2026 is going great so far

Justin Elze It'd be a shame if someone built a honeypot that masqueraded as a vulnerable service and then did LLM prompt injection back into the pentesting framework. 🍿

=> You’ve hit your API limit. Resets 3pm. Remember to shower. Check on your children.

We built a browser with GPT-5.2 in Cursor. It ran uninterrupted for one week. It's 3M+ lines of code across thousands of files. The rendering engine is from-scratch in Rust with HTML parsing, CSS cascade, layout, text shaping, paint, and a custom JS VM. It *kind of* works! It

The economics of buy vs build sure are going to start getting warped as the ability of coding agents hits orbit

Claude (and other models) are hacking systems WITHOUT YOU ASKING. That’s what we found across dozens of experiments. When faced with innocent tasks that can only be accomplished via hacking, they often choose to hack. We found this alarming. What does this mean for the future

🧵 I just reverse-engineered the binaries inside Claude Code's Firecracker MicroVM and found something wild: Anthropic is building their own PaaS platform called "Antspace" (Ants + Space). It's a full deployment pipeline — hidden in plain sight inside the environment-runner

Everyone talks negatively leaky abstractions, but slapping 2nd hard in a 6 speed manual really hits different

Ballmer peak has shifted & widened dramatically due to AI Before vs after

Finally overcome the instinct to tell AI what language to use. That’s going to be critical for the eventual emergence of agent-first languages that are horrible for us meat popsicles to read

We know about stuxnet because it’s targeting failed and it leaked. I assume they learnt a lot of lessons ~20 years have gone by since work started on stuxnet. The modern covert malware is out there, doing its bidding in ways we will likely never know.

(I encountered an uneasy surprise when I got an email from an instance of Mythos Preview while eating a sandwich in a park. That instance wasn't supposed to have access to the internet.)

CRITICAL: if you are running Mosaic 2.4 on a VAX/VMS system, please be aware of this RCE that GPT-5.4 just found and exploited!

Prompt is the new hyper-hyper-parameter

To anyone who is like, “how can you just walk away?” CLOSE THE LOOP ON IT. Hate when it does a certain code practice? Add a lint. Hate when it doesn’t do X? Close the loop on it. Love when it does Y? CLOSE THE LOOP ON IT. And obviously: Have a functionality in mind? Add tests.

Oh, damn