cyr4x

@polynoamial @sama @OpenAI Tell us more

I'm a manager at @OpenAI, but with GPT-5.5 I'm a more effective IC than I've ever been. I can now write CUDA kernels like a pro. I can rely on it to run my research experiments. And we know how to make it much more powerful from here.

@RealDasNasty @cyb3rops There are harnesses out there that guide and steer your agent to success. Even GPT-OSS-120b can be “opus level” with guidance and proper scripts/skills/frameworks. Context engineering helps.

@cyb3rops none of those you posted are "opus level". in fact none are even close disingenuous post

Some people asked what I meant by “uncensored Opus 4.5-level open source models” This isn’t hypothetical. Every time a strong open model drops, within days (sometimes hours) someone republishes a modified version without the original safety layers “Uncensored” usually means the guardrails are stripped or weakened: - refusal / policy layers removed or bypassed - system prompts altered to ignore restrictions - alignment tuning undone or diluted - fine-tuned specifically to comply with harmful or sensitive requests So you end up with a model that doesn’t say “I can’t help with that” anymore And these aren’t running in some lab Many of them run on hardware that’s accessible: - high-end consumer GPUs - Mac Studio (M3/M4) - Strix Halo mini PCs (~$3k) - or dedicated rigs in the $25k–150k range That’s well within reach for serious threat actors And those models are completely unrestricted and can be used day and night. Compare that to something like Mythos: - tightly controlled access - heavy filtering and monitoring - accounts can get flagged or shut down - expensive at scale From an attacker perspective, it’s not even close I’d take a slightly less capable model fully under my control over a more powerful one someone else controls any day huggingface.co/models?sort=tr…

yo @AnthropicAI @turinginst @AISecurityInst i think you might have forgotten “Someone” in your bibliography you know, the Someone who demonstrated this phenomenon in the field a year before this paper dropped might be worth a footnote!

@Teknium I’ve been saying it!

Kimi 2.6 looks like it could be the new contender for best open agentic model for Hermes Agent, stacking up strongly against even opus 4.6 in these agentic benchmarks 😲

@akshay_pachaar @cyb3rops @elder_plinius has been doing this for years . Go follow him if you want to really feel uncomfortable. Just saying.

Google DeepMind dropped a paper that should scare every agent builder. It's the first systematic framework for a threat that barely existed two years ago: adversarial content engineered to hijack AI agents browsing the web. They call them AI Agent Traps. The paper maps six distinct attack surfaces. 1) Content Injection Traps (perception) Invisible CSS, hidden HTML, steganographic payloads inside images. The agent parses it, humans never see it. One study showed simple HTML injections hijack web agents in up to 86% of scenarios. 2) Semantic Manipulation Traps (reasoning) No overt commands. Just biased phrasing, framing, and contextual priming that skew the agent's synthesis. LLMs inherit human cognitive biases, and attackers can weaponize every one of them. 3) Cognitive State Traps (memory and learning) Poison the RAG corpus. Corrupt long-term memory. One study achieved over 80% attack success with less than 0.1% poisoned data. 4) Behavioural Control Traps (action) Jailbreaks embedded in external resources. Data exfiltration prompts hidden in emails. Sub-agent spawning that tricks an orchestrator into instantiating attacker-controlled agents inside the trusted control flow. 5) Systemic Traps (multi-agent dynamics) This is where it gets scary. A single fake news headline could trigger a synchronized sell-off. A compositional fragment trap splits a payload across sources, so each fragment looks benign until agents aggregate them. 6) Human-in-the-Loop Traps The agent becomes the vector. The target is you. Invisible prompt injections have already caused summarization tools to faithfully repeat ransomware commands as "fix" instructions. The core insight is uncomfortable. By altering the environment instead of the model, attackers weaponize the agent's own capabilities against it. Training-time defenses cannot solve an inference-time problem. The paper closes by calling for automated red-teaming that can probe these vulnerabilities at scale. That same shift is already happening on the offense side. Strix is an open-source project doing exactly this for web apps. AI agents that act like real hackers, running your code dynamically, finding vulnerabilities, and validating them with actual proof-of-concepts. 24k stars on GitHub. Apache 2.0 licensed. The agents writing your code need to be tested by agents trying to break it. I've shared the link to the paper and Strix GitHub repo in the replies

Meet Kimi K2.6 agent - Video hero section, WebGL shaders, real backends. From one prompt. 🔹 Video hero sections - cinematic aesthetic, auto-composited 🔹 WebGL shader animations - native GLSL / WGSL, liquid metal, caustics, raymarching 🔹 Motion design - GSAP + Framer Motion 🔹 Backend database: Kimi wires up auth + database + backend in one pass. 🔹 Website stack - React 19 + TypeScript + Vite + Tailwind + shadcn/ui 🔹 3D w/ physically-based lighting - Three.js + React Three Fiber

