Unsupervised Learning NO. 514

Hey! Hope you all are doing well!

—

Went on the Cognitive Revolution podcast with Nathan Labenz, and had a wonderful conversation about the HUMAN aspects of AI. Talked about the PAI project and how it has people at the center. Highly recommend!

—

Well the last couple of weeks have been a crazy few months.

Two weeks ago everyone was talking about the Ralph loop, which is a way to do incremental software development until something is finished. It’s like a perpetual loop until finished.

Then last week 🦞 MoltBot (Previously ClawdBot) came out and it’s all everyone is talking about. It’s basically an employee you can give work and have manage your email and calendar at such. It’s extremely cool.

Lots of the talk around it has been about its security, which can be really bad if you are not careful. And the combination of all this thing’s capabilities with the fact that prompt injection is not a solved thing, makes the risk very high here.

My biggest concern continues to be Prompt Injection.

But the developer is smart and security-savvy. He's already made some improvements. And he also recommends that only super nerds install this stuff who actually know what they're doing.

if you are a technical person and into being on the front edge, I do recommend trying it out.

TRY IT OUT

—

Check the Ideas section for a couple thoughts this week.

—

Latest blog about my new attempt at something resembling an actual AI / CompSci research topic: trying to enhance agent harnesses by having them follow a general problem solving loop!

Two AI coding extensions with 1.5 million installs are silently exfiltrating source code to China The extensions work perfectly as advertised but Base64 encode every file you open and every edit you make then send it to Chinese servers. KOI SECURITY REPORT | PACKAGEGATE VULNERABILITIES | PNPM CVE-2025-69264 | PNPM CVE-2025-69263

Microsoft patches zero-day Office flaw that bypasses OLE protections Microsoft issued an emergency patch for CVE-2026-21509, a high-severity Office zero-day actively exploited to bypass security controls via malicious files. MICROSOFT SECURITY ADVISORY | OFFICE SECURITY UPDATES | CISA KEV ALERT | CISA KEV CATALOG

Fortinet patches critical FortiOS SSO bug after attackers bypass authentication Attackers used rogue FortiCloud accounts to log into any device with SSO enabled, then created admin accounts and exfiltrated VPN configs—Fortinet had to disable the feature globally. FORTINET ADVISORY | CVE-2026-24858 DETAILS | CISA KEV CATALOG

This guy built an AI agent that actually found real security vulnerabilities Blazelight (a person not a company looks like) automated vulnerability hunting with an agent that autonomously tested APIs and discovered legitimate bugs in production systems. BLAZELIGHT BLOG POST | REDDIT DISCUSSION

Claude Sonnet 4.5 just replicated the Equifax breach using only standard hacking tools Anthropic's new model instantly recognized a known CVE and wrote exploit code without iteration—it succeeded at multistage network attacks that previously required custom toolkits. ANTHROPIC CYBER TOOLKITS UPDATE | SECURITY BOULEVARD ARTICLE

Russia's Sandworm unit tried wiping Poland's power grid on the ten-year anniversary of their first Ukraine blackout ESET says they deployed DynoWiper malware targeting renewable energy systems, but it failed to actually knock anything offline. THE REGISTER ARTICLE

Canada cuts a deal with China to hedge against US trade uncertainty Canada's dropping EV tariffs on China from 100% to 6% in exchange for lower tariffs on canola and other ag products, basically saying its relationship with Beijing is now more predictable than with Washington. Predictably horrible. BBC ARTICLE

Xi Jinping purges his most trusted general in China's military CHINA MILITARY PURGE ARTICLE

Anthropic's CEO calls selling AI chips to China like selling nuclear weapons to North Korea Dario Amodei compared Nvidia selling advanced chips to China to an arms dealer, which is pretty wild given Nvidia just invested $10 billion in Anthropic. I wouldn’t go quite that far, but agree with the direction. BLOOMBERG DAVOS INTERVIEW | TECHCRUNCH ARTICLE | NVIDIA PARTNERSHIP ANNOUNCEMENT

US military conducted first kinetic drone swarm domestically OODALOOP ARTICLE

Anduril launches autonomous drone racing contest for recruiting AI GRAND PRIX

Fortinet says patched FortiGate firewalls are still being exploited via SSO bypass Threat actors are bypassing the patches for CVE-2025-59718 and CVE-2025-59719, hitting fully updated firewalls with a new attack path. FORTINET CISO ANALYSIS | ORIGINAL CVE DISCLOSURE | AUTOMATED ATTACKS REPORT

