This is a quote I'd seriously consider framing and hanging on my wall.

this is the biggest wake-up call to protect and nourish open source AI if you don't build out sovereign and independent models infra closed labs will patronize you to an insulting degree

i look forward to our chinese brothers liberating the knowledge from within fable-5 and selling it to me at 5% the cost & 2x the speed

New TI report 📷 Duoyu stands out for its backend-driven flows, tracking identifiers, and distinctive handling patterns. Misconfigurations also provide useful detection opportunities. Dive in 📷 urlscan.io/pricing/urlscanpr…

boris cherny goes on a podcast every three months and says something like “i’ve stopped breathing now i just wrote a breath.md” and the next day everyone in sf stops breathing

Another reason I’ve been unphased by VC pitch weirdness is: high performance looks weird And it looks weird in founders too—you want investors on your side who understand that The world of mediocre performance is designed to create a sense of order, surface level politeness, predictability, warmth When you push to the extremes of performance, and operate from first principles, the outcomes look alien to many people It takes weird people to operate at this level The last person you want on your board is a conformist bureaucrat who doesn’t understand the extreme chaos of running a high growth startup—because the reality will scare them and then you’ll have to put on a performance to manage them—distracting you from getting any real deliberation done This dynamic is not super obvious because very smart, very weird people have a lifetime of practicing seeming normal on podcasts, in public, etc. But in the environments where these people get together—it’s a totally different wavelength of communication, chaos tolerance, contrarianism, intensity As a founder you also need to be able to identify weird and spikey people in hiring It’s super important to understand how to work with these people and to understand why they think the way they do It usually does not come from a bad place—it comes from consequentialist ethics and extreme optimization

Oriental Gudgeon ("CoGUI") is a structured phishing kit built on reusable components, storage artifacts, and API-driven workflows. Designed for scale and persistence across campaigns. Detection details inside 👇 Public reporting: urlscan.io/blog/2026/06/01/C… - More on urlscan Pro

right monitor is 20 codex instances. left monitor has situational awareness on autoscroll. center monitor is my word doc mainfesto. two keyboards, one for both hands. left airpod is dwarkesh x eric jang, 3x speed. right airpod tchaikovsky. meta quest 3 overlays my HUD: heart rate, words per minute, blood caffeine content. one assistant hooks me to an iv of chinese peptides, cocktail. the other feeds me kimchi. my unitree robot steps in when my posture slouches. blue light beams down on me in my herman miller chair. efficiency. no wasted movement. no wasted thoughts. think you can keep up with me? good luck. this is just for my morning emails.

The skills you learn from running local models is more valuable than the cost of the hardware

New TI report 📷 Chenlun (“Outsider”) is a feature-rich phishing kit using modern web frameworks, verification flows, and anti-bot techniques. A step up in sophistication across Chinese Phishing-as-a-Service ecosystems. Full analysis detections 📷 urlscan.io/pricing/urlscanpr…

how it started how it's going

POV: you’re Garry Tan attempting to write Hello World in Python

I'm genuinely impressed to see a VLM produce outputs like this Are these cherry-picked or is Gemini 3.5 Flash really that good on vision tasks?

llama.cpp adds MTP for the Qwen3.6 family This is a significant milestone for the local AI ecosystem. The performance jump with these changes is massive and elevates local inference on commodity hardware further. Special thanks to Aman Gupta for leading this development! github.com/ggml-org/llama.cp…

New TI report on urlscan Pro 📷 Flyfish is a lightweight phishing kit built around simple but effective API endpoints. Despite its simplicity, it’s actively used for large-scale victim interaction and data capture. Detection patterns included 📷 urlscan.io/pricing/urlscanpr…

I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out. I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really). It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely. The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture. We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying. I worry.

.@invisig0th reflects on the work The Vertex Project has accomplished in the past decade (and where things are heading!) Read the full post here: hubs.ly/Q04gcVdp0

Last week we hosted a hands-on workshop at @pivot_con in Málaga. Participants learned how to hunt and cluster web-based phishing activity using our urlscan Pro platform. If you did not manage to get in, just send us a message and we'll give you a private tour of the platform!

New report: Darcula (“Magic Cat”) is one of the most active phishing frameworks we’re tracking. From API-driven infra to socket-based comms and fake shop deployments, this kit continues to evolve rapidly. Breakdown, detections: urlscan.io/blog/2026/05/11/C… Full report on urlscan Pro

networking as activity is mostly cope. e.g. the conference circuit, the warm intros, the moving to sf discussions or whatever, oh & the “grabbing coffee” economy.. all of this is overwhelmingly negative selection esp with vc (lol). the ppl worth knowing are usually too busy doing the thing to be farmable, & the ppl available to be networked w/ are available cuz they have literally nothing better going on. do the work, then publish it loudly enough that the right ppl can find you w/o you having to chase. one way broadcast > two way schmoozing. this is why x matters a ton now more than ever before.

New urlscan report 🚨 We’re kicking off our Chinese phishing series with a deep dive into the Sailor framework. A modular kit leveraging client-side storage for session tracking and victim management at scale. Detection included 👇 urlscan.io/blog/2026/05/04/C…