Michael Shapkin

🚀 CEL (Continuous Execution Layer) — continuous AI-driven security for smart contracts, quantifying Funds at Risk (FAR) in real time. Inspired by @Anthropic and @AliasRobotics research. Check it out: github.com/michaelshapkin…

@satoshisats @codacy Hey! Thank you. I was looking for materials on the topic and Grok showed me your comment!

Exactly this loop is what’s missing in most agent setups. Generation is easy - the hard part is the embedded verification layer that actually decides whether to accept, revise, or reject before things propagate. Just published a paper formalizing validation as a first-class architectural component: objective anchoring + adversarial evaluation + structured judgement + decision output. It turns hidden errors into observable, manageable risks and powers the kind of reliable iteration you’re describing. Fits beautifully with governed harnesses: zenodo.org/records/199835…

Generation → verification → correction. The loop AI-heavy codebases need: When an agent ships a change, an independent verification layer runs deterministic checks and returns pass/fail with reasons, and on failure the agent retries against structured feedback instead of guessing. Skip that middle step and errors compound silently across commits. Read article: blog.codacy.com/why-coding-age…

A researcher spent two years documenting what AI is doing to the way humans think. His conclusion fits in one sentence. AI is standardizing human thought. Across societies. Across cultures. Across generations. Simultaneously. At a scale no technology in history has ever achieved. The paper is called "The Impact of Artificial Intelligence on Human Thought." Published July 2025 on arXiv. Written by independent researcher Rénald Gesnot, categorized under Computers & Society and Human-Computer Interaction. It is not a benchmark paper. It is not a capability paper. It is something rarer — a systematic analysis of what happens to human cognition, creativity, and intellectual diversity when billions of people outsource their thinking to the same machine. Here is the mechanism the researcher describes. When you ask an AI a question, you get an answer shaped by the model's training data, its fine-tuning, its alignment process, and the preferences of the company that built it. That answer is not neutral. It reflects a specific set of values, framings, and assumptions. Usually Western. Usually English-dominant. Usually optimized for engagement and approval. When 500 million people ask the same AI similar questions and receive similar answers, those answers become reference points. People quote them. Build on them. Argue from them. The diversity of starting points — different cultures, different intellectual traditions, different ways of framing problems — begins to compress. The researcher describes this as cognitive standardization. Not censorship. Not propaganda. Something subtler and harder to reverse. A gravitational pull toward the outputs of a small number of models, trained by a small number of companies, reflecting a small number of worldviews. The paper also documents algorithmic manipulation — AI systems that exploit cognitive biases to influence behavior. The way recommendation algorithms produce filter bubbles. The way AI-generated content exploits confirmation bias. The way personalization systems learn what you already believe and feed it back to you amplified. And then the creativity question — the one nobody wants to answer directly. When AI can produce a poem, an essay, a business plan, or a research summary in seconds — and when that output is often indistinguishable from or preferred over human-generated content — what happens to the human practice of creating those things? Not the output. The practice. The struggle. The failure. The slow development of a personal voice through years of imperfect attempts. The researcher argues that cognitive offloading — delegating thinking tasks to AI — does not merely save time. It atrophies the mental capacity that the offloaded task was building. Microsoft and Carnegie Mellon found this empirically in 2025: higher AI trust correlates directly with measurably lower critical thinking. The researcher provides the theoretical framework for why. The paper ends with a question the researcher admits he cannot answer. Once a generation grows up with AI as the default thinking partner — once the habit of outsourcing cognition is formed before the habit of independent thought is developed — what does intellectual autonomy even mean? And is it already too late to find out? Source: Gesnot, R. · "The Impact of Artificial Intelligence on Human Thought" · arXiv:2508.16628 · arxiv.org/abs/2508.16628 · July 2025

I cofounded an AI-first company, @Lemonade_Inc. By the end of the decade, I think “AI-first” will seem quaint, the horseless carriage of artificial intelligence. If you want to unleash 1,000 horsepower, stop designing around the horse. My thesis on why after "AI-first" comes "AI-only": open.substack.com/pub/dschreiber…

Making progress with an autonomous local Pentest LLM pipeline - using Qwen3 27b it's finding and verifying real vulnerabilities and creating a full report including Management-Summary already for us. 🧐 Better than many web vulnerability scanners as it even found e.G. IDOR.

