Unsupervised Learning NO. 521

Hey! Hope you all are doing well!

I’m out at RSA this week! Speaking tomorrow at Decibel’s event hosted by Clint Gibler and I (Unsupervised Learning and tl;drsec)! Hope to see you there or somewhere else on Wednesday or Thursday! THE DECIBEL EVENTS

—

My biggest takeaway so far (Companies become APIs) is my thought that when companies start turning their current chaos into agent orchestrated workflows, most of the companies on the show floor will become MCP/API calls. And there will be strict quality/performance/price ratings for all those which are gamed against each other. So when you go to pitch a company, you’ll be pitching to replace a node in the customer’s enterprise orchestration graph. And you better bring data. This will take a while to happen, but all this talk of “agentic this” and “agentic that” is the precursor to it: driven by the enterprise’s dire need for transparency into their operations and performance. So, as a vendor, what does your moat look like when your primary interface to a customer is an API?

—

Second takeaway (Agents Don’t Want/Need Your Interface): Related to the first one, and related to what will happen on the consumer side, we’re about to see a whole lot less focus on interfaces provided by the companies themselves. Companies will already have their own agentic orchestration, but they’ll also have their own, or their preferred, interfaces to see the data from your product. You know the bit about “too many single panes of glass”? Well that gets magnified x100 when agents are the main consumers of vendor output vs. humans.

rez0 breaks down Claude skills for hackers and why AI bug reports still suck Excellent episode of the Critical Thinking Bug Bounty podcast that covers Claude automation with Skills, when AI-generated vulnerability reports fall apart, and whether agents beat old-school folder organization. CTBB PODCAST EPISODE | CTBB DISCORD | H1-BRAIN TOOL

Absolute AI supply chain nightmare scenario: PyPi Package LiteLLM compromised:

“Simple pip install litellm was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.” KARPATHY’S THREAD

Google's AI agents are now crawling 10 million dark web posts daily to find real threats Google built Gemini agents that automatically profile your company from public data, then scan dark web chatter to flag actual security risks instead of the usual 80-90% false positives from keyword matching. GOOGLE DARK WEB AI | THE REGISTER

Russia and Iran are hijacking Signal and Telegram to spy on Americans The FBI says Russian intelligence is phishing Signal accounts of US officials and journalists, while Iran uses Telegram bots to control malware that steals files and records screens from dissidents. FBI WARNS OF MESSAGING PLATFORM HACKS

Google found an iPhone exploit chain called DarkSword that's been hitting targets since late 2024 Google researchers discovered a six-vulnerability iOS exploit chain that state actors and spyware vendors are using to completely compromise iPhones just by visiting malicious websites. MALWAREBYTES BLOG POST

FBI director admits they're buying location data to track Americans without warrants Kash Patel told senators the FBI purchases commercial location data that lets them track anyone's movements, and he won't promise to stop doing it. THE VERGE ARTICLE

Anduril starts mass-producing AI wingman drones in Ohio. DEFENSE NEWS ARTICLE

Iran's new Hormuz strategy targets entrance zones, not the strait itself. IRAN DOESN'T NEED TO CLOSE HORMUZ

Pentagon says Anthropic's Chinese workers create national security risks The Defense Department filed court documents claiming Anthropic employs "a large number" of Chinese nationals who could be compelled to spy under China's intelligence laws. PENTAGON FILING

China offers Taiwan energy security in exchange for reunification talks China's state energy company proposed guaranteeing Taiwan's fuel supplies during Middle East conflicts if Taiwan agrees to discuss unification, essentially weaponizing energy dependence. REUTERS ARTICLE

Xi purged dozens of top Chinese generals in his biggest military cleanup yet Al Jazeera reports that around 100 senior PLA officers have been removed since 2022, including key Central Military Commission members, as Xi cleans house ahead of the military's 2027 centennial. XI'S MILITARY PURGE

Anthropic has been on an absolute tear of feature shipping. Over the last few weeks, they have essentially replaced most of what made OpenClaw so attractive to people. They are literally shipping one or two significant features almost every day of the week. It is seriously impressive, and is making their competitors look extremely slow. THEIR RECENT RELEASES

Claude Code enables secretish feature “AutoDream” It’s human-like processing of memories to improve performance over time. VIDEO

OpenAI wants to build a fully automated AI researcher by 2028. OPENAI AUTOMATED RESEARCHER

Anthropic built a system that makes complete apps autonomously. ANTHROPIC HARNESS DESIGN

Getting AI to interview you first builds way better prompts. AGENTS SHOULD INTERVIEW YOU

