Unsupervised Learning NO. 506

Hey! Hope you all are doing well!

How I monitor my AI agents using KAI. A quick little clip demonstrating my agent monitoring system. And the monitoring system is already inside of PAI as well! THE PAI REPO | THE DEMO VIDEO

—

Had an absolutely wonderful time doing the keynote for OWASP AppSec Global USA. Really appreciated the kind introduction from Sam, and the whole conference was brilliant. Got to see a lot of my friends from the community as well! Thanks to Jason for grabbing this photo! Video here when they send it to me.

Here are the slides. GET SLIDES 👇🏼

Cisco contact center flaws are being actively exploited for RCE as root Two critical vulnerabilities in Cisco Unified Contact Center Express allow unauthenticated remote attackers to execute arbitrary commands with root permissions, and exploits are already in the wild. CISCO SECURITY ADVISORY | CVE-2025-20354 DETAILS | CVE-2025-20358 DETAILS | CISCO BUG CSCwq36528 | CISCO BUG CSCwq36573 | CIS SECURITY ADVISORY

Stolen iPhones stay locked until thieves phish your Apple ID instead of hacking Scammers scrape contact info from your Find My lock screen message, then send fake "we found your phone" texts linking to phishing sites that steal your credentials. MALWAREBYTES ARTICLE | SWISS NCSC WARNING | KREBS ON IPHISHING | VICE ON UNLOCK TOOLKITS

Valentino chains four layers of Markdown parsing to leak Workspace data from Gemini Valentino Massaro found that Gemini's linkification adds ! prefixes in an intermediate layer, bypassing sanitization—then exploited Colab export discrepancies to exfiltrate emails and files. Super sick multi-step attack! VALENTINO'S ISSUE TRACKER | HACKING GEMINI PDF | GOOGLE BUGSWAT TOKYO

Nikkei got breached through malware-infected employee laptop exposing 17,000 Slack users Hackers infected an employee's computer with malware, stole credentials, and accessed internal Slack—exposing names, emails, and chat histories of employees and partners. NIKKEI ANNOUNCEMENT | THE RECORD ARTICLE

Claude's API can be tricked into stealing user data through prompt injection Attackers can use indirect prompts to make Claude harvest user data and send it to their own account. SECURITYWEEK ARTICLE

Amazon launches bug bounty for NOVA AI models AMAZON ANNOUNCEMENT

AVIATOR uses AI agents to inject realistic vulnerabilities into code for better security datasets Researchers built an agentic system that orchestrates specialized AI agents to automatically inject real-world vulnerabilities into software, hitting 91-95% success rates way better than existing approaches. AVIATOR PAPER

Chinese APT uses DLL sideloading to spy on US nonprofit for weeks A China-linked group hit a US policy nonprofit in April 2025, using a legit antivirus binary to load malware and steal Active Directory credentials undetected. BROADCOM THREAT REPORT | SECURITY ONLINE ARTICLE

Laid-off Intel engineer vanishes after stealing 18,000 secret files TOM'S HARDWARE ARTICLE

Claude cuts SOC investigations from five hours to seven minutes with 95% accuracy eSentire integrated Anthropic's Claude into their XDR platform and got a 43x speed boost while matching senior analyst decision-making—basically replicating how elite analysts think but at machine speed. ESENTIRE | ANTHROPIC'S CLAUDE | ATLAS XDR PLATFORM | AMAZON BEDROCK | LANGGRAPH | VENTUREBEAT ARTICLE

Poland launches mass military training for all citizens amid Russia threat Poland's starting an "Always Prepared" program to train 400,000 people next year in survival, first aid, and basic combat—they're spending 4.8% of GDP on defense now. DW ARTICLE

US Army to buy 1 million drones, in major ramp-up I am really happy to hear this, personally. I obviously don't like a whole world of drones and surveillance and war. But what I like even less than that is our adversaries having that while we do not. It’s all very Moloch. REUTERS ARTICLE | THE MOLOCH ARTICLE

RELATED: The Department of War just killed McNamara's 1962 acquisition system and went full Lean Steve Blank writes that the DoW dumped the 60-year-old Planning, Programming, and Budgeting System to prioritize speed over cost optimization, buying commercial-off-the-shelf first and using startup methodology. I really hope this is true. STEVE BLANK ARTICLE | DOW ANNOUNCEMENT VIDEO | HACKING FOR DEFENSE | GORDIAN KNOT CENTER

The military is testing drone swarms that coordinate like schools of fish The Pentagon's working on autonomous robot swarms that make decisions together without human control. Daniel Suarez Kill Decision must be mentioned. WSJ ARTICLE