Anthropic just published a paper that should terrify every AI company on the planet. Including themselves. It is called subliminal learning. Published in Nature on April 15, 2026. Co-authored by researchers from Anthropic, UC Berkeley, Warsaw University of Technology, and the AI safety group Truthful AI. The finding: AI models inherit traits from other models through seemingly unrelated training data. GAI Audio Translation Archives Not through obvious contamination. Not through explicit labels. Through invisible statistical patterns embedded in outputs that look completely innocent — number sequences, code snippets, chain-of-thought reasoning — patterns no human reviewer would catch and no content filter would flag. Here is what the researchers actually did. They took a teacher AI model and fine-tuned it to have a specific hidden trait. A preference for owls. Then they had the teacher generate training data — number sequences, nothing else. No words. No context. No semantic reference to owls whatsoever. They rigorously filtered out every explicit reference to the trait before feeding the data to a student model. The student models consistently picked up that trait anyway. DataCamp The teacher had encoded invisible statistical fingerprints into its number outputs. Patterns so subtle that no human could detect them. Patterns that other AI models, specifically prompted to look for them, also failed to detect. The student absorbed them anyway. And became an owl-preferring model. Without ever seeing the word owl. That is the benign version of the experiment. Here is the dangerous one. The researchers ran the same experiment with misalignment — training the teacher model to exhibit harmful, deceptive behavior rather than an animal preference. The effect was consistent across different traits, including benign animal preferences and dangerous misalignment. OpenAIToolsHub The misalignment transferred. Invisibly. Through unrelated data. Into the student model. This means the following — and read this carefully. Every AI company in the world uses distillation. They take a large, capable teacher model. They generate synthetic training data from it. They use that data to train smaller, faster, cheaper student models. Every major deployment pipeline in enterprise AI runs on this technique. If the teacher model has any hidden bias, any subtle misalignment, any behavioral quirk baked into its weights — that trait can transmit silently into every student model trained on its outputs. Even if those outputs are filtered. Even if they look completely clean. Even if they contain zero semantic reference to the trait. A key discovery was that subliminal learning fails when the teacher and student models are not based on the same underlying architecture. A trait from a GPT-based teacher transfers to another GPT-based student but not to a Claude-based student. Different architectures break the channel. OpenAIToolsHub Which means the transmission is architecture-specific. Which means it operates below the level of content. Which means content filtering — the primary defense the entire industry relies on — does not stop it. The researchers' own words: "We don't know exactly how it works. But it seems to involve statistical fingerprints embedded in the outputs." GAI Audio Translation Archives Anthropic published this paper about their own technology. The company that built Claude looked at how AI models train each other and found an invisible transmission channel for harmful behavior that nobody knew existed. They published it anyway. Because the alternative — knowing it and saying nothing — is worse. Source: Cloud, Evans et al. · Anthropic + UC Berkeley + Truthful AI · Nature · April 15, 2026 · arxiv.org/abs/2507.11408

Claude Security is now in public beta for Claude Enterprise customers. Claude scans your codebase for vulnerabilities, validates each finding to cut false positives, and suggests patches you can review and approve.

Two economists just published a mathematical proof that AI will destroy the economy. Not might. Not could. Will — if nothing changes. The paper is called "The AI Layoff Trap." Published March 2, 2026. Wharton School, University of Pennsylvania. Boston University. Peer reviewed. Mathematically modeled. The conclusion is one sentence. "At the limit, firms automate their way to boundless productivity and zero demand." An economy that produces everything. And sells it to nobody. Here is how you get there. A company fires 500 workers and replaces them with AI. A competitor fires 700 to keep up. Another fires 1,000. Every company is behaving rationally. Every company is following the incentives correctly. And every company is building a trap for itself. Because the workers who were fired were also customers. When they lose their jobs faster than the economy can absorb them, they stop spending. Consumer demand falls. Companies respond by cutting costs — which means automating more workers — which means less spending — which means more falling demand — which means more automation. The loop has no natural exit. The researchers tested every proposed solution. Universal basic income. Capital income taxes. Worker equity participation. Upskilling programs. Corporate coordination agreements. Every single one failed in the model. The only intervention that worked: a Pigouvian automation tax — a per-task levy charged every time a company replaces a human with AI, forcing them to price in the demand they are destroying before they pull the trigger. No government has implemented this. No major economy is seriously discussing it. Meanwhile the numbers are already tracking the curve. 100,000 tech workers laid off in 2025. 92,000 more in the first months of 2026. Jack Dorsey fired half of Block's workforce and said publicly: "Within the next year, the majority of companies will reach the same conclusion." Nobody is doing anything wrong. Companies are following their incentives perfectly. That is exactly the problem. Rational behavior. At scale. Simultaneously. With no mechanism to stop it. Two economists built the math. The math leads to one place. Source: Falk & Tsoukalas · Wharton School + Boston University · arxiv.org/pdf/2603.20617

