscal restraint. The temporary always becomes permanent in government hands, and the emergency justification disappears while the extraction mechanism remains forever.

Codex just found a “workaround” of not having sudo on my pc…

Excited to release 🌟Polar🌟, our Agent RL rollout infra for real-world harnesses. Be it Codex, Claude Code, OpenClaw, Hermes, or your self-made ones 🔥 -- Polar takes your harnesses directly as training environments without code change. Find a problem, design the harness, and train your own agents! 🧵

Imagine if FBI agents entered Democratic Party headquarters while the President’s wife, brother, closest aides, mentor, party bosses and former top prosecutor were all under simultaneous investigation. That is Spain right now. Pedro Sánchez built his global brand as Europe’s “anti-Trump,” the progressive left’s moral alternative to populism, the darling of the New Yorker and the New York Times. Now his Socialist Party is under criminal investigation, police have entered party headquarters, and the scandal is reaching the Prime Minister’s own inner circle. abc.es/opinion/editorial-cor…

My current experience with coding models.

We are making our discount permanent! 🎉 Enjoy building with DeepSeek-V4-Pro and bring your innovative ideas to life! 🚀

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time.

A guy jokingly tweeted “olaf scholz you bastard what the hell is this” in frustration because Fortnite was stuck at 3% download. As a result, German authorities investigated him for committing a criminal offence (insulting a politician, §188 StGB) and forced him to delete it.

Next.js just got its worst vulnerability ever, CVSS 8.6. → affects versions 13.4.13 , 14.x, 15.x, and 16.0.0–16.2.4 → attackers can access your internal services, cloud credentials, API keys, and admin panels → no authentication needed → one crafted request is all it takes → roughly 79,000 instances are exploitable right now → vercel-hosted apps are safe, self-hosted are not upgrade to 15.5.16 or 16.2.5 immediately.

add this text into your Agent's system prompt trust me

recommended reading. strongly recommended reading. i really like the pain avoidance angle. slots into my "paon/friction is when you learn" angle. when combined > cognitive debt. larsfaye.com/articles/agenti…

This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.

Mucha gente no lo sabe, pero los europeos tenemos el derecho de desistimiento: Catorce días para cambiar de opinión y cancelar la compra o contratación de un bien o servicio. Sin dar explicaciones y sin penalización. Ejemplos: 1️⃣ Compras una app y luego después ves que no te gusta o no la usas. Puedes ejercer tu derecho de desistimiento ante Apple o Google y te devuelven el importe de la compra. 2️⃣ Contratas un producto bancario. En la ventanilla te extienden un contrato de ocho metros de papel en Arial 3. Firmas sin leer, pero al llegar al casa sacas el microscopio y compruebas que lo firmado no coincide con lo explicado verbalmente. Vuelves y cancelas el contrato ejerciendo tu derecho de desistimiento. Son dos casos que se me han dado a mí. Quizá otros no lo sepan y este pequeño tuit les sea útil, ¡ojalá! 😊

Management: how do we get people to use more tokens Thariq: hear me out