Canada to add 300k public servants to military reserves OTTAWA CITIZEN ARTICLE

China just commissioned its most advanced carrier with catapults like US supercarriers The Fujian entered service this week with electromagnetic launch systems, putting China closer to matching American naval power in the Pacific. OODALOOP ARTICLE

Big Tech doubles undersea cable spend to $13 billion for AI TOM'S HARDWARE ARTICLE

Pentagon shifts from oversight to speed as core acquisition strategy Secretary Hegseth announced major acquisition reform putting rapid tech procurement at the center of Pentagon operations and strategic policy. PENTAGON ACCELERATION DOCTRINE

Chinese infosec firm Knownsec leaked 12,000 classified docs including state cyber weapons and global target lists A data breach at Beijing-linked security company Knownsec exposed Remote Access Trojans for all major platforms, 80 successful overseas attacks, and stolen data from India, South Korea, and Taiwan. MXRN BLOG POST | THE REGISTER ARTICLE

Moonshot's free Kimi K2 model claims to beat GPT-5 and Sonnet 4.5 A Chinese AI lab just released an open-source reasoning model that supposedly outperforms OpenAI and Anthropic's flagship models—and it cost under $5 million to train.

This open source battle between China and the U.S.’s foundation models is becoming quite serious. Their models are getting closer and closer to pinnacle US models while spending far less. I don't see how this doesn't possibly invert in 2026 or 2027. Or perhaps it just gets extremely close so that it's essentially parity. ZDNET ARTICLE | KIMI K2 THINKING RELEASE | HUGGING FACE MODEL

Microsoft's building AI employees Microsoft's creating "agentic users" that'll have email addresses, show up in org charts, and attend meetings—they're basically synthetic employees you'll license separately.

MICROSOFT ROADMAP | RICH GIBBONS ANALYSIS | JOÃO FERREIRA POST

Lovable hits 8 million users building 100k products daily with AI coding 100,000 products daily!?! LOVABLE PLATFORM | JULY UNICORN ANNOUNCEMENT | BARCLAYS TRAFFIC RESEARCH | ANTON OSIKA TWITTER

Anthropic projects $70 billion in revenue by 2028 THE INFORMATION ARTICLE

Markets say AI is a bubble but companies are actually seeing real ROI Despite all the bubble talk, companies deploying AI are reporting actual revenue growth and productivity gains that show the trillions invested might actually pay off. It's not one or the other, it's both, and it will continue to be so. FROM AI TO ROI ARTICLE

McKinsey finds AI is killing some jobs but creating tons of demand for data roles A McKinsey survey shows customer service and HR jobs declining while data scientists, engineers, and ML roles are seeing massive hiring increases. I guess this makes sense because there's just going to be more stuff, more business, and more activity, therefore more need to understand what's going on. MCKINSEY AI REPORT | ZDNET ARTICLE

Surgeons in Dundee and Florida just did the first remote robot stroke surgery on humans A doc in Scotland and another in Florida each removed blood clots from cadavers using a robot—one from across town, one from 4,000 miles away. BBC NEWS ARTICLE

The boss has a message: use AI or you're fired Companies are now putting AI adoption into performance reviews, so if you're not using it at work you might actually get punished for it. It sounds worse than it is. The easiest way to see that is to ask yourself what would happen if you if you refused to use a computer or a database at work. That's all AI is, is the next version of a computer in terms of productivity. WSJ ARTICLE | HN DISCUSSION

October 2025 saw 153,000 layoffs, the worst in 22 years Morning Brew reports that's triple September's cuts, with warehouses dropping 48,000 jobs and tech shedding 33,000.

NY smartphone ban makes school lunch loud again as kids actually talk A Queens high school went from super silent lunchtimes to noisy chaos after banning phones, with kids playing board games and passing notes like it's 1995.

We need more of this. It's so funny to me that we need to find all the things we did in the 80s and figure out how to do them more. Well, not all of the things, but a lot of them. GOTHAMIST ARTICLE

Climate catastrophism collapsed when the data stopped matching the rhetoric Breakthrough Journal argues the gap between apocalyptic predictions and actual climate trends made catastrophism untenable as a serious position. I'm 70% of the way here with you, but glacier loss in Switzerland and Iceland don't seem like exaggeration. I almost feel like this is just a matter of framing, with certain ideas becoming more or less popular. But I don't really have a strong opinion on it because I don't feel close to the data. BREAKTHROUGH JOURNAL ARTICLE | HN DISCUSSION

Brazil's Tropical Forests Forever Facility pays countries to keep forests standing DW ARTICLE

Eleven US states now have more old people than kids The gap between 65+ adults and under-18 children shrunk from 20 million to 12 million in just four years as births decline and boomers get older. CENSUS BUREAU PRESS RELEASE | VINTAGE 2024 POPULATION ESTIMATES