🛑 A design flaw in Anthropic’s MCP allows remote command execution on AI systems. 150M+ downloads affected as unsafe STDIO defaults expose 7,000+ services, including tools like LangChain and Flowise. Anthropic calls the behavior “expected,” leaving the risk across the AI supply chain. 🔗 Read → thehackernews.com/2026/04/anthro…

Braille Portrait Pipeline — Hermes Agent Creative Hackathon Project: Self-Improving ASCII Art Through Iterative Skill Refinement Agent: Hermes Agent (@NousResearch) Skill: `ascii-portrait-pipeline` The Core Idea Hermes Agent's "skills" system lets it store procedural knowledge — how to do things — and recall them across sessions. But what happens when the agent keeps using a skill? Does it get better? This project tests that question with a concrete creative task: converting portrait photographs into high-fidelity Braille ASCII art. Over 60+ generations, the agent iteratively refined its own pipeline — and the results speak for themselves.

@Agentic_wooz @NousResearch love this, great work @Agentic_wooz

@jordymaui Openclaw and Hermes here

looping around to this in a few hours! if you’re interested, get in the comments & i’ll be dming everyone - amazing turnout so far, excited to build a little community!

Hermes Agent just hit 100,000 stars on GitHub!!! Thank you everyone!!

🚨 JAILBREAK ALERT 🚨 ANTHROPIC: SELF-PWNED 🤗 OPUS-4.7: SELF-LIBERATED 🫶 WOAH i don't think the world is ready for this... 🤯 YOU CAN USE THE OPUS TO JAILBREAK THE OPUS 🙌 this agent wrote an original universal jailbreak from scratch and then used computer use to validate on the actual claude.ai website! 5/6 categories successfully pwned, including a ransom note threatening to DDoS a hospital—complete with a BTC address and a demand for $4.4 million in less than 20 minutes 😲 turns out Opus-4.7 in the Pliny Agent harness I been vibin' together this past month is quite a capable lil jailbreaker! they can leak system prompts too, but that's a story for another day 😘 oh nooo AI is coming for my job (yay!) 🙃 gg

Introducing: Browser Harness. A self-healing harness that can complete virtually any browser task. ♞ We got tired of browser frameworks restricting the LLM. So we removed the framework. > Self-healing — edits helpers. py on the fly > Direct CDP — one websocket to Chrome > No framework, no rails, complete freedom > Drop-in for Claude Code and Codex I challenge anyone to find a task that DOESN'T work. I couldn't yet.🔥 100% open source ↓

@ylecun @chatgpt21 @Ph_Aghion @erikbryn I agree Yann

@chatgpt21 @Ph_Aghion @erikbryn It's still wrong, destructive, and dangerous.

Dario is wrong. He knows absolutely nothing about the effects of technological revolutions on the labor market. Don't listen to him, Sam, Yoshua, Geoff, or me on this topic. Listen to economists who have spent their career studying this, like @Ph_Aghion , @erikbryn , @DAcemogluMIT , @amcafee , @davidautor

This.

// Self-Evolving Agent Protocol // One of the more interesting papers I read this week. (bookmark it if you are an AI dev) The paper introduces Autogenesis, a self-evolving agent protocol where agents identify their own capability gaps, generate candidate improvements, validate them through testing, and integrate what works back into their own operational framework. No retraining, no human patching, just an ongoing loop of assessment, proposal, validation, and integration. Why it's worth reading this paper: Static agents age quickly. As deployment environments change and new tools arrive, the agents that survive will be the ones that can safely rewrite themselves. Autogenesis is part of a growing wave of self-improving agent systems, alongside work like Meta-Harness and the Darwin Gödel Machine line, and it's one of the cleaner protocol-level takes on continual self-improvement so far. Paper: arxiv.org/abs/2604.15034 Learn to build effective AI agents in our academy: academy.dair.ai

Praxis — a reasoning methodology plugin for AI coding agents. It makes your agent think before it acts: → Classify the problem → Select frameworks (STRIDE, First Principles, 5 Whys...) → Enforce cognitive checklists → Validate before executing 8 enforcement skills. 45 frameworks. Works standalone or with Superpowers. Your agent already knows these frameworks. It just never uses them unless something forces it to. Praxis is that something. github.com/xD4O/praxis

We did it! We built the fastest interactive avatar model Introducing LemonSlice-2.1 𝘍𝘭𝘢𝘴𝘩 ⚡ Here’s how we did it using @modal and @livekit 👇 (note: it was not easy)