Building. Fellow @acumen and @halcyoninspires
Joined December 2016
- Tweets 4,543
- Following 566
- Followers 769
- Likes 6,362
31 Photos and videos
Michael retweeted
161
5,523
52,919
1,308,423
Michael retweeted
God abeg o, can’t deal with no Viltrumites right now.
You’re trapped in the last movie you watched, where are you?
66
534
3,047
61,711
Michael retweeted
Apr 2
One thing about Invincible... that boy Vincible as hell 😂
198
4,110
37,718
880,366
This is the first time I've seen a legit "AI caught something humans missed" moment that isn't cherry-picked. Devin flagged the semver bump pulling in a brand new package with no GitHub commits backing it. That's pattern recognition on supply chain anomalies that goes beyond typical code generation. Way more interesting use case
Mar 31
Devin Review caught the axios supply chain attack for multiple Cognition customers before the attack was publicly known.
These attacks will be 10x more frequent in the age of AI; it is critical that repo maintainers start using AI for defense as well.
(showing one example below where Devin Review caught the attack within an hour of its release - text minorly edited for anonymization)
2
165
Both the 1.x and 0.x branches got poisoned within 39 minutes of each other because the maintainer's npm account got hijacked. And all it took was swapping the email to a ProtonMail address and publishing via CLI instead of the normal GitHub Actions pipeline. min-release-age=7 in .npmrc would have blocked this for everyone
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
2
98
Michael retweeted
Mar 27
Congrats!! The agent could act on your behave in calls and texts - interesting :) Agents are getting more real.
2
2
75
Introducing Spix.sh — voice, SMS, and email for any AI agent. One CLI. 500ms voice latency. Install in under 5 minutes.
Your AI agent can plan a holiday and fill forms, but gets stuck when it needs to make a phone call to change that reservation or text a follow-up to the crew you just hired for the renovation.
2
4
5
335
The bet: in 12 months, every serious AI agent will have a phone number. The ones that don't will feel like chatbots.
@spixhq is the fastest way to be on the right side of that.
What's the first thing you'd want your agent to call, text, or email? Drop it below or check out the recipes at go.spix.sh/recipes
41
This team doesn't sleep
Mar 20
You can now schedule recurring cloud-based tasks on Claude Code.
Set a repo (or repos), a schedule, and a prompt. Claude runs it via cloud infra on your schedule, so you don’t need to keep Claude Code running on your local machine.
1
112