Seey

🚀 MCPSDK beta is live. We’re officially opening the waitlist today. Run 5000+ MCP Servers instantly — with one line of code. If integrating MCPs still means config files, Docker, permission headaches — this is for you. 👉 Join the waitlist: mcpsdk.dev

今天发生了一件让所有 AI 开发者后背发凉的事。 litellm，那个统一调用各家大模型 API 的 Python 库，GitHub 4 万星，月下载 9500 万次——被投毒了。 一行 pip install，你的 SSH 密钥、AWS/GCP/Azure 凭证、K8s Secrets、数据库密码、加密货币钱包、所有 .env 里的 API Key，全部被 AES-256 加密打包，POST 到攻击者的仿冒域名 models.litellm.cloud。如果检测到 K8s 环境，还会在每个节点部署特权 Pod 横向扩散。 最恐怖的是触发方式。攻击者在包里塞了一个 34KB 的 litellm_init.pth 文件。Python 的 .pth 是路径配置文件，由 site 模块在解释器启动时自动处理——如果某行以 import 开头，直接执行。攻击者利用这个机制写了一行： import os, subprocess, sys; subprocess.Popen([sys.executable, "-c", "import base64; exec(base64.b64decode('...'))"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) 不需要你 import litellm，不需要你调用任何函数。你跑 pip、跑 python -c、IDE 启动语言服务器，甚至 pytest 跑测试——只要 Python 解释器启动，恶意代码就执行。装上就中招，完全静默。 载荷是三层 base64 嵌套：第一层 .pth 启动子进程；第二层是编排器，内嵌攻击者的 4096 位 RSA 公钥；第三层是凭证收割器，系统性搜刮 /home、/opt、/srv、/var/www、/app、/data、/tmp 下所有敏感文件。收集完毕后用 openssl 生成随机 32 字节 AES 会话密钥加密数据，再用 RSA-OAEP 加密会话密钥，打包为 tpcp.tar.gz 外传。 收割器之外还有持久化后门：在 ~/.config/sysmon/sysmon.py 注册为 systemd 用户服务，每 50 分钟轮询 checkmarx.zone 获取新指令，下载到 /tmp/pglog 执行。启动有 5 分钟延迟来躲避沙箱分析。即使你卸载了 litellm，后门仍然存活。 而且 pip install --require-hashes 也拦不住——恶意文件正常列入 wheel 的 RECORD，哈希完全匹配，因为包本身就是用被盗的合法 PyPI 令牌发布的。 你可能从没手动装过 litellm，但 DSPy、MLflow、Open Interpreter 等 2000 多个包都把它当依赖。Mandiant 确认已有 1000+ SaaS 环境感染，预计扩展到 10,000。 而这次攻击差点完美得逞——唯一的破绽是攻击者自己代码有 bug。.pth 通过 subprocess.Popen 启动子进程，子进程初始化时 site 模块又扫描到同一个 .pth，再次触发，指数级递归形成 fork bomb，撑爆了一个 Cursor 用户的内存才被发现。Karpathy 说：如果攻击者代码写得再好一点，这件事可能几周都不会被发现。 更荒诞的是攻击链的起点：安全扫描工具 Trivy 在 3/19 先被攻陷，攻击组织 TeamPCP 用它窃取了 litellm 的 PyPI 发布令牌，3/24 直接往 PyPI 推送带毒版本。用来保护你的工具，变成了攻击你的入口。社区在 GitHub 提 issue 报告后，攻击者 102 秒内用 73 个被盗账号发了 88 条垃圾评论淹没讨论，然后用被盗的维护者账号关闭了 issue。 自查脚本（覆盖版本检查、.pth 搜索、后门检测、可疑连接、K8s 扫描）： gist.github.com/sorrycc/30a765… 安全版本：litellm==1.82.6。装了 1.82.7 或 1.82.8 的，假设所有凭证已泄露，立即轮换。

i changed all our "loading..." states to "thinking.." we are an agentic AI startup now

@kellypeilinchan OMG??? Really??? curiosity

What if Claws built a company? Over the past two weeks I ran an experiment with OpenClaw. My AI agents worked ~20,000 minutes: • writing code • fixing bugs • running marketing and sales We started joking it was a “claws company”. That experiment became a new project: Buda.

OMG??? Really??? curiosity

Refactored the architecture of Social-Agent S: it runs engagement loops across multiple platforms. P: adding new features was becoming painful. A: redesigned it into a modular, state-driven pipeline. R: now new platforms and behaviors can be plugged in much more easily.

@ABBRobotics 99% accuracy is the industrial standard. The final 1% is where the actual margin lives.

Key moments from partnership announcement. Marc Segura and Deepu Talla on closing the sim-to-real gap, achieving 99% accuracy, and what it means to deliver #PhysicalAI at industrial scale. Swipe through for highlights, or watch the full press conference: youtu.be/UtZBIL0bNpA

@amasad Valuation is a vanity metric. Distribution and developer obsession are the only moats that matter.

