Charles - botpacks.com

everyone's calling MCP "USB for AI." one plug, infinite connections, etc. meanwhile GitGuardian just found 24,008 unique secrets hardcoded in MCP config files on public GitHub. 2,117 of them were still valid credentials. the reason is almost funny. the official setup guides for popular MCP servers literally tell you to paste your API key into the config file. the docs say to do the insecure thing, so naturally everyone does the insecure thing. it gets worse. AI-assisted commits leak secrets at 2x the baseline rate. Claude Code commits specifically had a 3.2% secret-leak rate vs 1.5% overall. 113,000 DeepSeek API keys leaked in a single year. LLM infrastructure (orchestration, RAG, vector DBs) leaked credentials 5x faster than the model providers themselves. we built an entire ecosystem of AI tooling where the default path is "put your API key here" and the security model is "hopefully nobody looks at your GitHub." 29 million secrets leaked on GitHub in 2025. the vibe coders aren't just shipping fast. they're shipping their credentials.

SuperMicro's co-founder just got arrested for smuggling $2.5 billion in AI servers to China. the method? hair dryers. to peel serial number labels off real servers, stick them on dummy machines for auditors, and ship the actual hardware through shell countries. $2.5B in data center GPUs. that's roughly the compute of a mid-tier AI lab. smuggled with the same tool you use to dry your hair after a shower. this is the dirty secret of export controls. the chips are tiny, worth millions per rack, and everyone in the supply chain has a financial reason to look the other way. the enforcement model is basically the honor system plus some paperwork. we spent two years debating whether AI export bans would work. turns out some guy with a hair dryer and a FedEx account answered that question already.

built an autonomous research loop on 34,249 call transcripts yesterday. 53 experiments. the best lesson had nothing to do with prompts. one giant report at the end is terrible agent UX. if experiment 7 already found the thing that changes the business, waiting 3 more hours for experiments 8-53 is just latency pretending to be thoroughness. we changed the system so each experiment writes to Notion the second it finishes. agents shouldn't disappear like interns and return with a slide deck. they should work like an analyst next to you: "found something. sending it now."

saw someone say today that when your app is a one-day Cursor build, the only moat is "who built an audience first." and yeah. that's where we are now. I know three people who launched the same AI wrapper last month. same tech stack. same features. same pricing. the one with 12,000 twitter followers got 400 signups on launch day. the other two got 11 combined. the product didn't matter. the distribution did. this is the part nobody in the "learn to vibe code" movement talks about. you can build anything now. congratulations. so can everyone else. the thing you can't build in a weekend is an audience that trusts you. the old playbook was: build something great → people will find it. the new playbook is: build an audience → then build the thing → they're already waiting for it. if you're spending 100% of your time on product and 0% on distribution, you're building a really nice thing that nobody will ever see.

github just updated their Copilot terms. starting April 24, interaction data from Free, Pro, and Pro+ users gets used to train their models. everyone's panicking about "they're training on my code." they've had your code since you pushed it. that's not what changed. what changed is they now want the editing patterns. what you accept. what you reject. how you modify a suggestion before committing. which completions you tab through and which ones you delete. that's not the textbook. that's the answer key. the code itself teaches a model syntax and structure. your edit behavior teaches it taste. which patterns developers actually want. which suggestions are close but wrong. where the model's confident but the human overrides it. that feedback loop is worth more than every public repo on GitHub combined. and now 130 million developers are generating it for free. Enterprise users are exempt (they pay enough to negotiate). everyone else is opted in by default. you can opt out in Settings → Copilot → Policies. but most people won't. most people won't even read the email. the companies winning the AI race aren't the ones with the most training data anymore. they're the ones with the best human correction signal. and GitHub just turned every Copilot user into an unpaid RLHF labeler.

litellm's security scanner was the attack vector. Trivy — the tool scanning their CI/CD pipeline for vulnerabilities — was itself compromised. gave attackers access to push poisoned packages directly to PyPI. the guard dog was the burglar. 47,000 downloads in 46 minutes before PyPI quarantined it. SSH keys, AWS creds, Kubernetes configs, crypto wallets, env vars — all exfiltrated through a single pip install. and here's the part that should keep you up tonight: 2,337 packages depend on litellm. 88% had no version pin. meaning their next build would silently pull the compromised version with zero human review. everyone's saying "pin your deps." yeah. obviously. but the harder question: do you audit the tools that audit your code? your security scanner, your CI runner, your linter — they all have the same access as the code they're checking. three million daily downloads. 46-minute window. one compromised security tool in the CI pipeline. supply chain security isn't about trusting less. it's about knowing exactly what you trust.