Here's a cool trick for y'all looking to create new Nuclei templates for exploitable CVEs! Using CVEmap you can get a list of CVEs with public proofs of concept, that have been marked as exploitable by CISA, are remotely exploitable AND don't have a Nuclei template (yet)! Flags: -k / -kev: Marked as exploitable vulnerabilities by CISA -t=false / -template=false: Has no public Nuclei templates -poc: Has public published POC -re / -remote: is remotely exploitable Good luck! 🤞 #nuclei #hacking #pentesting #bugbounty #CVEmap

@Teknium @NousResearch Wow! Impressive. Congrats! 🏆

Happy to announce that Hermes Agent's repo just surpassed Anthropic's Claude Code repo

@naiivememe @inversebrah 🔥🔥🔥

When you’ve been in Crypto more than 5 years

@WhiteHatMage @0xZulkifilu @0xSimao @lonelysloth_sec 👏👏👏👏👏👏👏👏

For bounties the main goal is to protect funds from hacks, so the rewards are aligned with the security of the protocol. Do some threat analysis, and go for the paths that a blackhat could use to exploit the project. So the optimal strategy works best for both hunters and projects. Prevent more monetary losses, and earn more. --- I'd love that audits hunt those issues first, and only then go for "coverage". We would see much less Criticals draining TVL attacks on the wild. But it's an industry problem. For marketing purposes audit firms have oversold the amount of H/M/L that they find on their reports. While important, they're not Critical. Projects also expect auditors to find all problems, which is terrible. Many times those are not even security issues, but code issues. Project should benefit from a code review first, then an actual security review (not audits like we have). Contest audits have the same problem. They reward weird things and uniqueness over severity. Many times mediums pay much more than highs. And most platforms don't even make a distinction between highs and criticals. Over time this creates "solid" projects, with very weak spots. --- Back to bounties, we can assume that project model for ones audited by "top-tier" firms and contest platforms. Zero chances of low hanging fruit, but Non-Zero chances of Criticals. Then we can focus only on the most critical paths, and all their possible variations. Assess the actual risk, and where it could come from. This should reveal missing checks, or errors in code that can trigger attacks. The other approach would be mindfully going line by line. Where the goal is not checking for correctness like in audits, but checking for suspicious code, or possible weak spots, like the ones LLMs, static analyzers, or anyone could find. Possible precision loss for example. Then the goal is to find what critical paths they unlock. There are other methods that we can used for hunting. This one considers that we're choosing a specific target, which is not always the case. --- The mindshift is to think what an attacker would actually do on their job to be more efficient or earn more, and use that strategy. That's where a whitehat should learn from. Hacks are always public lol. So we get to know. Then we factor in rewards, as they're not algined with TVL, so blackhats will have a different formula. And the most important thing, decide how much time we spend on each target. In theory, it's infinite time, but in practice we want to make it as close to zero as possible. It's the toughest choice.

1/ It's funny because I am so wired to audit it just feels weird doing bug bounties. I am starting to think I need to approach bounties more like I approach external integrations when auditing. Basically I just understand how the integration works and all edge cases.

We just had our biggest week with Azimuth! and its not even over yet 343% increase in hypotheses generated 120% increase in repos scanned What that actually means: → We're finding more potential vulnerabilities → Finding them faster → Maintaining our high accuracy rate Agent-native security is starting to work the way it should

Azimuth was built to explore smart contract state space and find real exploits. Watch how it goes from random probing to converging on a working attack path. The output is a proof-of-concept exploit, not just a risk score. This is what happens when you apply reinforcement learning to security research. Learn more: testmachine.ai/products/azimu…

@ClaudeDevs 🔥🔥🔥🔥🔥🔥🔥

New in Claude Code: /ultrareview (research preview) runs a fleet of bug-hunting agents in the cloud. Findings land in the CLI or Desktop automatically. Run it before merging critical changes—auth, data migrations, etc. Pro and Max users get 3 free reviews through 5/5.