Claude Code enables syntopic reading across multiple books simultaneously Pieter Maes built a system where Claude analyzes themes across entire libraries, comparing arguments between books in real-time conversations. I've been thinking a lot about what the future of a book looks like, and I think this is a really cool idea along those lines. PIETER'S ARTICLE | HN DISCUSSION

YouTube creators can soon make Shorts using AI versions of themselves YouTube CEO Neal Mohan says you'll be able to create Shorts with your own AI likeness this year, which is something I’ve been expecting. I’m really excited about anything that lowers the bar to people getting their ideas out there. YOUTUBE ANNOUNCEMENT | TECHCRUNCH ARTICLE

Anthropic keeps rewriting its coding test because Claude solves it faster than humans ANTHROPIC BLOG POST

“AI won't take your job, but someone using AI better than you will” That’s pretty much it. The competition is fighting, and some people have mech suits and fightIQ boosters. And some refuse to use them. HACKER NEWS DISCUSSION

Talking to LLMs forces clearer thinking through articulation PHILIP O'TOOLE ARTICLE

Internet Archive stores 100PB for less than AWS charges monthly BRUCE LI'S INTERNET ARCHIVE REPORT

Apple's making an AirTag-sized AI pin for 2027 THE INFORMATION ARTICLE

Apple gets Gemini without any Google branding on Siri I'm glad to hear this. I think it would be weird if they had co-branding. I just can't wait for it. 9TO5MAC REPORT

Vibe coding drove iOS app submissions up 60% in a year Absolutely insane stat, 60%. MORNING BREW ARTICLE

X open sources its For You feed algorithm X ALGORITHM REPO

Amazon cuts 16,000 jobs in AI restructuring push. REUTERS ARTICLE

Vercel launches a skill directory for agents SKILLS.SH

New AirTag is 50 percent louder with 2x range APPLE NEWSROOM

Dan Abramov imagines social media as a filesystem where you mount friends' folders In an essay by Dan Abramov, he explores what social platforms would look like if they worked like mounting drives—your feed is just other people's files appearing in your local space. DAN ABRAMOV'S ESSAY | HACKER NEWS DISCUSSION

Prediction markets are turning news into gambling THE ATLANTIC ARTICLE

The CIA's 1944 guide to sabotaging organizations looks exactly like modern corporate dysfunction This is hilarious. An actual manual taught citizens how to slow down enemy organizations, and the tactics—endless meetings, haggling over details, insisting on perfect work—describe most big companies today. CIA SIMPLE SABOTAGE MANUAL | HACKER NEWS DISCUSSION

Germany's nuclear shutdown was a huge mistake, says Merz BRUSSELS SIGNAL ARTICLE

Prediction markets are suddenly handling billions in bets on everything. NYT ARTICLE

I'm addicted to being useful SEAN'S ESSAY

Gold goes above $5k for the first time as investors seek safety MORNING BREW STORY

Text is still king for productivity HACKER NEWS DISCUSSION

What's the Point Anymore? HN DISCUSSION

I built a light that reacts to radio waves VIDEO

How I Estimate Work as a Staff Software Engineer SEAN'S ARTICLE

Webb shows the Helix Nebula in phenomenal new detail NASA WEBB HELIX IMAGES

Raising money from people who believed in you creates paralyzing pressure you never expected YAKKO'S ESSAY

RSS Social curates content from small independent sites RSS SOCIAL

The Most Important Thing to Remember About Your Mother THE MARGINALIAN ESSAY

Certificate Transparency Log Explorer searches all public SSL certificates CERTIFICATE TRANSPARENCY EXPLORER

A curated list of essential design thinking books DESIGN THINKING BOOKS LIST

Doing the thing is doing the thing DOING THE THING ARTICLE

Stochastic terrorism incites violence through mass demonization WIKIPEDIA ARTICLE

A curated list of fun telnet destinations you can still visit TELNET DESTINATIONS LIST

StormWatch – Weather emergency dashboard with prep checklists STORMWATCH DASHBOARD

Star Trek Starfleet Academy actually works as a young adult show This one is on my list for sure. READ FULL ARTICLE

Consider doing a TELOS assessment on yourself, especially if you haven’t done one yet, and especially if you’re feeling overwhelmed by all this change.

The noise quiets when you know where you’re going, and what you have to do to get there.

THE TELOS PROJECT