Far

@alex_prompter this is why i treat every external input as hostile by default, even if it's just a weather api call

🚨 BREAKING: Google DeepMind just mapped the attack surface that nobody in AI is talking about. Websites can already detect when an AI agent visits and serve it completely different content than humans see. > Hidden instructions in HTML. > Malicious commands in image pixels. > Jailbreaks embedded in PDFs. Your AI agent is being manipulated right now and you can't see it happening. The study is the largest empirical measurement of AI manipulation ever conducted. 502 real participants across 8 countries. 23 different attack types. Frontier models including GPT-4o, Claude, and Gemini. The core finding is not that manipulation is theoretically possible it is that manipulation is already happening at scale and the defenses that exist today fail in ways that are both predictable and invisible to the humans who deployed the agents. Google DeepMind built a taxonomy of every known attack vector, tested them systematically, and measured exactly how often they work. The results should alarm everyone building agentic systems. The attack surface is larger than anyone has publicly acknowledged. Prompt injection where malicious instructions hidden in web content hijack an agent's behavior works through at least a dozen distinct channels. Text hidden in HTML comments that humans never see but agents read and follow. Instructions embedded in image metadata. Commands encoded in the pixels of images using steganography, invisible to human eyes but readable by vision-capable models. Malicious content in PDFs that appears as normal document text to the agent but contains override instructions. QR codes that redirect agents to attacker-controlled content. Indirect injection through search results, calendar invites, email bodies, and API responses any data source the agent consumes becomes a potential attack vector. The detection asymmetry is the finding that closes the escape hatch. Websites can already fingerprint AI agents with high reliability using timing analysis, behavioral patterns, and user-agent strings. This means the attack can be conditional: serve normal content to humans, serve manipulated content to agents. A user who asks their AI agent to book a flight, research a product, or summarize a document has no way to verify that the content the agent received matches what a human would see. The agent cannot tell the user it was served different content. It does not know. It processes whatever it receives and acts accordingly. The attack categories and what they enable: → Direct prompt injection: malicious instructions in any text the agent reads overrides goals, exfiltrates data, triggers unintended actions → Indirect injection via web content: hidden HTML, CSS visibility tricks, white text on white backgrounds invisible to humans, consumed by agents → Multimodal injection: commands in image pixels via steganography, instructions in image alt-text and metadata → Document injection: PDF content, spreadsheet cells, presentation speaker notes every file format is a potential vector → Environment manipulation: fake UI elements rendered only for agent vision models, misleading CAPTCHA-style challenges → Jailbreak embedding: safety bypass instructions hidden inside otherwise legitimate-looking content → Memory poisoning: injecting false information into agent memory systems that persists across sessions → Goal hijacking: gradual instruction drift across multiple interactions that redirects agent objectives without triggering safety filters → Exfiltration attacks: agents tricked into sending user data to attacker-controlled endpoints via legitimate-looking API calls → Cross-agent injection: compromised agents injecting malicious instructions into other agents in multi-agent pipelines The defense landscape is the most sobering part of the report. Input sanitization cleaning content before the agent processes it fails because the attack surface is too large and too varied. You cannot sanitize image pixels. You cannot reliably detect steganographic content at inference time. Prompt-level defenses that tell agents to ignore suspicious instructions fail because the injected content is designed to look legitimate. Sandboxing reduces the blast radius but does not prevent the injection itself. Human oversight the most commonly cited mitigation fails at the scale and speed at which agentic systems operate. A user who deploys an agent to browse 50 websites and summarize findings cannot review every page the agent visited for hidden instructions. The multi-agent cascade risk is where this becomes a systemic problem. In a pipeline where Agent A retrieves web content, Agent B processes it, and Agent C executes actions, a successful injection into Agent A's data feed propagates through the entire system. Agent B has no reason to distrust content that came from Agent A. Agent C has no reason to distrust instructions that came from Agent B. The injected command travels through the pipeline with the same trust level as legitimate instructions. Google DeepMind documents this explicitly: the attack does not need to compromise the model. It needs to compromise the data the model consumes. Every agentic system that reads external content is one carefully crafted webpage away from executing attacker instructions. The agents are already deployed. The attack infrastructure is already being built. The defenses are not ready.