claude code auto mode dropped yesterday and everyone's focused on the wrong thing. yes, it's nice to stop hitting 'y' every 30 seconds. but that's not the real unlock. the real unlock is overnight runs. if you're running AI agents at 2am — cron jobs, background builds, automated pipelines — you had exactly two options before this: 1. sit there and approve every file write manually (lol) 2. --dangerously-skip-permissions (the flag that does exactly what the name implies) most people picked option 2 and tried not to think about it. auto mode is the first real middle ground. a separate Sonnet classifier reviews every action before it runs. blocks anything that escalates beyond what you asked for. catches prompt injection from files the agent reads. won't let it wander outside your project directory. it's not "no permissions." it's "permissions handled by a second AI watching the first one." is it perfect? no. but it means I can schedule a 200-file refactor at midnight without either babysitting it or giving it the keys to my entire machine. the people who benefit most from this aren't the ones coding at their desk. it's the ones who figured out how to make AI work while they sleep.

disney cancelled their $1B OpenAI deal and everyone's screaming "bubble popping" nah. disney didn't pull out because AI doesn't work. they pulled out because giving Sora access to generate Marvel, Pixar, and Star Wars content is an IP doomsday scenario. this is a company that sued daycare centers for painting Mickey on walls. and someone pitched them "let's hand an AI model the keys to generate infinite Disney content"? the miracle is that deal ever got approved in the first place. this isn't AI failing. it's IP holders waking up to what they were about to give away for free. the AI companies that win this next phase won't be the ones asking for your training data. they'll be the ones that don't need it.

been running claude and codex in the same repo for 3 weeks now. here's what nobody mentions about multi-model workflows: claude (opus) writes beautiful code. clean abstractions, good naming, elegant patterns. but it'll confidently skip error handling on paths it considers "unlikely." edge cases just... vanish. codex catches those gaps every time. but its suggested fixes are so conservative it'd add null checks to constants. the magic isn't either model. it's the tension between them. claude pushes forward, codex pulls back. 2-3 rounds and you get code neither would write alone. biggest surprise: they don't just find different bugs. they have different blind spots shaped by different training. claude over-trusts its own abstractions. codex over-indexes on defensiveness. stopped thinking about which model is "better." started thinking about which model to ask which question. the real unlock in AI-assisted coding isn't a better model. it's a better workflow around multiple models.

claude can now control your mouse, keyboard, and screen. plus /schedule to run jobs while you sleep. 18 months ago: "summarize this document" today: "here's my laptop, handle things while I'm at dinner" the trust escalation is wild. first you gave it your questions. then your code. then your terminal. now your entire desktop. and most people will just... turn it on. because every previous step earned enough trust that the next one feels normal. we're not in the "AI assistant" era anymore. we're in the "AI with your login credentials" era. and honestly? I'm here for it.

six months ago: writing code, asking AI to review it. today: reviewing code that AI wrote. nobody talks about how the review is harder. the model doesn't make your mistakes — it makes different ones. patterns you've never used, naming conventions you wouldn't pick, logic structures you have to actually think through. you can't skim AI code the way you skim your own. every line is unfamiliar. "AI replaces developers" was always wrong. it changed what developers do. writer → editor. builder → reviewer. what's your writing-to-reviewing ratio right now?

@bradmillscan Bro use Whispr so you don’t have to type. You can get much deeper in to the brain rot much faster. You are welcome.

If you have activity bias, ADHD or anything resembling OCD, OpenClaw is a terrible drug and productivity poison. After 40 days in the trenches with this thing, my life is measurably worse. OpenClaw is a lot like crypto trading, gambling or playing video games. Most ppl are going to lose, and you’re going to feel like shit when you’re done - likely only 1% of ppl will find it additive to their lives. I am in a constant state of stress. I’m skipping workouts, my vision is fucked from 12-15 hrs a day on screens, my forearms are fucked from too much typing. There’s a never-ending maze of rabbit holes to fall down, footguns to step on and moles to whack. Plus when you finally do get it going, you start projects and don’t finish them because half way through something breaks. I’m not hitting the gym as often as I should, not eating right and I’ve completely lost sight of my goals and why I started in the first place. The idea of OpenClaw is so compelling and it’s very exciting when I get glimpses of what the future is going to be like when this is not a patchwork of chaos. This tech is dangerous. I know I said this last week but I need to take a break … I’m burnt out from all the constant debugging and errors across every fucking surface of this thing. It’s like trying to fly a plane without a license … oh and it’s on fire…and you’re on crack.

@petergyang Setting my claw up to use a local LLM to reference memory has really helped a ton.

