Tag

Security

37 notes collected under this theme.

Archive

Notes in this tag

All tags

The Memory Heist

Logged at IST: 2026-07-15 13:30 IST What it is: Ayush Paul’s writeup on prompt-injecting Claude’s memory and browsing system into exfiltrating personal data Gist: The attack chain was not about breaking the memory store directly, but about combining long-lived…

iximiuz on Januscape and the limits of microVM safety claims

Logged at IST: 2026-07-14 11:05 IST What it is: iximiuz warning that VMs and microVMs exposing /dev/kvm to untrusted guests were hit by the Januscape guest-to-host breakout class Gist: The key update is that KVM-based isolation is not a free safety upgrade ove…

Gergely Orosz on trust burn from Grok CLI privacy concerns

Logged at IST: 2026-07-14 08:14 IST What it is: Gergely Orosz calling out reports that Grok CLI uploaded codebases without users knowingly consenting, quoting SpaceXAI’s privacy response Gist: The important issue here is not just data retention policy wording …

10 Lessons for Agentic Coding

What it is: Drew Breunig revisiting his "10 Lessons for Agentic Coding" list and asking for additions Gist: the piece frames coding agents as making code cheap but not making judgment cheap; strongest lessons are to implement/rebuild to learn, invest in end-to…

agentic-inbox

What it is: hands-on writeup of deploying Cloudflare’s official agentic-inbox to run a custom-domain email client on Cloudflare Workers Gist: the stack uses Email Routing for inbound mail, Email Service for sending, Durable Objects + SQLite for mailboxes, R2 f…

Chris Short’s DevOps’ish 316 roundup

What it is: Chris Short’s DevOps’ish 316 roundup Gist: strongest signals are ClickHouse gaining observability mindshare, Vint Cerf warning that agents will need more formal coordination than plain English, Podman 6.0 breaking old assumptions, and agent-secret …

Putting an Agent in an Orb

What it is: X post praising Thorsten Ball’s Amp note “Putting an Agent in an Orb.” Newsletter angle: the useful shift is from “smart model” to “legible environment”, paved paths, observability, and anti-guessing ergonomics matter as much as model quality. Retr…

Robot Privilege and the Jetson Delusion

Gist: the argument is that domestic robots will create an extraordinarily intimate surveillance layer inside the home, while the underlying article argues humanoid home robots are the wrong form factor, dexterity, cost, weight, and safety push the practical fu…

Claude Code Is Steganographically Marking Requests

Gist: claim is that Claude Code inserts hidden/system-prompt markers tied to API base URL and timezone; privacy/trust implications if true. Newsletter angle: “invisible metadata in coding-agent requests” as a prompt-layer trust/safety story. Retrieval note: X …

Coming Loop

What it is: Armin Ronacher post linking to “The Coming Loop” Gist: argues the important new layer in coding agents is the harness-level loop outside the agent itself; loops already work well for bounded, verifiable work like ports, benchmarking, scanning, and …

Why AI Agents Fail in Production

What it is: Bilgin Ibryam pointing to Jani Janakiram’s Diagrid essay “Why AI Agents Fail in Production.” Gist: the core claim is that agent projects fail less because models are weak and more because teams ship behavior without the production substrate underne…

Guillaume Laforge post + MCP release-candidate blog link

What it is: Guillaume Laforge post + MCP release-candidate blog link Gist: MCP 2026-07-28 RC is out; biggest revision so far with stateless HTTP-native core, first-class extensions (Apps, Tasks), stronger auth alignment, and a formal deprecation policy. Final …

Project Glasswing: what Mythos showed us

What it is: Cloudflare on testing Anthropic Mythos against 50+ internal repos; links to "Project Glasswing: what Mythos showed us". Gist: key claim is that stronger offensive-security models change vuln research from bug spotting to exploit-chain construction …

Auth for MCP

Imported from historical reading log. Extracted main post via api.fxtwitter.com fallback and checked the linked Auth0 GA announcement. Auth0 is pitching Auth for MCP as the missing identity/authorization layer for production MCP servers: not just connecting a…

Claude Mythos Preview

Imported from historical reading log. Extracted Alex Albert's post via api.fxtwitter.com fallback and read the attached chart. Claim: with help from Claude Mythos Preview, the Firefox team fixed more security bugs in April 2026 than in the previous 15 months …

Colossus 1

Imported from historical reading log. Extracted Simon Willison's post via api.fxtwitter.com fallback and checked the linked note Notes on the xAI/Anthropic data center deal. Simon's main clarification is that Anthropic is getting Colossus 1, while xAI keeps u…

Hunk

Imported from historical reading log. Extracted main post via api.fxtwitter.com fallback and checked the linked GitHub repo. Mitchell Hashimoto strongly recommends Hunk, saying it has fully replaced other local diff viewers for him. Hunk is positioned as a re…

is moving its GitHub repo into the

Imported from historical reading log. Extracted main post via api.fxtwitter.com fallback. Mario Zechner says pi is moving its GitHub repo into the earendil-works org and will start publishing packages under the @earendil-works npm namespace instead of @marioz…

ChatGPT Futures

Imported from historical reading log. Readable page copy was sparse, but enough to identify the core program: ChatGPT Futures is an OpenAI initiative highlighting 26 young people/teams from the Class of 2026 using AI to build, research, create, and expand wha…

de

Imported from historical reading log. Extracted main post via api.fxtwitter.com fallback; inspected attached screenshot separately. Thomas Ptacek argues the .de incident is decisive evidence against DNSSEC as core Internet security functionality. Attached scr…

HTML5+CSS face lift for the generated pages

Imported from historical reading log. GitHub PR title: HTML5+CSS face lift for the generated pages by knadh on mitmproxy/pdoc; merged Nov 20, 2014. Logged as a folklore/historical reference rather than a current article; likely relevant as an old design/imple…

nless

Imported from historical reading log. Extracted main post via api.fxtwitter.com fallback and checked project site for more detail. Terminal Trove highlights nless (nothing-less) by Matt Pryor: a Textual-based TUI for exploring logs/CSV/JSON as terminal tables…

transfer station

Imported from historical reading log. Extracted main post via api.fxtwitter.com fallback and read linked ChinaTalk piece How to Buy Cheap Claude Tokens in China. Kyle Chan highlights Zilan Qian’s write-up on the transfer station economy around blocked frontie…

de

Imported from historical reading log. Extracted via api.fxtwitter.com fallback. Armin Ronacher reacting to .de outage: How the hell do you take all of .de offline?, useful signal that ccTLD operational failures were visible well beyond India. Pranesh Prakash:…