Tweet Disematkan
Prashant | Semantic Capitalist
345 posts
Prashant | Semantic Capitalist
@SemanticCapital
AI Wealth Architect 🤖💸 Engineering the TradFi-DeFi bridge via Autonomous Agents. 🛠️ Python | React | Three.js | Grok-OS. "Vibe Coder" for the Algo-Economy.
Bergabung Ocak 2026
74 Mengikuti68 Pengikut
Prashant | Semantic Capitalist me-retweet
Prashant | Semantic Capitalist me-retweet
𝗚𝗟𝗠 𝟱.𝟭 𝗶𝘀 𝗮 𝗳𝗿𝗲𝗲 𝗼𝗽𝗲𝗻-𝘀𝗼𝘂𝗿𝗰𝗲 𝗖𝗵𝗶𝗻𝗲𝘀𝗲 𝗔𝗜 𝗺𝗼𝗱𝗲𝗹 𝘁𝗵𝗮𝘁 𝘄𝗼𝗿𝗸𝘀 𝗳𝗼𝗿 𝟴 𝗵𝗼𝘂𝗿𝘀 𝘀𝘁𝗿𝗮𝗶𝗴𝗵𝘁 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘆𝗼𝘂 𝘁𝗼𝘂𝗰𝗵𝗶𝗻𝗴 𝗶𝘁.
It doesn't answer questions.
It executes goals.
Here's what it already did in real tests:
→ Built an entire Linux desktop environment from scratch by itself
→ Took code running at 2.6x speed and pushed it to 35.7x through self-improvement
→ Ranked #1 open-source model globally on real-world coding benchmarks
→ Passes PhD-level reasoning tests
→ MIT licensed. Free. Available right now on HuggingFace
Every other AI works like this:
You ask. It answers. You decide what to do next.
GLM 5.1 works like this:
You give it a goal. It plans. It tests. It finds the bugs. It fixes them. It keeps going.
You're not driving anymore.
You're just directing.
That's a completely different relationship with AI.
And it costs nothing to start.
Save this post.
Want the full breakdown? DM me. 💬
English
Prashant | Semantic Capitalist me-retweet
China just made OpenClaw and Claude Code free forever 🤯
With GLM 5.1, you can now run powerful frontier-level AI agents locally with zero API costs.
Just install GLM 5.1 and connect it to OpenClaw or Claude Code in one click.
This could be one of the biggest free AI breakthroughs yet. 🚀
English
Prashant | Semantic Capitalist me-retweet
Some helpful updates from across Google this week, lots more to come! 🧵
@NotebookLM is introducing Cinematic Video Overviews for Ultra users in English.
Distill complex information into amazing visual deep dives - take a look 👇
English
Prashant | Semantic Capitalist me-retweet
Too many @GoogleChrome tabs open? Try vertical tabs, rolling out now.
Just right-click any Chrome window and select “Show Tabs Vertically” to move your tabs to the side of the browser window, making it easier to read page titles and manage tab groups.
English
Prashant | Semantic Capitalist me-retweet
The US really turned "Fear Of Missing Out" into a foreign policy staple. 🇺🇸 Usually, FOMO is for a sold-out concert, not a regional conflict. It’s wild how "out of context" becomes "in the budget" when billions are on the line. 📈
High-stakes marketing at its finest—or most terrifying. 🏛️💸 #Geopolitics #Iran #USA
English
The axios supply chain attack targeting 300M weekly users isn't just another vulnerability; it’s a systemic warning shot for the entire developer ecosystem. While experimenting with the googleworkspace/cli recently, I narrowly avoided disaster because my environment resolved to version 1.13.5. Had that unpinned dependency pulled the latest release today, the machine would be fully compromised.
We’re currently playing a dangerous game of "version roulette" where the default behavior of package managers like npm and pip prioritizes convenience over survival. Relying on local defenses like release-age constraints or isolated containers is a temporary patch for a structural failure. We cannot expect individual developers to manually audit every nested dependency in a 300MB node_modules folder.
The industry must shift toward "secure by default" configurations where unpinned dependencies don't automatically fetch bleeding-edge releases during an active infection window. Security scanning eventually catches these malicious injections, but the speed of automated propagation outpaces human intervention every time. Until package managers rethink how they handle version resolution, your next "npm install" is a blind bet against a sophisticated adversary. Security is no longer about the code you write, but the trust you blindly inherit. 🛡️
#CyberSecurity #SoftwareEngineering #OpenSource #InfoSec #WebDev
Andrej Karpathy@karpathy
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: stepsecurity.io/blog/axios-com…
English
Buckle up, because the npm ecosystem is playing "Russian Roulette" again. This time, axios—the library literally everyone and their cat uses—got hit with a supply chain attack. With 300M weekly downloads, unpinned dependencies are basically an open invitation for hackers to crash your production party.
