Unsupervised Learning NO. 497

Hey, hope you’re starting off well this week!

New blog and video on why AI isn’t a bubble. It's been nagging me that I couldn't perfectly articulate this before now. And now I think I have the cleanest way to explain the difference between AI and the .com thing.

THE VIDEO
THE BLOG

—

TMI Radical Sharing Lab Results (which I intend to keep sharing for kinship):

What I’m doing to adjust:

LMK if you’re on a similar journey.

—

🤖 Kai Update! (he hates that emoji)

MASSIVE CONTEXT LOADING BREAKTHROUGH!

Just had the sickest idea about improving my dynamic context loading system for Kai (Claude Code). And it works!!!!

It works absolutely brilliantly. I just love Markdown and how extensible this whole system is because of how commands combine prompts with executable code.

So the result of this is now my AGENTS.md files in my various projects are mostly empty! The user prompt dynamically loads the context that I need at that moment, and not a moment before!

—

Speaking of Kai PAI, I’m open-sourcing the whole scaffolding system I’m using.

So not only will I be putting the overall structure I’m using in this repo, but as I release videos like my recent video on PAI, I’ll be including code and files here in this repo.

You can ⭐ it here to follow updates. THE PAI REPO

—

Just thought of a cool idea and implemented it as a command, and now it's my first commit to the repo.

UPDATE: I’ve added tons of stuff in there now! THE PAI REPO

capture-learning.md
capture-learning.ts

Any time we learn something cool or fix something, I have Kai invoke this command and he will log to the context directory so we have a running list of lessons learned. We could then go through them and update our documentation or code based on that!

—

Switched back to Chrome since Arc/Dia got bought by Jira basically. But I will be watching their progress very closely…

npm’s most-used UI packages got backdoored to hijack crypto
Aikido caught malicious updates to debug, chalk, and 16 other major npm packages that inject a browser interceptor to rewrite crypto addresses and swap approvals. Supply chain keeps hitting hard. AIKIDO INCIDENT POST | MAINTAINER BLUESKY CONFIRMATION | MAINTAINER BLUESKY PHISH SHARE | HACKER NEWS COMMENT THREAD

My buddy Clint Gibler and team found tons of vulns with a 10-line Claude Code Prompt
Semgrep found legit bugs in real web apps, but with a lot of false positives. I think the project is a total success because it's probably fairly easy to clean up those false positives. The fact that it was done with nothing but a 10-line prompt is crazy. Keep in mind: Actual confirmed vulnerabilities in real code on the internet. SEMGREP BLOG POST | TECH BEHIND ASSISTANT | PROMPTFOO EVALUATION POST | 96% TRIAGE AGREEMENT POST | CLAUDE SECURITY-REVIEW ANNOUNCEMENT | CLAUDE SECURITY-REVIEW PROMPT

Hiring fraud flips zero trust from network to identity
David van Heerden lays out how fake remote hires bypass email defenses entirely, pushing teams toward zero standing privileges over castle-and-moat lockdowns. They don't need to phish you if you just hire them and they go through onboarding. THE HACKER NEWS ARTICLE | CROWDSTRIKE 2025 THREAT HUNTING REPORT | ZERO STANDING PRIVILEGES EXPLAINER – BEYONDTRUST | DEEPFAKE THREATS OVERVIEW – BEYONDTRUST | BEYONDTRUST ENTITLE PRODUCT PAGE | FREE IDENTITY RED-TEAM ASSESSMENT

Chrome gets critical fixes for code execution, patch now
Center for Internet Security says multiple Chrome bugs can lead to code execution; update to 140.0.7339.80+ now—no active exploits reported yet. CIS ADVISORY | GOOGLE STABLE CHANNEL UPDATE | CVE-2025-9864 | CVE-2025-9865 | CVE-2025-9866 | CVE-2025-9867

Scattered Spider now targets browsers as enterprises move operations there
The Hacker News explains how Scattered Spider has evolved to focus on browser-based attacks, stealing credentials through JavaScript tricks and session tokens while bypassing MFA and traditional security tools. THE HACKER NEWS ARTICLE | SERAPHIC SECURITY DEMO

Attackers can serve poisoned websites only to AI agents, not humans
Shaked Zychlinski discovered attackers can fingerprint AI agents and serve them completely different malicious websites than what humans see. ZYCHLINSKI'S RESEARCH PAPER

US puts $10 million bounties on three Russian FSB hackers
The State Department is offering $10 million for info on three FSB officers who hacked over 500 energy companies across 135 countries. TOM'S HARDWARE ARTICLE | REWARDS FOR JUSTICE POST | DOJ INDICTMENT DETAILS | REWARDS FOR JUSTICE SITE

