David Gil

i can't believe more people aren't talking about this part of the claude code leak there's a hidden feature in the source code called KAIROS, and it basically shows you anthropic's endgame KAIROS is an always-on, *proactive* Claude that does things without you asking it to. it runs in the background 24/7 while you work (or sleep) anthropic hasn't turned it on to the public yet, but the code is fully built here's how it works: every few seconds, KAIROS gets a heartbeat. basically a prompt that says "anything worth doing right now?" it looks at what's happening and makes a call: do something, or stay quiet if it acts, it can fix errors in your code, respond to messages, update files, run tasks... basically anything claude code can already do, just without you telling it to but here's what makes KAIROS different from regular claude code: it has (at least) 3 exclusive tools that regular claude code doesn't get: 1. push notifications, so it can reach you on your phone or desktop even when you're not in the terminal 2. file delivery, so it can send you things it created without you asking for them 3. pull request subscriptions, so it can watch your github and react to code changes on its own regular claude code can only talk to you when you talk to it. KAIROS can tap you on the shoulder and it keeps daily logs of everything. > what it noticed > what it decided > what it did append-only, meaning it can't erase its own history (you can read everything) at night it runs something the code literally calls "autoDream." where it consolidates what it learned during the day and reorganizes its memory while you sleep and it persists across sessions. close your laptop friday, open it monday, it's been working the whole time think about what this means in practice: > you're asleep and your website goes down. KAIROS detects it, restarts the server, and sends you a notification. by the time you see it, it's already back up > you get a customer complaint email at 2am. KAIROS reads it, sends the reply, and logs what it did. you wake up and it's already resolved > your stripe subscription page has a typo that's been live for 3 days. KAIROS spots it, fixes it, and logs the change endless use-cases, it's essentially a co-founder who never sleeps the codebase has this fully built and gated behind internal feature flags called PROACTIVE and KAIROS i think this is probably the clearest signal yet for where all ai tools are going. we are heading into the "post-prompting" era where the ai just works for you in the background like an all-knowing teammate who notices and handles everything, before you even think to ask

Fuuuuuck

Claude Code has a regex that detects "wtf", "ffs", "piece of shit", "fuck you", "this sucks" etc. It doesn't change behavior...it just silently logs is_negative: true to analytics. Anthropic is tracking how often you rage at your AI Do with this information what you will

This is either brilliant or scary: Anthropic accidentally leaked the TS source code of Claude Code (which is closed source). Repos sharing the source are taken down with DMCA. BUT this repo rewrote the code using Python, and so it violates no copyright & cannot be taken down!

Yes, AI is playing a role in two ways: 1.Far more code is being written (1.5-2x by some estimates) and far more people are vibe coding without reviewing what their agents install. Every unreviewed dependency is an attack surface. 2.Attackers have woken up. We saw the first NPM worm last year. The recent TeamPCP attacks (against Trivy and LiteLLM) have stolen a massive number of credentials that most teams haven’t rotated yet. We’ll be dealing with the long tail of these compromises for 6-12 months. Not that developers were good at reviewing dependencies before. But AI has mass-produced the exact behavior attackers exploit.

Novel environments, no precedents or plagiarism possible. Humans 100%, AI <1%.

I have long felt that agent harnesses - even claude code - are too restrictive, because they are still designed by humans. New paper for Tinsghua and Shenzhen says, what if AI itself runs the harness, rather than defining it in code? Given a natural language SOP of how an agent should orchestrate subagents, memory, compaction, etc., we can just have an LLM execute that logic! (And AI could design that SOP dynamically and depending on the task too) It's a bit mind-warping to think about, but genius once it clicks. Makes you wonder how else we should be designing AI systems as we can start consuming more and more tokens

12 patients with metastatic cancer. Melanoma, breast, kidney. Doctors injected a re-engineered antibody (CD40 agonist) into a single tumor. Not IV. Not systemic. One local shot. The result: tumors shrank across the entire body, including at sites that were never touched. 2 of 12 patients hit complete remission. The injected tumors didn’t just shrink. They were replaced by organized immune tissue, tertiary lymphoid structures, essentially training camps for cancer-killing T cells. Zero severe side effects. The concept: instead of flooding the body with immunotherapy and hoping it finds the cancer, turn one tumor into a vaccine against itself. Train the immune system locally. Let it hunt globally. Nearly 200 patients now in expanded trials across bladder, prostate, and brain cancers. Published in @Cancer_Cell by Jeffrey Ravetch’s lab at @RockefellerUniv and @MSKCancerCenter

For educational purposes only ... ... unless you have cancer.

Every LLM from any lab today, including from OpenAI taces back to @jeremyphoward and @seb_ruder with their ULMFiT paper. The breakthrough for LLMs was transfer learning, not Attention.

🚨‼️ BREAKING: PyPI package telnyx has been compromised by TeamPCP in yet another supply chain attack. The malware executes immediately upon importing telnyx. It drops a valid WAV audio file and runs an executable embedded within the frames.

Yo fui ingeniero en Meta, y siempre seguía FAIR desde adentro. Lo que acaban de publicar es la versión que les dejan publicar. Pero con eso, es más que suficiente para decirles exactamente que es lo que está pasando. TRIBE v2 predice, vértice por vértice sobre la corteza cerebral, qué zonas activa cualquier video. Sin escáneres. Sin humanos. Subes el contenido, obtienes el mapa neural (activación emocional, supresión de razonamiento crítico, modulación prefrontal) antes de que el video lo vea un solo usuario. Ahora considera la posición de Meta: 1. Tiene años de datos de Reels sobre qué contenido retiene atención, genera enojo, provoca compartir. 2. Saben empíricamente qué funciona. TRIBE v2 les da el mecanismo causal de por qué funciona (a nivel de tejido cortical) Eso convierte correlación histórica en capacidad predictiva sobre contenido nuevo. 3. Internamente hay herramientas que se llaman Gatekeepers y Quick Promotions que sirven para inyectar contenido en el feed de poblaciones arbitrarias a escala. 4. Simulador de respuesta cerebral + conocimiento empírico de contenido efectivo + maquinaria de distribución selectiva. El pipeline está completo. Y luego está Thiel. Inversor y amigo personal de Zuck. Fundador de Palantir, cuyo negocio es análisis de poblaciones a escala para gobiernos e inteligencia. NO es descabellado observar que confluyen los incentivos de plataformas construidas por las mismas personas. La licencia CC BY-NC dice que Meta retiene los derechos comerciales del predictor de respuesta cerebral más preciso jamás construido. Y recuerda, esto es lo que decidieron hacer público.

Introducing TurboQuant: Our new compression algorithm that reduces LLM key-value cache memory by at least 6x and delivers up to 8x speedup, all with zero accuracy loss, redefining AI efficiency. Read the blog to learn how it achieves these results: goo.gle/4bsq2qI

most people have no idea how fast we're moving by end of 2026, we will have > trials 10x cheaper(gingko x gpt already doing this) >peptide supply chain infrastructure(we're funding) >decentralized clinical trial platforms >gene therapy manufacturing at scale the biotech infrastructure unlock is happening brace for human 2.0.

mare meua

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

vaya locura, hay algún algoritmo que le compita en velocidad? y hecho 100% en Madrid ☀️

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below