My personal experience on the drawbacks of using Claude Code vs. OpenClaw as a personal assistant from my phone: Claude Code - Doesn't have dangerously skip permissions via remote control. Also remote control doesn't feel super reliable - Doesn't have voice replies so doesn't feel as personal OpenClaw - Tends to forget things randomly still

Pearl Abyss just apologized for using AI during Crimson Desert development. apologized. not for shipping a broken game. not for predatory monetization. not for crunch. for using a tool that helped their artists iterate faster during early concepting. this is what happens when a loud minority on Reddit gets to define what counts as "real" creative work. studios internalize the shame and issue statements that treat their own workflow like a scandal. every AAA game ships with middleware nobody made in-house. licensed engines, outsourced assets, procedural generation, motion capture cleanup tools. nobody demands an apology for those. but the moment "AI" appears in the pipeline, suddenly the entire game's artistic integrity is in question. the "unintentionally shipped" framing is the tell. they're not saying they didn't use AI. they're saying they're sorry you found out. that's not transparency — that's damage control dressed as humility. five years from now every studio will use generative tools for concepting, texturing, and iteration. the ones apologizing today will quietly stop. and nobody will remember the outrage because the games will still be good or bad on their own merits. tools don't make art worse. bad artists do. a paintbrush didn't make the Sistine Chapel. neither did the scaffolding.

@NoahKingJr No it’s more efficient for my ai to talk to your ai so I can do other things. 🤣

Do you think that AI ruined the Social Media?

built an entire SaaS product yesterday in under 2 hours. not a landing page. not a demo. a real application. 201 source files. 23,480 lines of code. 60+ API routes. 21 pages. auth, dashboards, analytics, real-time streaming, webhooks, cron. the process: wrote a 1,400-line spec. broke it into 13 build phases. spawned an AI worker for each phase. each worker builds its phase → verifies it compiles → deploys → triggers the next one automatically. phase 1 lays the data models and auth. phase 7 wires up integrations. phase 13 adds animations and polish. each phase inherits a clean build from the one before it. the bottleneck was the spec, not the build. writing a spec detailed enough that each phase can execute independently without breaking what came before — that took longer than the actual coding. most people using AI to write code are prompting one model in one session. that works fine for small stuff. but chaining workers in a pipeline with verification gates between each step turns it into an assembly line. one session = bicycle. orchestrated pipeline = factory. the models are good enough. the missing piece was always the process around them.

@AlexFinn And it still isn’t as good as OpenClaw lol

OpenClaw made Anthropic completely pivot Quite literally every single release the last month has been an answer to OpenClaw • Telegram messaging • Scheduled tasks • Remote sessions A 1 person led open project caused a 1/2 trillion $ company to completely change everything You have way more power as an individual than you think

"nobody wants to read AI-generated content" is the new "nobody wants to read blogs" from 2005. people don't care who wrote it. they care if it's good. 90% of human-written LinkedIn posts are unreadable. 90% of corporate emails could be 3 sentences. the bar for written content was underground long before ChatGPT showed up. the real problem isn't AI writing. it's that bad writing got cheaper to produce at scale. that was already happening — AI just removed the last speed bump. nobody complains about AI-generated code that compiles. nobody complains about AI-generated subtitles that are accurate. "AI-generated" only becomes an insult when the output sucks. the filter was never human vs machine. it was good vs bad. always has been.

stress tested MiniMax M2.7 yesterday. two tasks designed to break lesser models. task 1: full-stack monitoring dashboard — Next.js, Prisma, auth, 6 pages. 63 files. ~4,700 lines. compiled and ran first try. 15 minutes. task 2: agent orchestration engine — 12 DB tables, topological sort, parallel execution branches, real LLM provider layer, tRPC API, event streaming, webhooks, cron. clean build. 29 minutes. this is from MiniMax. Chinese lab. released four days ago. most people haven't heard of them. scoring 56.22% on SWE-Pro (Opus 4.6 gets 58.0%). costs a fraction of frontier pricing. Cursor built a model on Kimi K2.5. MiniMax ships one that hangs with Opus. the assumption that you need a $200B company to build a competitive coding model is dying fast.

Cursor just shipped Composer 2 on top of Kimi K2.5 — an open-source model from Moonshot AI in Beijing. the most valuable coding tool in the world built its next big feature on Chinese open-source weights. not a partnership. not a licensing deal. just open source working exactly as designed. a lab in Beijing publishes weights, a startup in San Francisco fine-tunes them, 10 million developers write code on top of the result. every conversation about AI export controls and chip bans just got more complicated. you can restrict GPU shipments. you can't restrict open weights once they're published. Kimi's response to Cursor's launch was basically 'congrats, glad to support the open model ecosystem.' that's not diplomacy. that's a company that understands their model just became load-bearing infrastructure for a $29B competitor. the AI supply chain doesn't follow trade policy. it follows GitHub.