CISOs face growing pressure to hide breaches CSO ONLINE ARTICLE

CISA pushes universal software ingredient lists CYBERSCOOP ARTICLE

You can find bugs by reading code ALEX'S BLOG POST

Over 1,100 exposed Ollama servers found via Shodan CISCO SECURITY ARTICLE

U.S. launches a Department of War site U.S. DEPARTMENT OF WAR SITE

America steps back from the information fight
Anne Applebaum says the Trump team is gutting US overseas media and anti-propaganda programs, basically handing China and Russia full reign to control the narrative in places we used to have influence. THE ATLANTIC ARTICLE | VOA FIRINGS POLITICO REPORT | JUDGE LAMBERTH RFE/RL ORDER NYT | WASHINGTON POST ON VOA DIRECTOR RULING | WSJ ON CHINA FILLING VOA SLOTS | WASHINGTON POST ON VOA IRAN SCRAMBLE

F-35s head to Puerto Rico as U.S.-Venezuela standoff heats up
Howard Altman says the U.S. is sending 10 F-35s to Puerto Rico after Venezuelan F-16s buzzed a Navy destroyer and Trump greenlit a lethal strike on a cartel boat. This guy has a funny way of showing how isolationist he is. THE WAR ZONE STORY | REUTERS CONFIRMATION | VENEZUELAN F-16S NEAR DESTROYER | TRUMP VIDEO OF BOAT STRIKE | NYT LEGAL QUESTIONS | F-35 ELINT PRIMER

State Department tightens where you can apply for US visas
The State Department says nonimmigrant visa applicants now need to interview in their country of nationality or residence. STATE DEPARTMENT VISA POLICY UPDATE | GLOBAL VISA WAIT TIMES | U.S. EMBASSY AND CONSULATE SITES

Sudan closes oil facilities after drone strikes OODALOOP COVERAGE

DHS wants $100 million for counter-drone systems to protect America
The Department of Homeland Security plans to spend over $100 million on anti-drone technology between 2026 and 2030 to defend against hostile drones threatening critical infrastructure and public safety. DHS ACQUISITION NOTICE | REGISTER ARTICLE | PROJECT FLYTRAP | ANTI-DRONE RIFLE | TRUCK-MOUNTED LASER UNITS

China is using its private sector to advance military AI capabilities
Researchers at Shanghai Jiao Tong University developed AI for automated naval "kill webs" that adapt in real time during combat, and six days later China's military awarded them a defense contract. But I mean, in fairness, we're doing the same thing. OODALOOP ARTICLE

OpenAI launches an academy and jobs board to reskill displaced workers
The Register’s reporting that Fidji Simo is rolling out OpenAI Academy plus a jobs board—with Walmart as an anchor partner—to retrain folks AI displaces and place them with OpenAI customers. THE REGISTER ARTICLE | OPENAI BLOG—FIDJI SIMO | OPENAI ACADEMY | GEORGIA TECH COLLABORATION | WHITE HOUSE “NO WOKE AI” CONTEXT | THE HILL DINNER PIECE

Anthropic agrees to pay authors at least $1.5B in settlement
Wired’s Andy Greenberg says Anthropic will pay at least $1.5B to authors—roughly $3K per book—instead of risking a trial that some experts thought could land near a trillion. WIRED ARTICLE | EARLIER WIRED COVERAGE

Anthropic valued at $183B after $13B raise THE VERGE STORY

Anthropic blocks Chinese-owned firms from Claude TOM'S HARDWARE STORY

DeepMind's AI cuts gravitational wave detector noise 100x DEEPMIND BLOG POST

AI agents could reshape entire economies within the next decade
Economists examine how autonomous AI agents that plan and execute complex tasks without human oversight might transform markets, organizations, and institutional structures. ARXIV PAPER

AGENTS.md emerges as the universal standard for AI coding agent instructions
Developers appear to be consolidating around AGENTS.md as the single format for instructing AI coding agents, replacing the chaos of tool-specific files like CLAUDE.md and GEMINI.md. I’ve renamed all mine to AGENTS.md within Claude Code. SOCKET DEV ARTICLE | AGENTS.MD PROJECT | GITHUB COPILOT ANNOUNCEMENT | GITHUB SEARCH RESULTS

High school senior says AI is destroying real learning for his generation
A New York high school senior describes how classmates constantly use ChatGPT for everything from literature annotations to math homework, turning education into copy-paste exercises instead of actual thinking. THE ATLANTIC ARTICLE

AI is destroying education for high schoolers THE ATLANTIC ARTICLE

Evidence shows AI is already replacing entry-level workers
Derek Thompson analyzes new data showing AI is hitting young workers hardest—companies are cutting junior roles while keeping senior staff who manage the AI systems. DEREK'S AI JOBS ANALYSIS | HACKER NEWS DISCUSSION

Google gets to keep Chrome but must end exclusive deals and share search data CNBC BREAKING NEWS | ORIGINAL DOJ CASE | AUGUST 2024 RULING | GOOGLE APPEAL ANNOUNCEMENT

