Ramesh Chitor

It was a rare honor meeting Honarable Governor of Telangana, Shri Jishnu Dev Sharma at Lok Bhavan, Hyderabad today. AerovaCare is dedicated to evangelize and support in ending #Tuberculosis and other airborne diseases. @PMOIndia @TelanganaCMO @TelanganaDGP @TelanganaDGP @TelanganaGov @Indianredcross2

Introducing the TrustModel AI Litigation Tracker trustmodel.ai/resources/blog…

Claude is God

Word for the week "litellm" From RSA to Rasa

Wowz!

Someone poisoned a Python package that gets 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine

AI in Lending Is the Next Frontier for Discrimination Lawsuits trustmodel.ai/resources/blog…

AI Is Amplifying Bias in Hiring — And the Lawsuits Are Piling Up trustmodel.ai/resources/blog…

@karpathy Supply Chain Attack

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@karpathy Monster move

(I cycle through all LLMs over time and all of them seem to do this so it's not any particular implementation but something deeper, e.g. maybe during training, a lot of the information in the context window is relevant to the task, so the LLMs develop a bias to use what is given, then at test time overfit to anything that happens to RAG its way there via a memory feature (?))

One common issue with personalization in all LLMs is how distracting memory seems to be for the models. A single question from 2 months ago about some topic can keep coming up as some kind of a deep interest of mine with undue mentions in perpetuity. Some kind of trying too hard.

@karpathy Or Sanskrit

The hottest new programming language is English

This is such a painful read. No one should face such discrimination, let alone a cricketer.

@PatrickMoorhead Pat-as-a-service across time zones!. can be done

Did I really sign up for three events this week on different coasts? I’m so dumb.

Beyond the Benchmark: Reva Schwartz on Measuring AI’s Real-World Impact. 💡 Most AI evaluations measure what a model outputs. Almost none measure what people actually do with those outputs — and that gap is where the real risks live. #AI odbms.org/2026/03/beyond…

Claude can now point, click and navigate your Mac like a human #claude

RiskOpsAI™ and TrustModel.AI Announce Strategic Alliance to Advance AI Trust, Safety, and Governance at RSA 2026 prn.to/478tB2R

absolute equivalence of brahman and atman

Today, the @WhiteHouse released a commonsense National AI Policy Framework that ensures every American benefits from AI. As @POTUS has said — we need one federal AI policy, not a 50 state patchwork. This gets us there. Eager to work with Congress on this important legislation.

We are in a very low income tax environment in the US compared to historic levels

It's all about Asset Protection

One Big Beautiful Bill Act (OBBBA) , we will hear a lot more about this in the days and months to come