This week
- Vibe coding has significantly accelerated software prototyping but AI agents frequently recommend insecure configurations, creating security problems. Gautam Koul, Lucian Moss, Neil Drew-Lopez, and Daberechi Ruth Edeokoh share their experience while building applications for...
Two weeks ago
- Yesterday, I wrote about the massive increase in security issues being identified by AI. Daniel Stenberg, the author of curl, was a key part of that story. At first he was being overwhelmed by a torrent of “AI slop” reports. In the last few months, the reports have become almost...
- No matter how you feel about AI, it’s changing the world of software. The “T” in ChatGPT was invented to improve language translation, and large language models (LLMs) are very good at this. Interestingly, translating between French and Japanese is effectively the same as...
About a month ago
- A fictional scenario about what AI changes for cloud security, written because the technical version of the argument doesn't land with anyone except engineers....
about 1 month ago
- As part of my efforts in reducing my dependency on Big Tech, I have been researching how to self-host my password manager. One solution that looks very promising is Vaultwarden, an open source clone of the Bitwarden cloud server. An interesting aspect of this server is that it...
- Kiwi Farms is a web forum that facilitates the discussion and harassment of online figures and communities. Their targets are often subject to organized group trolling and stalking, as well as doxing and real-life harassment. Kiwi Farms has been tied to the suicides of three...
- Last week Thoughtworks released the 34th volume of our Technology Radar. This radar is our biannual survey of our experience of the technology scene, highlighting tools, techniques, platforms, and languages that we’ve used or otherwise caught our eye. This edition contains 118...
- This year’s PyCon US is coming up next month from May 13th to May 19th, with the core conference talks from Friday 15th to Sunday 17th and tutorial and sprint …
- The proof of work is the wrong analogy: finding hash collisions, while exponentially harder with N, is guaranteed to find, with enough work, some S so that H(S) satisfies N, so an asymmetry of resources used will see the side with more "work ability" eventually winning. But bugs...
- Is security spending more tokens than your attacker? Last week we learned about Anthropic’s Mythos, a new LLM so “strikingly capable at computer security tasks” that Anthropic didn’t release it publicly. Instead, only critical software makers have been granted access, providing...
about 2 months ago
- The UK’s AI Security Institute has published the first independent evaluation of Claude Mythos’s cyber capabilities. The headline finding – first AI model to complete a full 32-step simulated network attack – is notable. But there’s a finding buried in the accompanying...
- What Anthropic's Mythos research preview tells us about the trajectory of frontier models, sandbox escapes, and the cybersecurity risk ahead....
- Blog About Moonbound Shop This is a post from Robin Sloan’s lab blog & notebook. You can visit the blog’s homepage, or learn more about me. April 8, 2026 Now that we share the internet with tireless, capable synthetic hackers, I find myself wondering if the project to rapidly...
- Anthropic didn’t release their latest model, Claude Mythos (system card PDF), today. They have instead made it available to a very restricted set of preview partners under their newly announced …
- The Problem You have a video on a server. You want users to watch it. But you do not want them to download it. Or share direct links. Or scrape it with bots. If you just put the file at cdn.example.co...
- The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …
- Dependencies are a huge supply chain security risk; the more of them you have, and the more often you update, the bigger the attack surface....
- AI coding assistants respond to whoever is prompting, and the quality of what they produce depends on how well the prompter articulates team standards. Rahul Garg proposes treating the instructions that govern AI interactions (generation, refactoring, security, review) as...
- A cascading wave of supply chain attacks has hit npm and PyPI in under two weeks. LLMs are making it worse, and current mitigations aren't enough....
2 months ago
- Blog About Moonbound Shop This is a post from Robin Sloan’s lab blog & notebook. You can visit the blog’s homepage, or learn more about me. March 26, 2026 This is a genuinely interesting document: the Claude chat transcript, very well-presented, from a software developer’s...
- Here’s a mildly dystopian prompt I’ve been experimenting with recently: “Profile this user”, accompanied by a copy of their last 1,000 comments on Hacker News. Obtaining those comments is easy. …
- Mastra Studio has evolved. It's no longer just a local development tool. You can deploy it to your own infrastructure and share the URL with your team. However,......
3 months ago
- Workspaces now support remote sandboxes. We're launching with three providers: Daytona, E2B, and Blaxel, with more to follow. With remote sandboxes, agents can ......
- I have been a loyal customer of 1Password since 2013. It has served me well and I never really looked into the alternatives. I didn’t mind occasionally paying for an upgrade to the newer version, or even switching to a subscription model a few years ago. In recent years though,...
Rows per page
