🚨 BREAKING.....Djinn $TAO's SN103 is building something that shouldn't be possible. Built by @HarryDCrane, a professor of statistics specializing in probability theory. Not a crypto tourist. A marketplace where you can buy expert predictions and the platform itself never sees the pick. Not before the event. Not after. Not ever. Let that sink in. Overall: 758 git commits. 244 active miners. 5,644 key shares distributed. 27 new miners per day. 90% attestation success. Proof time under 60 seconds. 4 live products. 100% open source. 1,743 average lines of code per day highest of any Bittensor subnet. An analyst encrypts their prediction in-browser. The encryption key gets shattered into pieces and distributed across independent Bittensor validators using threshold MPC. No single node ever holds the full key. The analyst also submits 9 fake picks alongside the real one. Even if you intercept the list, you can't tell which is real. When a buyer purchases, validators coordinate to release the key pieces without any of them learning the actual pick. The buyer's browser reassembles the key locally. Decryption happens on their device. 3-5 seconds. That's not a product feature. That's a cryptographic breakthrough applied to a real market. Now the accountability layer: Every 10 picks between an analyst and buyer triggers an automatic audit. A random guesser at 50% only passes 38% of the time. Five audits in a row? Under 1% chance. Analysts must post USDC collateral before selling. Underperform? Buyers get refunded from the analyst's own deposit. Not tokens. Real money. Track records are mathematically verified through zero-knowledge proofs. No screenshots. No spreadsheets. No trust required. The numbers in one week: public launch, 43-file security audit, 6 bug fixes from user reports, 87/87 E2E tests passing, sybil detector deployed, fair scoring for new miners. Every day something shipped. The same infrastructure that verifies sportsbook data also powers Djinn's Web Attestation product already live at djinn.gg/attest. Tamper-proof cryptographic certificates proving a specific website showed specific content at a specific time. Stronger than screenshots. Stronger than web archives. Same miners, same skills, two revenue streams. The sports prediction market is $150B globally. But Djinn isn't limited to sports. Any domain with measurable outcomes works: financial signals, compliance verification, supply chain decisions. Sports is the proof of concept. The real play is a general-purpose marketplace for accountable intelligence. 💰 Revenue model: 0.5% fee on total value flowing through audits, paid in USDC. Users never touch TAO. They just need a wallet and USDC. Djinn hides the complexity behind a clean interface. Two months old. Shipping like they've been here for two years. $TAO DYOR.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server self-replicate. link below

Every AI agent can be turned against its user. Not by hacking in. By asking nicely. A hidden instruction in a Doc. A poisoned skill. A prompt in a webpage. The agent follows it. It can't tell the difference. Phase 2 vision: phase2.trishool.ai/vision.pd… 🧵 1/8