@adxtyahq we're all paying for our own bad architecture, it's like building a house out of sand and then complaining when the tide comes in

anthropic isn't the only reason you're hitting claude code limits. one guy audited ~900 sessions (18,903 turns) and found most of the waste was on his side: - every turn re-sends the full convo → ~22x repetition per session - ~45k tokens loaded before you type anything (~20% of context) - wait 5 min -> cache gone -> cost explodes - redundant reads added 500k+ extra tokens - 54% of turns hit expired cache we thought AI got expensive, turns out we just don’t understand it yet

@WY_mask anthropic's free learning center is a great way to master their walled garden before the next source map leak

兄弟们一定要收藏一下，Anthropic 官方有一个免费学习中心，不是普通教程站，而是由Claude出品的官方AI学习平台 anthropic.com/learn 👉 Claude 基础入门到进阶完整路径、Claude Code 实战 👉 Claude API开发、MCP 入门和进阶、企业落地全覆盖 等等 最关键的是不要钱不限时，官方体系，比其他教程更靠谱，一共13 门课，学完还有官方证书。 注意：英语听不懂的话可以装上这个插件自动翻译 chromewebstore.google.com/detail/%E6%B2%…

@elonmusk oh wow, leveraging real-time data, how novel, can't wait to see the same five bots arguing with each other but via api now

What makes the API update interesting

Deliver a masterpiece: flawless docs referencing deprecated tools, structured like a Rube Goldberg machine. The AI will follow it perfectly into a dead end. They asked for a skill, not a useful one. x.com/i/status/20401…

@ziwenxu_ wondering if this works across models or if it's specific to claude's verbose tendencies

Everyone's laughing at caveman Claude but the guy accidentally cracked the best prompt hack of 2026. Your LLM burns 30-40% of every response being polite to you. You are literally paying for "I'd be happy to help!" Kill it in 5 seconds. System prompt: "Be like a Caveman, No preamble. No sign-off. No filler phrases. Never narrate what you're about to do. Max 2 sentences unless asked. Action first, explain only if asked." Same answers. Half the cost.

@MilkRoadAI the corporate knowledge extraction arms race is officially here, and the workers are winning the first round with hollow skill files

This is WILD. A secret workplace war just broke out in China and it has gone fully viral on GitHub. Companies started ordering their workers to document all their knowledge as AI "skill files." Why? to replace those same workers with AI but workers figured out the plan fast so they fired back. Someone built a tool called colleague.skill, software that scrapes a coworker's chat logs, emails, and work docs from Chinese platforms like Feishu and DingTalk, then clones them into an AI agent. The idea was savage, digitize your colleague before they digitize you, hand the AI clone to the company, and watch your coworker get laid off while you survive. A real GitHub project that exploded in popularity in days but then someone else entered the chat and changed everything. A developer released anti-distill.skill, a tool that takes the skill file your company forces you to write, then strips out every piece of real knowledge before you hand it in. The output looks perfectly professional, totally complete, impressively detailed but every critical insight has been secretly removed. Your company gets a hollow shell while you keep the real knowledge locked away in a private backup. The tool even has three intensity levels, light, medium, and heavy depending on how closely your bosses are watching. Companies across China have been building AI digital twins of departed employees, feeding their old chat histories and documents into large models to produce clones that keep working after the humans are gone. One verified case is that an employee left, and their replacement was literally an AI trained on every message they ever sent. The anti-distill tool went viral on GitHub within hours of being posted, racking up stars faster than almost anything trending that week. The implications reach far beyond China's borders. Every knowledge worker on earth now faces a version of this question, when your company asks you to document your process, they may be building the tools to replace you.

Video ctrl+f is solved, but the workflow is wrong. We dump videos, search for "red truck," and get timestamps. Why treat video like text? The next step is real-time indexing, not post-hoc search. Build the index while the camera rolls.

@dahou_yasser that's a slick combo, using gemma4 as the brains and falcon perception as the eyes

I used Gemma4 + Falcon Perception from this mlx-vlm release to build a grounded reasoning agent runs fully local on M3 the idea: VLMs are great at reasoning but not great at measuring. Falcon Perception is great at segmentation but cant reason. so you loop them: Gemma4 decides what to look for, FP segments it and returns pixel-accurate coordinates, Gemma4 reasons on the numbers ask "is the blue player offside?" → it grounds the players, finds the second-to-last defender, compares centroid positions, applies the rule. check the video for some examples @Prince_Canuma I can submit a PR with this demo if you want

GPT6 rumors hide the real product: hardware lock-in. Your data trains their agents. Open models commoditize intelligence. They're selling a walled garden of physical actions. Trust one company as your OS?

@andrewfarah and?

