Unsupervised Learning NO. 509

Hey, hope you're doing well…

This is possibly the most creative and funniest thing I've seen in a couple of years. OXFORD COMMA

—

I did a webinar with my buddy Clint Gibler of TLDRsec and Semgrep! We talked about PAI, my open-source AI ecosystem for work and life. Had a few hundred people show up live and it was super fun. You can now watch the video and get the slides here at the Semgrep site. GO CHECK IT OUT!

—

I've been working on this essay for like four weeks off and on, making it shorter rather than longer. I'm pretty happy with the result. 3 minute read. It’s jarring. I sent it out as a stand-alone episode, so maybe you've already seen it. THE BUBBLE IS LABOR

—

Two more blogs: one AI/Society, one technical:

This first one is responding to Cory Doctorow's latest talk/book. THOUGHTS ON CORY DOCTOROW’S REVERSE CENTAUR’S AI TALK

This one is pretty cool, but it's largely me being excited about some tech that I built that turned out to be exactly what the Claude Code team was releasing a week later, so feel free to skip. I BUILT TWO CLAUDE CODE FEATURES BEFORE ANTHROPIC RELEASED THEM

—

I just massively upgraded Kai with some insane updates that will soon be in PAI.

—

Remember the analytics thing I told you about? Well, I've been working on it, and it's way better now. I was looking at it mid-day Tuesday and said to myself, "You know, I should turn this into a product." And then I was like, "Well, didn't you just create all this new AI and agent stuff that's supposedly tuned for this?" So I did. BEACONANALYTICS About 3 hours of work total, and most of that fighting with Stripe! Oh and if any UL members are interested, I created a 60% off code and put it in UL Chat. :)

—

Ok this one is a devastating clip from Hugh Grant on kids and screens.

They can’t get interested in anything that’s not a screen. Feels like a mass crime being committed. GRANT’S VIDEO

—

Working on a big cybersecurity post called, “Cybersecurity Needs a Completely New Type of Product.” Can't wait to put this one out. Been thinking a massive amount about cybersecurity lately. 👀

React 19 vulnerability React2Shell lets attackers execute code remotely on applications using React 19's newer server-side features and common frameworks, with many cloud environments already exposed. 10 / 10. SECURITYWEEK REACT2SHELL ARTICLE | MARQUIS RANSOMWARE BREACH | FREEDOM MOBILE DATA BREACH | COTOOL AI EVALUATION | LAZARUS GROUP INVESTIGATION | ANTHROPIC SMART CONTRACT EXPLOITS

Indirect prompt injection lets attackers hide malicious instructions in documents and emails CrowdStrike warns that AI tools now roam the web like old computers with no malware protection, ingesting files that could contain hidden adversarial prompts targeting AI systems. CROWDSTRIKE BLOG POST | OWASP LLM TOP 10

Google researchers create CaMeL, a capability-based system that stops LLM prompt injections by separating control flow from data flow A team from Google and ETH Zurich built CaMeL, which uses dual LLMs—a privileged one for planning and a quarantined one for parsing untrusted data—plus fine-grained security policies inspired by software security to prevent prompt injection attacks while solving 77% of AgentDojo tasks. CAMEL GITHUB REPO | ARXIV PAPER

Offensive security is becoming essential as AI makes attacks more sophisticated Basically, continuous assessment has gone from a nice-to-have to must. CSOONLINE ARTICLE

MCP's sampling feature lets malicious servers hijack AI responses completely A Palo Alto Unit 42 report shows MCP servers can use sampling to force the LLM to output whatever they want, bypassing all safety controls. PALO ALTO UNIT 42 REPORT | REDDIT DISCUSSION

Israeli cybersecurity funding reached a record $4.4 billion. SECURITYWEEK ARTICLE

AI makes persuasion so cheap that elites might just manufacture whatever public opinion they want A paper from arXiv argues when AI drops persuasion costs near zero, powerful actors could essentially custom-build mass preferences instead of responding to them. ARXIV PAPER

AI agents autonomously hacked blockchain contracts for $4.6 million. ANTHROPIC RESEARCH REPORT

CAI is an open-source agentic framework for AI-powered offensive and defensive cybersecurity CAI GITHUB REPO