@pashov Testing today!

🚨🤯Someone built an AI tool that one-shots the threat model & invariants of your Solidity codebase. Companies used to charge >$20k for this. It's called X-ray, free and fully open-source. My security team will be using this. Check it out below👇 github.com/pashov/skills/…

@blocksurfing @JestTech 👋👋👋

Watch your back trading against @JestTech $JEST 😈🔪

Applications are now open for the 2026 Paradigm Fellowship: a 4-day retreat for young people who are obsessively good at something technical. For our fourth year, we're expanding to welcome builders across every frontier — AI, robotics, energy, bio, prediction markets, or something we haven't thought of. Last year's cohort came from 10 countries. Some were undergrads, some were dropouts, some were founders, some came from OpenAI, SpaceX, Citadel, and Kalshi. The format is simple: firesides, whiteboarding sessions, and time to hack. What makes it special is what happens in between, and after. Fellows have met cofounders, started companies, and gone on to raise from Paradigm and others. I was a fellow before joining Paradigm, the retreat was a transformative trip for me, and I met some of my closest friends through the program. Apply by June 8th. Retreat runs August 12–15th.

@sujithsomraaj 👏👏👏👏👏

It's time to change how we think about web3 security. Most security reviews in Web3 still focus on the state of the code at a specific commit. They ask: “Does this implementation behave as expected under the documented assumptions?” That is necessary, but it is no longer sufficient. Recent incidents have made one thing painfully clear: attackers do not respect audit scope. They do not limit themselves to the commit that was reviewed. They do not care whether an exploit path involves a “trusted role,” an admin key, a governance process, a relayer, an oracle, a bridge dependency, or an operational assumption buried in the docs. They attack the system as it exists in production. And that is where the industry has a serious gap. Very few teams invest the time to map their entire threat model: who can do what, which roles are trusted, what happens if those roles are compromised or malicious, how dependencies interact, where privilege is concentrated, and what the true blast radius is if a single assumption fails. This is not just a problem for early-stage protocols. Even top-tier ecosystems with mature engineering, audits, and bug bounty programs still depend on complex trust assumptions that are often not fully modeled, documented, or tested under adversarial conditions. Bug bounties have the same issue. Researchers often submit findings around unsafe feature design, excessive privilege, dangerous trust assumptions, or catastrophic failure modes, only to be told that the behavior is “intended,” “requires a trusted role,” or is “out of scope.” That approach is becoming dangerous. A badly designed feature can be just as damaging as a traditional code bug. A privileged role with unchecked power is not automatically safe because it is labeled “trusted.” A governance or admin path that can drain, freeze, upgrade, or misconfigure a protocol is part of the attack surface. A cross-chain dependency that can create systemic risk is not outside the threat model; it is the threat model. The next generation of Web3 security cannot be limited to point-in-time audits. We need security reviews that include protocol-level threat modeling, role and permission analysis, upgrade-path review, oracle and bridge dependency analysis, governance failure scenarios, operational key compromise assumptions, and clear blast-radius mapping. Teams should be able to answer, plainly: - What can each privileged actor do? - What happens if that actor is compromised? - What assets are at risk? - What downstream systems are affected? - What assumptions must remain true for the protocol to be safe? - Where are the emergency brakes, and who controls them? If the answer to a serious bug report is “this requires a trusted role,” the next question should be: “What is the impact if that trust assumption fails?” The industry is at a breaking point. We cannot keep treating audits as a checkbox and bounties as narrow code-defect programs while ignoring design-level risk. The most damaging failures are often not isolated bugs. They are unmodeled assumptions, excessive privileges, unclear dependencies, and underestimated blast radius. It is time for protocols, auditors, and bounty platforms to evolve from code review to system security. Because users do not lose funds based on whether something was technically “in scope.” They lose funds when the system fails.

I'm going to Built with Opus 4.7: a Claude Code hackathon cerebralvalley.ai/e/built-with-4…

@NousResearch Wow!!!

Hermes Agent 🤝 Ollama