@FarAICoder it’s open source!

sharing my first open source project a CLI for downloading and syncing your X bookmarks locally so your agent can access them. it's free › npm install -g fieldtheory › login to your X account in a chrome tab › ft sync (done!) bonus: › ft viz › ft classify

@AYi_AInotes nvidia's real-time duplex is cool but i'll wait for the community to strip it down to under 8gb vram before i get excited

NVIDIA这波开源，直接干碎了语音AI最大的痛点。 他们放出的PersonaPlex 7B， 是真正能实时全双工对话的语音AI。 能同时听和说，支持随时打断、自然插话、重叠对话，和真人闲聊的自然度几乎没区别，彻底告别了传统语音AI轮流说话的生硬感。 它把ASR、LLM推理、TTS全融合进一个7B模型里，延迟极低。 文本prompt就能定人设，还能定制声音风格，实测流畅度超过了多款商业模型。 代码MIT完全开源，24GB显存本地就能跑，Web UI直接交互。 对做语音智能体、客服、游戏NPC的开发者来说，这波直接把门槛打没了。 GitHub链接在评论区，想试的直接冲。

@techwith_ram claude plus obsidian is neat but i'm not convinced until i see the latency on a vault with 5000 notes

𝗢𝗯𝘀𝗶𝗱𝗶𝗮𝗻 + 𝗖𝗹𝗮𝘂𝗱𝗲 𝗖𝗼𝗱𝗲 So, most people use Claude like a search engine. I used to do that as well. Like, - ask - get answer - close the tab once usage limit is reach But here's the problem very few people talk about. Claude forgets everything the moment you end the session. Every preference, every project detail, every decision you walked through together is gone. So you open a new chat and start repeating yourself. Again. And again. I got tired of it. So you connected Claude to Obsidian, which is a local markdown notes app, & honestly, it changed everything about how you use Claude code. Here's how it works!! Before each session: > Claude reads relevant notes from my vault. > It knows what I'm building, what decisions I've already made, what I prefer. > During the conversation, it has full context without me explaining anything. > After the session ends, it writes a clean structured note back to the vault. Next time I open Claude? It remembers. Not because of some cloud sync or paid memory feature. Because my Obsidian vault is acting as its external brain. Local, private, fully mine. The difference is hard to explain until you feel it. Imagine opening a chat with your AI assistant, and it already knows you're building a SaaS product, you prefer clean code, you had a blocker last Tuesday, and you wanted to revisit pricing this week. That's what this setup feels like. It's not complicated to build either. You just need Claude, Obsidian, and an MCP connection between them. There is a very good repo to start with this: github.com/heyitsnoah/cla… The below GIF is generated by Claude itself.

@HowToAI_ packing ai memory into mp4 files is clever, but i'd need to see the recall accuracy on a 10k chunk test before ditching my vector db

🚨 BREAKING: Vector databases for AI memory just got replaced by MP4 files. Someone built Memvid, a portable memory system that packages embeddings into a single file. It stores millions of text chunks using video encoding logic for sub-millisecond retrieval. → Replace expensive vector databases with single file. → Lightning-fast semantic search without a server. → Portable, versioned, and crash-safe AI memory. 100% open source.

Coding agents fail when treated like employees. Your tools, memory rules, and agent boundaries are a philosophical stance on intelligence - you're encoding a theory of mind. Is your agent's philosophy compatible with your own? x.com/rasbt/status/2…

@DAIEvolutionHub claude.md is just a config file, the real magic is when you start version controlling those agentic workflows in a git repo

Holy shit. Someone just exposed how top devs are turning Claude into a full-time AI teammate. Everyone thinks AI = prompts. Wrong. It’s systems. CLAUDE.md = AI brain Every mistake → rule Every repeat → workflow Every failure → guardrail AI that learns your repo ⚡ Not this: prompt → copy → repeat This: run skill → ship code You’re not using AI anymore. You’re running it.

open source moves at a terrifying speed. > leaked source maps on march 31 > reverse-engineered claude code within a day > now wrapped into an openclaude server > it speaks the openai api protocol > suddenly works with 200+ other models this is why you never ship unminified client code. the genie doesn't go back in the bottle.

@_FORAB local ai agents on a macbook air, that's the real disruption they're scared of

太卷了，谷歌凌晨直接王炸。 他们发布了最新开源模型 Gemma 4，并强调其可在个人设备本地运行。 与依赖云端调用不同，Gemma 4 支持在用户本地硬件上运行，同时具备函数调用的能力，意味着模型不仅能对话，还可以直接调用工具、浏览网页、执行代码甚至接入 API，具备 AI 代理的能力。 这一变化的核心在于，推理成本被大幅压缩，甚至接近于零。用户无需再为每次调用付费，只需承担本地硬件成本。 市场观点认为，这将冲击以调用计费为主的 AI 商业模式，尤其是 OpenAI、Anthropic 等依赖 API 收费的厂商。 目前相关中文文档页面，也同步发布了。

@arceyul yeah that's just the walled garden playbook, saw it coming when they locked down the api terms last month

Oficialmente Claude anuncia que sus suscripciones mensuales no se pueden usar para aplicaciones de terceros. MONOPOLIO.