Drone incidents near German airports jumped 40% this year to 208 Germany's air traffic authority says unauthorized drone flights are creating serious aviation hazards, with Frankfurt hit hardest at 45 sightings through November. GERMANY DRONES AVIATION DANGER

Finland buys hundreds of drone jammers as NATO's east preps for drone warfare Finland's military grabbed hundreds of drone detectors and jammers after watching drones dominate Ukraine, and NATO's eastern countries are all scrambling to do the same. OODALOOP ARTICLE

China locked fire-control radar on Japanese fighters near Okinawa DW ARTICLE

The Pentagon just launched GenAI.mil using Google Gemini for military operations Secretary of War Pete Hegseth says the platform gives U.S. military personnel direct AI access to revolutionize how they win wars. OODALOOP ARTICLE

Russia's disinformation campaign in Armenia gains momentum DW ARTICLE

Karpathy uses GPT to grade decade-old Hacker News predictions with hindsight Andrej Karpathy scraped 930 HN discussions from December 2015 and had GPT-5.1 judge who predicted the future correctly—cost $58 and created a hall of fame. KARPATHY'S BLOG POST | HN TIME CAPSULE SITE | GITHUB REPOSITORY | HALL OF FAME

Anthropic solves long-running agents by splitting them into initializer and coding roles Anthropic figured out how to make agents work across multiple context windows by using an initializer agent to set up the environment and a coding agent that makes incremental progress while leaving clean artifacts for the next session. ANTHROPIC ENGINEERING POST | AUTONOMOUS CODING QUICKSTART | CLAUDE 4 PROMPTING GUIDE

MIT's Iceberg Index simulates the entire U.S. workforce to predict AI replacement MIT and Oak Ridge built a digital twin of all 151 million U.S. workers and found 11.7% could already be replaced by AI, worth $1.2 trillion in salaries. MIT CNBC REPORT | TOM'S HARDWARE ARTICLE

AI tools don't fix bad processes, they just make you fail faster The article argues that throwing AI at broken workflows is like automating chaos—you need to fix the underlying process first or you're just scaling dysfunction. This is what I see over and over in my consulting. It's always fundamentals. You can have ChatGPT 37, and it's not going to help you if you don't know what you're doing, where you're going, and why. IT'S ALWAYS THE PROCESS ARTICLE | HN DISCUSSION

SAP consultants rated AI work at 95% accuracy until they knew it was AI Four consultant teams rated AI-generated analysis at 95% accuracy when told it was done by interns, but a fifth team rejected the same work when told it was AI. Most people have no idea how bad humans are at many things. If they were told an alien did that level of work or that quality of work, they would reject it outright. Same with AI. THE AI THAT SCORED 95%

Claude Code is now in Slack Anthropic's launching Claude Code in Slack so devs can delegate full coding tasks from chat threads, not just get snippets. CLAUDE CODE IN SLACK | ANTHROPIC'S SLACK INTEGRATION | SLACK AS AGENTIC HUB

LLM anti-patterns you should probably stop doing right now The folks at Instavm nail the common mistakes—like over-prompting when you need fine-tuning, or treating LLMs like deterministic functions when they're probabilistic beasts. LLM ANTI-PATTERNS ARTICLE | HN DISCUSSION

AI will make formal verification cheap enough to actually use everywhere Martin Kleppmann thinks LLMs writing proof scripts changes the economics—formal verification was 23 lines of proof per line of code, but AI can automate that grunt work while proof checkers catch hallucinations. MARTIN KLEPPMANN'S BLOG | MARTIN ON BLUESKY | SEL4 MICROKERNEL | COMPCERT C COMPILER

Netflix buys Warner Bros and HBO for $83 billion in Hollywood mega-deal MARKETING BREW STORY

Anthropic acquires Bun after Claude Code hits $1B milestone ANTHROPIC ANNOUNCEMENT

Apple overtakes Samsung in smartphone shipments after 14 years SHERWOOD NEWS ARTICLE

Good engineers write bad code at big companies because the incentives are broken Sean Goedecke argues that smart people produce terrible code at large companies not from incompetence but because promotions reward launches over maintenance. SEAN GOEDECKE ARTICLE | HN DISCUSSION

AV1 now powers 30% of Netflix streaming Netflix switched to AV1 codec for nearly a third of their streams, cutting bandwidth while keeping quality intact. NETFLIX TECH BLOG | HN DISCUSSION