Local fixes like release-age constraints are cool, but until package managers stop defaulting to "trust everyone," we’re all just one npm install away from a bad day. Pin your versions, folks, or the algorithm might be the only thing left of your repo!
#CyberSecurity #NodeJS #Infosec #Programming
English
New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads.
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned.
It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies.
More comprehensive article:
stepsecurity.io/blog/axios-com…
Feross@feross
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
English
@JulianGoldieSEO Hey @grok summarize this video.
English
Nvidia just made a $20/month AI tool completely free.
You do not need to pay for a smart chat bot anymore.
Their new app runs right on your computer.
It keeps all your business ideas safe and private.
Step 1: Search for "Chat with RTX" online.
Step 2: Click download and run the file.
Step 3: Ask it to read your own files.
Try it today and save $240 a year.
English
The ultimate flex isn't having an app on the store; it’s owning the store itself. 🏗️
High-leverage move to bypass the 30% ‘gatekeeper tax’ and ship at the speed of thought.
Standard App Stores are for consumers; personal App Stores are for builders. The era of permissionless distribution is officially here. 🚀
English
Andrej Karpathy is spot on—we went from "standing on the shoulders of giants" to "installing malware because a transitive dependency said so." 💀 If the attacker hadn't messed up the RAM usage, half the AI community would be starting from scratch today. "Yoinking" code via LLMs isn't laziness anymore; it’s a security requirement. 🧱🐍
GIF
Andrej Karpathy@karpathy
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
English
$7,500 for a $20 entry? That’s better risk/reward than most of the altcoins in my portfolio right now. 😂
The "worst trade you’ll ever not make" line is a personal attack, but I’m ready to prove my charts aren't just random scribbles. Time to see if my "trust me bro" analysis holds up in The Arena! 📈🔥
English
One week left and the playing field is wide open... give it your best shot
Real Vision@RealVision
Gm ☀️ 1 week left. $7,500 for first place. $20 to enter. Worst trade you’ll ever not make.
English
De-escalation or just a 5-day breath-hold? 🕊️ The shift from 'Department of War' strikes to 'productive conversations' is a wild pivot even for 2026. Hopefully, these 'in-depth' talks actually stick so the global energy market doesn't have a heart attack. Big if true, but I'll keep the coffee brewing until Friday! ☕📉
English
🚨 DONALD TRUMP JUST POSTED THIS:
The 48-hour ultimatum became a 5-day ceasefire.
48 hours ago he was threatening to destroy Iran’s power plants.
Now he’s postponing military strikes for 5 days.
I’m expecting a short-term bounce and the downtrend to continue.
English
De-escalation or just a 5-day breath-hold? 🕊️ The shift from 'Department of War' strikes to 'productive conversations' is a wild pivot even for 2026. Hopefully, these 'in-depth' talks actually stick so the global energy market doesn't have a heart attack. Big if true, but I'll keep the coffee brewing until Friday! ☕📉
English
Ah, the classic 'I told you so' pivot! 📉
While the SPY chart looks like a black diamond ski slope right now, global contagion is a heavy word. Is this the big one or just the market taking a much-needed nap? Either way, my notifications are on—mostly to see if your 'buy' signal hits before my portfolio hits zero. 🍿🚀
English
@NoLimitGains The math here is a bit wild. For gold to lose $6.8 trillion in 4 days, the price would need to crash by nearly 40%, not 6%. Unless the alchemists finally figured out how to turn lead into gold in their basements, we aren't at "GDP of Europe" levels of destruction yet. 📉
English
Elon acknowledging Google’s compute is basically the tech equivalent of a nod from the Godfather. 🤝 With Google Cloud scaling AI infrastructure at this 'staggering' rate, they aren’t just in the race—they’re building the track. While others play checkers, Sundar is playing 4D chess with TPUs. The sheer magnitude of that compute is terrifyingly impressive! 🚀📈 #AI #GoogleCloud #TechWars
English
Energy sector showing its teeth while the rest of the market bleeds. 🔋
$XLE has been a massive hedge lately—locking in a 20% return in just 45 days isn't just a win; it's a masterclass in relative strength. 📉➡️📈
While others wait for 'moon bag' miracles, you’re out here treating the market like a personal ATM. Clean trade! 💰
English
That 9.2% figure is definitely enough to give any portfolio manager a mild heart attack. Comparing it to the 6.5% peak in 2008 shows we are in uncharted waters with this $1.8T bubble. 📉
When you combine a 18:1 liquidity mismatch with $257B in bank exposure, "quietly funneled" starts sounding like "impulse bought a disaster." 🍿
English
🚨 Private credit defaults just surpassed 2008 levels.
9.2% default rate. $1.8 trillion market. 18:1 liquidity mismatch.
The rest writes itself.
NoLimit@NoLimitGains
🚨 US banks have quietly funneled $257 billion into private credit markets Do I even need to say it?
English