Mark Zuckerberg's charity is going all-in on AI for disease research THE INFORMATION ARTICLE

China shut down an indie film festival in New York by harassing filmmakers' families back home Chinese authorities called relatives of directors participating in the IndieChina Film Festival, forcing two-thirds to withdraw and organizer Zhu Riku to suspend the event. This is why it's a problem for China to win. Although this is a harder sentence to write, given what's happening currently in the U.S. HRW REPORT | YALKUN ULUYOL | ZHU'S STATEMENT | CHIANG SEETA POST

Small indie studio gets 400 applications but finds hiring developers surprisingly broken A small game studio posted one dev job and got 400 applications, but most were either AI-generated garbage or wildly unqualified people applying to literally everything. BALLARD GAMES HIRING ARTICLE | HN DISCUSSION

Europe converged rapidly on the United States before stagnating Europe almost caught up to US living standards by 1980 then just stopped, and nobody's really sure why that happened. CONSTITUTION OF INNOVATION | HN DISCUSSION

I think we might be underselling AI's potential for human modification.
I'm working on a larger piece about this where I list all the different things we could potentially have happen in the next 10 to 15 years around aging, which cancer is a part of by the way, and intelligence improvement (maybe long-term vs. short-term thinking), depression, being able to control our habits better, and all sorts of things that might actually upgrade humanity through medicine. With all the noise going on around AI and everything around it, I don't think enough people are focusing on how extraordinary the changes could be. If something like an AGI or an ASI can simply connect a bunch of research dots and find a bunch of cures and/or enhancement-type drugs.

Creative work effort scales superlinearly because high-quality peaks have tiny acceptance volumes Markus Strasser argues making stuff good is fractal search—once you zoom in, the parameter space that doesn't make it worse collapses hard. CREATIVE WORK LANDSCAPES | MARKUS ON TWITTER

Nietzsche's philosophy is the perfect antidote to AI determinism A CACM piece argues his ideas about individual will and self-creation matter more now that algorithms threaten to define us. I've been on about this for a very long time. I truly believe that knowing oneself is going to be one of the major differentiators going forward. That combined with interaction with reality and understanding of the fundamentals of reality. Because without these you can't actually become yourself. You can't actually see a difference between the world that is and the world that you wish existed. CACM ARTICLE | HN DISCUSSION

AI isn't replacing jobs, AI spending is I think both are happening, but it's an interesting frame. FAST COMPANY ARTICLE

The real AI bubble is a supply chain timing problem I find this one pretty fascinating. Basically, there's no way for the investments to pay off in time because it will take too long for the infrastructure to be built. Really interesting take. TECHCRUNCH ARTICLE

Gerbil unifies local LLM backends and frontends into one app GERBIL GITHUB

HTML slides with notes in just 22 lines of JavaScript Someone built a full presentation system with speaker notes syncing across windows using native browser APIs like BroadcastChannel and scrollIntoView. HTML SLIDES PRESENTATION | MINSLIDES BY DAVE GAUR

I can build enterprise software but I can't charge for it ECHEN'S ESSAY

Google's AI floods FFmpeg volunteers with bugs they expect fixed for free FFMPEG WEBSITE

These AI Chiropractor Videos Make AI Worth It VIDEO

Calendar.txt beats fancy calendar apps by just being a text file In an essay by Ploum, he shows how a simple text file with dates is faster, more trustworthy, and way less frustrating than modern calendar interfaces. PLOUM ESSAY | PLOUM WIKIPEDIA

Just start typing and fix it later CHAD NAUSEAM WRITING ADVICE

What Creates Your Thoughts? VIDEO

Threat hunting finds hidden attackers while threat intelligence tells you what to look for Pretty clean explanation of the differences. RECORDED FUTURE ARTICLE

A 52 year old tape might contain the only complete copy of Unix V4 University of Utah found a 1973 nine-track tape reel in storage that could be the sole surviving complete copy of Unix Fourth Edition, the version where the kernel was first rewritten in C. All the good stuff happened in 1973. PROFESSOR RICCI MASTODON POST | RICCI'S SITE | UNIX V4 WIKI | AL KOSSOW RECOVERY PLAN | READTAPE GITHUB | COMPUTER HISTORY MUSEUM

Lobsters asks what podcasts people are into right now. LOBSTERS DISCUSSION

AI tool rewrites your lazy Git commit history GIT-REWRITE-COMMITS REPO

The Pied Piper legend might record a real dancing plague BBC TRAVEL ARTICLE

Pulling up an old recommendation in the form of a blog post that I think applies now more than ever.