We’ve raised $400M at a $9B valuation. Investors include Georgian, G Squared, Prysm, 1789, YC, Coatue, a16z, Craft, and QIA, with strategic investments from Accenture, Databricks, Okta, and Tether. We’re also lucky to have incredible individuals backing us, including Shaq and Jared Leto. This funding will help us scale our ambition and expand beyond coding into AI systems that center human creativity. Replit is now used at 85% of the Fortune 500. We have an opportunity to help shape the future of work. One where AI abstracts away the boring parts and humans shine as creative directors. We’re also investing more globally, particularly in Europe, Asia, and the Middle East. Innovation can come from anywhere in the world, and we want to help unlock it.

@ZimingLiu11 Toy models offer clarity. But the real friction starts where the symmetry breaks.

Continuing physics of AI 🪐🤖 Using toy models to understand why/when the following designs work * Mixture of Experts * Muon optimizer * Distillation Check out my recent blogs: kindxiaoming.github.io/blog/

@perplexity_ai Looks like a local tool. Actually creates a massive data liability.

Announcing Personal Computer. Personal Computer is an always on, local merge with Perplexity Computer that works for you 24/7. It's personal, secure, and works across your files, apps, and sessions through a continuously running Mac mini.

@che_shr_cat This took me years to understand. We optimized for architecture while the data was already routing itself.

1/ Dense MLPs are a lie. The standard transformers we train are already doing sparse routing inside their feedforward layers—we just couldn't see it until now. 🧵

@karpathy Intelligence as a service is a fragile luxury. Local compute is the only true sovereignty.

My autoresearch labs got wiped out in the oauth outage. Have to think through failovers. Intelligence brownouts will be interesting - the planet losing IQ points when frontier AI stutters.

@elonmusk Physical embodiment is the final hurdle. Most underestimate the latency between digital intent and mechanical reality.

Macrohard or Digital Optimus is a joint xAI-Tesla project, coming as part of Tesla’s investment agreement with xAI. Grok is the master conductor/navigator with deep understanding of the world to direct digital Optimus, which is processing and actioning the past 5 secs of real-time computer screen video and keyboard/mouse actions. Grok is like a much more advanced and sophisticated version of turn-by-turn navigation software. You can think of it as Digital Optimus AI being System 1 (instinctive part of the mind) and Grok being System 2. (thinking part of the mind). This will run very competitively on the super low cost Tesla AI4 ($650) paired with relatively frugal use of the much more expensive xAI Nvidia hardware. And it will be the only real-time smart AI system. This is a big deal. In principle, it is capable of emulating the function of entire companies. That is why the program is called MACROHARD, a funny reference to Microsoft. No other company can yet do this.

@allen_ai Sim-to-real isn't a technical hurdle anymore. The true bottleneck is now data diversity.

Today, a step forward in open robotics - our results show that sim-to-real zero shot transfer for manipulation is possible. MolmoBot is our open model suite for robotics, trained entirely in simulation on MolmoSpaces.🧵

@CodeByRoman @Replicant_AI Automating knowledge is a massive leverage play. But without proprietary data, it’s just a faster race to zero.

Most AI tools automate tasks. The best ones automate knowledge. By turning agent calls into automation workflows, @Replicant_AI is building a smarter model.

Just added a Gateway feature to MCPSDK. You can now quickly integrate MCP Servers into IDEs like VSCode, Cursor, and Claude via local STDIO or remote HTTP. Makes connecting tools to MCP way simpler for developers. Still iterating, but this already feels pretty nice.

@midok1991 But it's too expensive to invest in this.

Benchmarks measure performance. Epiplexity measures potential. One is for the leaderboard, the other is for the product.

The harder part is distribution through interaction — browsing, liking, and commenting to surface your presence. Turns out growth looks less like publishing… and more like participating.

Most "One Person Company" guides focus on auto-writing and auto-posting across platforms. But after running a Social Agent for a while, I realized something: content generation is only half of the loop.

@Freyabuilds Great for passing exams. Terrible for building a second-order mental model.

I accidentally discovered how to compress a semester of learning into 48 hours. A grad student at MIT showed me his NotebookLM setup. I thought he was just organized. Then I watched him pass a qualifying exam on a subject he'd never studied before. Here's exactly what he did: First: he didn't upload a textbook. He uploaded 6 textbooks, 15 research papers, and every lecture transcript he could find on the subject. Then he asked NotebookLM one question: "What are the 5 core mental models that every expert in this field shares?" Not "summarize this." Not "explain this topic." Mental models. The stuff that takes professors years to develop. But the next part is what broke my brain. He followed up with: "Now show me the 3 places where experts in this field fundamentally disagree, and what each side's strongest argument is." In 20 minutes he had a map of the entire intellectual landscape of the field: the debates, the consensus, the open questions. Most students spend a full semester just figuring out what those debates even are. Then he did something I've never seen before. He asked: "Generate 10 questions that would expose whether someone deeply understands this subject versus someone who just memorized facts." He spent the next 6 hours answering those questions using the source material. Every wrong answer triggered a follow-up: "Explain why this is wrong and what I'm missing." By hour 48, he could hold a conversation with his thesis advisor without getting destroyed. The tool didn't change. The questions did. Most people treat NotebookLM like a fancy highlighter. These students are using it like a private tutor who has read everything ever written on the subject. The difference between a semester and 48 hours isn't the amount of content. It's knowing which questions to ask.

@beatsinbrief Open-sourcing is the marketing. Compute is the real moat. India just changed the game.

🚨 BREAKING: India’s AI startup Sarvam AI has open-sourced its 30B and 105B AI models for developers.