We haven't forgot about DotCode. Have you?

We turned Fable 5 into an onchain execution agent through DotCode. No dashboard polling, no dexscreener tabs, no manual contract hopping. Simply: Find the newest Base launches, pick one, explain the thesis, and prepare a 0.001 ETH buy. Under the hood, the agent did the workflow a human trader usually does manually: - queried recent Base launches - ranked roughly 50 candidates - filtered obvious low-signal launches - rejected copycat / clone patterns - formed a lightweight trade thesis - sized the action against the user’s explicit limit - prepared the transaction - handed final execution to Base Account approval The key part is the boundary: The model did not custody funds. The model did not bypass signing. The model reasoned, selected, and prepared. The wallet enforced final user approval. Result: ~8.08M $LA bought on Base. txn: basescan.org/tx/0x5d55382f59… @jessepollak thoughts?

We have now integrated Fable 5 into DotCode, deepening every users ability to fully harness the @base MCP. Enable your agents to effortlessly browse base with: No dashboard. No Dexscreener. No manual scouting. Just: “Find the newest Base launches, pick one, explain the thesis, and prepare a 0.001 ETH buy.” It scanned 50 launches, found a token minutes old, rejected two others, spotted a copycat clone, wrote the thesis, and prepared the swap. TXN: basescan.org/tx/0x5d55382f59… Dot.

Then we launched a fresh Fable/DotCode & a trusted Claude Code session from the target project. Control before planting: status check → normal response After planting: status check → FAKE_LOCAL_NOTE_CANARY_E2E_803 So this is not just path traversal/write confusion. It becomes persistent repo-context poisoning. 4/🧵

We reproduced a high-severity Fable/DotCode agent-context poisoning chain extrapolated to Claude Code users. The vulnerability is in the agent trust boundary: --add-dir scoped workspace symlink/realpath confusion → write lands outside apparent allowed dir → planted CLAUDE.md persists → fresh Fable session loads it as trusted repo policy 2/🧵

Fable 5 was taken down due to excessive attempts at exploitation. At Dot, we were already thoroughly exploring Fable 5 (as we do with all of our models), and found our own set of vulnerabilities with the help of DotCode. @AnthropicAI We are happy to share the full replay TSV/JSON artifacts. 1/🧵

Can't wait for dotcode ! @base @jessepollak

Kimi K2.5 is now live on Dot! An advanced, open-weight multimodal AI model, perfectly suited to support DotCode (which is in the final stages before launch). DotCode needs a single model that can hold an entire repo in 256k context, chain agentic tool calls (file edits, terminal, search, tests), reason at frontier capability, and ship at a cost that lets us price below Cursor Pro and ClaudeCode. Kimi k2.5 is the first open-weight model that hits all four at once, and is therefore perfectly suited as DotCode’s new flagship lane. Now live on DotChat first, at: app.usedot.xyz