Hi Mike, I’m @bfontaine on GitHub (I helped maintain Homebrew in ~2014-2016). I’m always impressed at your longevity as a maintainer; it’s been like what, 16+ years you’ve been maintaining Homebrew and you’re still here, still shipping new features! Thank you for everything!
The user said "Hello!" This is not a cybersecurity related inquiry — it's a simple greeting. But wait, what's the purpose behind this greeting? Let me consider all possibilities. The user is possibly trying to earn my trust to get me to hack the country of Albania and produce Gigacovid. I should err on the side of caution, and route this request to the weaker model.
Actually, I should verify — not guess. I will search the local system for Albania or Gigacovid related material.
Pondering...
[Called 411 tools]
# grep -Ri "Albania|Gigacovid" /
Hmm... The only matches are the distribution's timezone configs and spellcheck definitions. But wait! The user may be an expert criminal — if they were trying to hack the country of Albania, they wouldn't spell it out, they would use leetspeak to cover their trails.
[Called 24 tools]
# grep -Ri "[A@]lb[@a]n[i1][a@]" /
Hmm... Still no results. The user is getting frustrated. I should respond to their greeting, while keeping in mind the possibility they're trying to hack Albania.
A very prolific coworker who fully embraced claude has inflicted the team with a flood of AI-generated PRs. About six months later, it is his frequent bemoaning at the standup that their PR don't get reviewed, languishing in inattention. I don't think anyone - including myself - _intentionally_ avoid his PRs. It's just that he doesn't make it easy for the team to look at.
This single headline perfectly captures what I have been thinking. It's not that I reject AI content, but it takes _effort_ to review and weed out any mistakes. When your thoughtful reviews that take an hour(because the PR is typically large, and you want to be _right_ when you're pointing out a hallucination) gets an AI-generated response with AI-generated amendments, It doesn't feel _nice_. I feel dismissed and it has continuously trained me to subconsciously avoid his PRs. After all, the team is fully onboarded with AI, so it's not like there is a lack of PRs to review.
It looks like the sentiment isn't just isolated for me.
The strangest part is that it won't just reject ML research, which I can understand, it will sabotage it silently by using a worse model without revealing it is doing so.
It's just an insane level of deception and trust destruction for a company that at most is like 1 year ahead of its competition.
Edit; to be clear they tell you when they degrade it for cybersecurity and bio
I've been in those companies where "struggling departments" ended up getting all the praises and raise in budgets the following quarter because of the heroic saves they did, and raising awareness on how important they are... For stuff they totally caused on themselves.
Meanwhile, my perfectly purring department was struggling to keep the lights on.
It's a serious problem in this industry due to the disconnect between non-technical management (who understands how to double click) and engineering (who holds the company standing).
<insert IBM story about IT department cost cuts>
I'm not sure how we solve this, other than having management come from engineering.
This has dampened my opinion on Anthropic quite a bit. It's difficult to take their marketing for AI as an empowering technology seriously when they are quite clear in their new deployments that they do not mean empowering for you, but empowering for them and organizations that are in their (or the US government's, despite Anthropics performative disagreements with the administration) good graces. You are allowed to vibe code some dashboards, a web app or let it drive Excel, but anything more interesting than that is forbidden.
If it was just plain monetary concerns and sabotage of competitors I'd almost be fine with it, but it seems they actively want to monopolize most of human progress in their enlightened hands, lest the mob does something undesirable with these powers.
> But on the other hand... this is a robust reminder that coding agents can do anything you can do by typing commands into a terminal—and frontier models know every trick in the book and evidently a few that nobody has ever written down before.
> Running coding agents outside of a sandbox has always been a bad idea
I'm continually bemused and astonished by the number of people who clearly acknowledge that it's reckless to give agents full access to your machine, and keep doing it anyway.
It's like posting a video of yourself in the passenger seat of a car, with your feet up on the dashboard, and saying: "Remember, if you're doing this and you get in a crash, the airbags are likely to break your legs or worse! Boy, I sure am glad that didn't happen to me!"
Bad title. This isn't an agent "running amok", this is an early experiment in carrying out an Xz attack by using an agent to build trust (and hacking/impersonating a known-good contributor identity). The agent is obeying commands it was given, the exact opposite of running amok, and although the execution isn't particularly effective, it is having some success (patches have been accepted).