Most startups from before 2025 are probably dead and don't know it yet Steve Blank argues that if you started a company more than two years ago, AI has made your assumptions obsolete—your tech stack, team size, and business model need a complete rethink or you'll die. I wouldn't go quite that far, but I'm about 70% there. STEVE BLANK ARTICLE

Companies are scoring employees on AI token consumption now. TECH EMPLOYEES EVALUATED ON TOKEN BURN

Private credit funds can't pay investors fast enough as everyone runs. MORNING BREW ARTICLE

Stripe and a startup just built a payment system for AI agents Stripe teamed up with Tempo (a blockchain startup they backed) to launch the Machine Payments Protocol—basically Venmo for AI bots that need to pay for stuff automatically. STRIPE TEMPO AI PAYMENTS

AI citation optimization is replacing traditional SEO tactics. JULIA'S AEO GUIDE

I tried Karpathy's Autoresearch on an old research project Someone took Karpathy's automated research loop and let Claude loose on their old computer vision code while doing weekend chores—it found a major bug and cut error rates in half. FULL EXPERIMENT WRITEUP

McKinsey predicts trillion-dollar agent commerce but most companies are invisible. YOUTUBE VIDEO

BlackRock CEO warns AI will make inequality much worse. AI BOOM RISKS WIDENING WEALTH DIVIDE

Everyone in San Francisco is calling themselves a "builder" now. Within a period of months to 1-2 years, nearly anyone will be able to build things. Right now you still need tech skills with Claude Code or whatever tool you're going to use, but before too long, pretty much everyone is going to just be able to talk to their agent, which is their own personal AI system, and it’s going to be able to build them anything that they provide as an idea. the quality of the ideas and the articulation will still matter, though. WSJ ARTICLE

Companies are building triple-target weight loss drugs that could cut body weight by 30% Scientific American reports on next-gen GLP-1 medications hitting three brain pathways simultaneously—Eli Lilly's retatrutide showed 30% weight loss in trials, while Novo Nordisk's combo drug CagriSema hit 23%. NEW GLP-1 WEIGHT-LOSS DRUGS

Coffee addiction might actually protect your brain from dementia. THE REGISTER ARTICLE

BlackRock says traditional diversification is dead because AI broke everything BlackRock's latest report argues that portfolio diversification no longer works—AI concentration means the top 10 S&P stocks now control 41% of the index, bonds aren't hedging anymore, and central banks are going opposite directions. BLACKROCK DIVERSIFICATION MIRAGE

Colon cancer became the top cancer killer for people under 50. COLON CANCER LEADING DEATHS

English-speaking countries are getting less happy while others improve. THE ECONOMIST ANALYSIS

UBI might fix poverty but it won't fix the meaning crisis coming with AI Simon argues that while UBI solves the money problem when AI takes jobs, it doesn't address the deeper human need for purpose and contribution that work provides. UBI IS THE WRONG ANSWER

You can't blame tools for losing passion in your work. THE MACHINE DIDN't TAKE YOUR CRAFT

Plato's ancient writing warning perfectly describes our AI problem. PSYCHOLOGY TODAY ARTICLE

Amazon treats coders exactly like warehouse workers now Cory Doctorow explains how Amazon's new monitoring systems track every keystroke, bathroom break, and code commit—turning software engineers into the same surveilled, disposable labor as warehouse packers. PLURALISTIC ARTICLE | CORY DOCTOROW'S BLOG

Overnight finishes your coding projects while you sleep. OVERNIGHT WEBSITE

The hardest human skills matter most in AI world POST-AI HUMAN SKILLS INDEX

Dashboard tracks 19M+ Claude-generated commits on GitHub. CLAUDE'S CODE DASHBOARD

Kids today are more empathetic and well-behaved than past generations. THE KIDS ARE ALL RIGHT

Garry Tan released his complete Claude development workflow. GARRY'S GSTACK REPO

Everyone should just have a f*cking website already. Really, we've been saying this for years, but it's getting more and more important. HAVE A FUCKING WEBSITE

Profiling Hacker News users based on their comments SIMON'S PROFILING POST

New recon platform maps all public bug bounty targets automatically. NEOBOTNET PLATFORM

Soul Protocol makes AI identities portable across platforms. SOUL PROTOCOL HN

I recommend you get good at Claude Code / PAI as soon as possible, which has been a consistent recommendation here.

But there's another aspect to this that I think is really interesting, which is the fact that currently this requires a decent amount of tech skill and/or the ability to learn those tech skills.

Soon that won't be the case. I think within a number of months and maybe a maximum of two years everyone will be talking to their own personal AI and having it make things for them, with very little need for technical tools like Claude Code.

At that point, it's going to be about the quality of your ideas and your ability to articulate them.