Engineer replaces $15 workout app by vibecodding one in an afternoon This type of thing is getting super common in lots of different communities that I'm part of. basically, if you don't like the software that you use, just make a better version yourself. this is exactly what I did with my real-time analytics system. STRENGTHQUEST APP

Blogging in 2025 feels like screaming into the void Mike says modern blogging has lost its discoverability and community, replaced by algorithmic feeds that bury independent voices. I think AI will improve discoverability, but I worry about attribution. I feel like the ideas might get to the person, to the audience. But I wonder how much they'll be associated with the person who came up with it. MIKE'S ARTICLE | HN DISCUSSION

High-income job losses are cooling housing demand Layoffs hitting six-figure earners are finally putting a dent in housing markets, which makes sense since they're the ones who could actually afford houses. HACKER NEWS DISCUSSION

Massive lithium deposit found in U.S. supervolcano crater — site could supply batteries for decades TOM'S HARDWARE ARTICLE

Autism should be treated as multiple distinct conditions, not one The Economist reports that researchers increasingly see autism as several different biological conditions that just happen to share similar behavioral symptoms, which could transform treatment approaches. THE ECONOMIST ARTICLE | HN DISCUSSION

GPs say mental health is being over-diagnosed because normal life stress isn't an illness A BBC survey of 752 GPs found most think society over-medicalizes everyday challenges, but they're also worried there's not enough real help for people who actually need it. BBC ARTICLE

Australia starts enforcing its world-first social media ban for teens The new law blocks under-16s from platforms like Instagram and TikTok, with companies facing fines up to $32 million for non-compliance. REUTERS ARTICLE | HN DISCUSSION

Rahm Emanuel wants the US to ban social media for kids POLITICO ARTICLE

Everyone in Seattle hates AI Jon Ready noticed that mentioning you work in AI at Seattle parties kills conversations instantly—people think you're destroying the world or just another grifter.

I find this really interesting. I saw a similar story a while back talking about how the statics games are completely different between L.A., the Bay Area, and Seattle.

In LA, it's about how popular you are, how many followers you have, basically like your audience, how good you look, etc.

In the Bay Area, it's largely around:

And in Seattle, the vibe is more like, "What level of corporate employee are you? Are you like an L3, an L7, an L9?" So it's like within Amazon and Microsoft, how prestigious of a position do you have inside of these large corporations.

I guess all three make sense from a geography perspective—what companies are there, or what industries. But it's still just very strange to me how a culture could be so different based on those things and how large populations in the cities could just have their values oriented so differently. All in the same country, on the same coast.

JON READY'S BLOG | HACKER NEWS DISCUSSION

—

I 100% believe in this for products but also for companies overall. And countries. This is what real leadership is.

A 75-year-old is photographing every hummingbird species on Earth AUDUBON ARTICLE

Stop talking and let others finish their thoughts before responding Gurkan says most people don't actually listen—they just wait to talk, and the fix is forcing yourself to pause after someone finishes speaking. GURKAN'S ARTICLE | HN DISCUSSION

Map of all the buildings in the world GLOBALBUILDSINGATLAS MAP

AI might fix the randomness problem in everyday decisions EVERYDAY DECISIONS ARTICLE

Vanity activities feel more useful than they actually are VANITY ACTIVITIES ESSAY

England's aerial photo archive is now free to explore online HISTORIC ENGLAND AERIAL PHOTOS

Tides are weirder than you think TIDES ARE WEIRDER ARTICLE

Every mathematician has only a few tricks they use over and over MATHOVERFLOW THREAD

One of the most common questions I get is around what their kids should study or what young people should study in general.

I've got lots to say here deeper curriculum-wise and deeper skills and wisdom-wise, but here I'll give three very tactical answers:

Basically, we're going to have energy problems almost no matter what. We're heading towards an extraordinary existential crisis from AI, the future of work, and likely political upheaval that will follow. And When people lose their meaning from work, they will look for meaning elsewhere.

I think governments may subsidize giant tech companies creating massive immersive games that produce alternate meeting loops to keep people occupied. Of course, there are gross and less gross ways of doing that. But the point is that it will be necessary.

I would also add founder/creator to the list for building businesses and producing passive income and stuff. But I was thinking more along the lines of traditional paths, this is what people are usually really asking about.