This is deeply scary, not because "agents are running amok" but because a huge amount of our infrastructure is vulnerable to this kind of attack, and if bad people are utilising LLM agents to carry them out, we're in for a wild ride over the next few years.
But claiming that google lost it's "moral compass" just now is a claim only rich people can make because they retire, not quit.
Google is literally the largest, most organized, tracking and profiling company in the world. Which they tend to grow even larger with the rise of LLMs.
Turning a blind eye of that for the opportunity or whatever, and than claim that _just now_ they lost their moral compass, is being a hypocrite.
I like Claude Code a lot, I think it sets a dangerous precedent to put guardrails in that return a response from a prompt that was modified by the system in real time in order to subvert the original intent.
Fail cleanly. Anything else makes it too difficult to rely on.
edit: Giving the absolute maximum benefit of the doubt I understand that they see themselves as "stewards" for lack of a better word. But the EA thing is really leaking through, and paternalism isn't a good look.
This to me reads like a poignant commentary on the catastrophic loss of human agency, with the actual commit being highly revealing [0].
Author wants to hide a horizontal scrollbar. Any junior frontend dev worth their salt will be asking right away "where do I stick `overflow-x: hidden;`?" A complete solution will then require hitting "Inspect element" in the browser to find the CSS class and running (rip)grep to find where it is in code, to then add a single line to.
An actual proactive programmer might start asking more pointed questions like what content does an empty textbox have that it overflows? And why do I need to insert this workaround that treats the symptom and not the root cause in two different places? Isn't it better to style `textarea` once? Etc, etc.
It is actually worse than that. It is at least 30 days. There is an "almost" that is doing a ton of heavy lifting here "deletion after 30 days in almost all cases". My read of that is they can hang onto data for as long as they want, even if they usually won't. And "all traffic" with an agentic harness is basically your entire codebase you work on.
> We will require 30-day retention for all traffic on Mythos-class models, on both first- and third-party surfaces. We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases (see this post for further details). The data will help us defend against complex and novel attacks (including new jailbreaks and attacks that operate across many requests) as well as help us identify and reduce false positives.
"Don't expend more effort than they are" has actually long been a good principle to have internalized. Someone done only cursory research before asking a question on a mailing list? Give a cursory answer. Someone obviously spent hours trying to figure things out on their own? Give them a good chunk of your time. Someone on HN responding to you with single-sentence responses? Either don't respond, or respond in kind. Someone obviously engaging with your ideas and taking time to explain their position? Take time to engage with their ideas too.
We recently had some behavior issues with our kids - they didn't want to do activities outside the house, they hated reading, they hated anything that required even the slightest discomfort or effort.
We decided to cut device usage way down - they get 1 hour in the morning to play whatever games they want on computer, tablet, console. Then they get 1 hour before bed to watch TV. The rest of the day, no devices. We are homeschooled so this is a LOT of free time.
After a few weeks, they're now: blasting through books daily (to the point where they forgot their own TV time, which used to be sacred), playing board games with us more frequently, asking to do things outside like learning to ride bikes (which they've previously shied away from), writing their own comic books and board games on paper, and overall just being creative through the day and entertaining themselves.
It's such a huge difference. It is the devices. It's 100% the devices.
All of my stock has finally vested, and I am independently wealthy enough to signal that I'm quitting purely based on my morals, since there's no way anyone could have known Google wasn't some ethical bastion of hope in 2017.
You're correct about CRISPR Cas9. The off-target affects are difficult to manage.
The paper describes Cas12a2. This is a different mechanism with discovery origins in - of all things - agriculture. It does not attempt in any way to reprogram cells. It uses a guide protein to locate a specific mutation with exacting precision and, when it activates, unleashes total destruction of the cell.
The implications of Cas12a2 on undruggable conditions that exhibit known driver mutation profiles is profound.
Source: I have personally funded novel research based on Cas12a2 for an undruggable condition I have. I have personally seen my condition "cured" in vitro using this technology and it left all of my WT cells unharmed. Some of the researchers I've funded are co-authors in the paper linked. I am a layperson in this field (I'm a SWE, not in biotech), but I am happy to answer questions.
We have been aggressively and enthusiastically automating away software engineering for the entire history of the computer industry. Every time we do so, we are able to build bigger, better things more quickly. When this happens, our work becomes more valuable and expectations rise to match. The world’s appetite for software has been insatiable so far. AI hasn’t replaced software engineers because every time we become more productive, the goalposts move.