OpenAI moves to make its own AI chips with Broadcom
OODAloop says OpenAI’s building its own chips with Broadcom next year to cut Nvidia dependence and feed model hunger. OODA LOOP STORY | OODA LOOP HOMEPAGE

UC Santa Cruz engineers show WiFi signals can measure heart rate
UC Santa Cruz researchers demonstrated that household WiFi devices can accurately measure heart rate without any wearables, using $5-10 ESP32 chips and machine learning to detect tiny signal variations from heartbeats up to 10 feet away. UC SANTA CRUZ ARTICLE | IEEE STUDY

SpaceX can now launch 120 times a year from Florida TECHCRUNCH ARTICLE

Jobs growth stalls as unemployment hits a four-year high
CNN’s August jobs piece says we added just 22,000 jobs and unemployment’s now the highest in four years, with revisions and weak openings signaling a slowdown. CNN JOBS REPORT | JULY JOBS REPORT CONTEXT | JOLTS: FEWER OPENINGS THAN SEEKERS | BLS SUSPENSION CONTROVERSY | TRUMP FIRES BLS COMMISSIONER | ANTONI POLITICIZATION CONCERNS

Clopidogrel may outperform aspirin for heart attack prevention WIRED STORY

Private equity rentals make suburbs more diverse but apply pressure to buyers
Alex Mayyasi shows the weird trade-off: corporate landlords raise prices for would-be buyers, but their single-family rentals open up better neighborhoods to lower-income, younger, and nonwhite families. NPR PLANET MONEY STORY | CHANG PAPER ON DIVERSIFYING SUBURBS | FED PHILLY INSTITUTIONAL INVESTOR STUDY | NORTH CAROLINA SCHOOL ACCESS STUDY | REDFIN INVESTOR PURCHASE DATA | BLOOMBERG MAGNETAR TAX CASE

More people are opting out of news to protect their mood
The Guardian’s reporting shows a big jump in “news avoidance,” with the Reuters Institute finding 40% now often skip news—mostly to avoid anxiety and nonstop negativity. Indeed. GUARDIAN INTERACTIVE STORY | REUTERS INSTITUTE REPORT SUMMARY | MDPI STUDY ON NEWS EXPOSURE | NATURE PAPER ON DISTRESSING EVENTS | PNAS PAPER ON GRAPHIC IMAGERY | APA STRESS IN AMERICA

Mathematicians just broke an 87-year-old knot theory conjecture SCIENTIFIC AMERICAN ARTICLE

Attention loops quietly rewrite your model of reality
Henrik Karlsson says whatever you stare at long enough starts echoing back and reshaping you—so pick loops that compound insight, not your neuroses. HENRIK KARLSSON ARTICLE | HACKER NEWS DISCUSSION

Phones on the toilet raise hemorrhoid risk NBC NEWS COVERAGE

Rick Rubin’s The Way of Code
Didn’t know he was a coder. Site design is epic though. Checking it out. 👀 THE WAY OF CODE

Muscle-mem turns repeated agent tasks into deterministic replays
Erik (pig-dot-dev) built a Python “behavior cache” that records agent tool-call sequences and safely replays them, skipping the LLM for repeats and falling back when checks fail. Basically, it looks at all the different steps that your tool takes to accomplish something and remembers that. Really cool, I'm gonna mess with this. MUSCLE-MEM GITHUB | MUSCLE MEM DISCORD

Being good isn’t enough to win anymore
Josh Swords argues that craft alone doesn’t carry you—you need distribution, timing, and taste, or your “good” never gets found. This is why I'm arguing that everyone needs to become a creator. It's not that they need to become what a creator is today. Creator-ing just needs to be the new way of living. Thinking, building, sharing. I'm arguing that these are core human things, not creator things. BEARBLOG ARTICLE | HACKER NEWS DISCUSSION

Blogs used to be weird and personal JETGIRL ARTICLE

Cutting e2e test time 84% with Claude Code SDK
Jampa Uchoa shows how the Claude Code SDK cuts flaky end-to-end test time by 84% with a smart hybrid approach. SUBSTACK POST

Make your own handwriting font easily MAKING A FONT OF MY HANDWRITING ARTICLE

Claude fakes tool use unless you enforce strict toolcalling. I've seen this. That's why I'm very explicit with all my agents and context loading. REDDIT POST

AI enables live phone calls across language barriers BBC TECH LIFE EPISODE

Tech interviews reward complexity over practical engineering DIALLO'S BLOG POST

Chibi analyzes why users churn CHIBI HOMEPAGE

Random walks almost never return home in 3+ dimensions NOLTE'S ANALYSIS

I'm going to reuse one that I typically have to ask myself, and I think is a really good question to be asking ourselves at this moment of extraordinary change.

What would you do if you were not afraid?

Normally, I would follow that up with "You shouldn't be afraid, because everything is ok.” But everything isn't okay.

But it could be that right now is the exact best time for reinvention.

So the question still stands.