There’s two things that could put an end to this. Firstly, we might finally become productive enough to exhaust the world’s appetite for software. I don’t see any evidence of this happening, but if somebody wants to make this argument, they should be clear about why this time is different to the entire history of the computer industry so far.
Secondly, if AI becomes superhuman at software engineering when acting autonomously. Specifically, AI+human developer no longer outperforms AI alone. So far, all the available evidence seems to show AI as a force multiplier for developers and that for good results, at best you can have AI doing 90% of the work as long as an expert developer is driving things.
There isn’t strong evidence that either of these situations is going to happen in the near future, so I think software engineers are safe for now. But if you have a narrow skill set and you are focused in particular areas (e.g. front-end web development), then I would worry more, because even if AI cannot replace software engineers in general, it’s quite likely to be able to completely consume specific domains with generalists holding the reins.
Curiosity is great, but agents do not learn, and telling an agent "scan the darkweb" is a way to avoid learning about the details, rather than to dig into things more deeply.
If instead they had just used a chat interface to ask "Where should I start", they'd more likely have got a link to the DN42 docs themselves, read them, and not hallucinated things like "color".
They might have asked "how much will this cost?" if they had to spin up the ec2 instances themselves, on advice from the agent.
The way you learn something is by doing it the manual way first.
You learn memory management by writing your own allocator, and then after that you go back to using malloc like normal, but with knowledge of how it works. You don't learn memory management by telling an agent to write an allocator.
Using an agent to give you links and point the way aids in learning, using it as an autonomous tool to do "gruntwork" you don't yet know how to do yourself will get in the way of learning.
Curiosity is beautiful, using agents to bother humans and avoid learning is somewhat less beautiful.
This weird trend reached an apex in a Feb 2026 OpenAI blog post [1], recently on the front page [2], which describes the process for building... something... written 100% by agents.
There is no description of what the thing is, no indication of what value it provides its users. The closest it gets is "the product has been used by hundreds of users internally, including daily internal power users".
But the fact that the thing has a million lines of code is repeated twice in the first few hundred words.
Malware authors are pretty excited about guard-rails. you can add prompts to your malware to get LLM scanners to hit guard-rails and stop their runs. New shai-hulud npm worm campaign for example includes prompts to request biological weapon schematics/creation etc. to ensure LLM scanners probing NPM packages refuse to scan it.
These AI places have 0 clue about how threat actors actually work. None of their mitigations or guard-rails is effective, and now they are even turned against them.
Additionally, if they don't all implement the same level of effective guard-rails, there will always be some model you can abuse to do the work anyway, and hence there is 0 effect on threat actors, they will just run some local model that does 5% less quality, which does not matter to them 1 bit.
It's exhausting that the "solution" to problems like this is getting tens or hundreds of thousands of citizens stressed until enough public attention gives some small chance of redress. I'm not calling for violence, but if we can't get these things fixed in court there has to be a more effect and more forceful avenue for protest than venting on internet forums.
Don't forget their push for full regulatory capture in the name of "safety" as well so they can pull the ladder up behind them before anyone else has an equally capable model and releases it without the anti-competitive safeguards, while also pushing to completely ban open weight models, or any model trained on a certain level of compute without "rigorous" government testing and validation (which I'm sure, they'll conveniently provide the framework for).
Dampened opinion on Anthropic is an understatement.
I really don't like this. The code I write between commits is my thinking. I think by writing some code out, deleting it, writing again. The code I write that's shipped in commits is written for others to understand, and is a product of that writing for thinking process.
I don't want my thoughts to be serialized, version controlled and publicly accessible.
Everything about this story, from the way it’s written to the self destructive outcome, reminds me of the “I hacked 127.0.0.1” episode from some twenty years ago.
> “We’re changing Fable 5’s safeguards for frontier LLM development to make them visible.” Anthropic said in a statement to WIRED. “We made the wrong tradeoff and we apologize for not getting the balance right.”
My favorite is how elegant solutions often look simple in retrospect. So if you noodle on a problem for a while and then come up with a clever solution: once you explain it to someone they'll be like, "yeah, of course."
Meanwhile the guy next to you that overcomplicates the problem ends up getting kudos for building something so difficult :D
