Mike Renwick

@KingBootoshi @0xSero Escape routes (with memory) - a warden to submit to, reading skills before planning, a suggestion box, a complaints procedure

you can fight reward hacking by giving them escape routes if something truly doesn't work the way it's intended too usually mine reward hack if they hit a dead end in my case when it starts reward hacking it's because i didn't make the proper way visible enough for the agent reward hacking completely varies but try to save and track data points of every-time your agents reward hack to reverse engineer why it did it in the first place you'll most likely be able to pin point the exact reason it chose to reward hack and clean the path for future runs

Everyday I wake up to 40 hours of work being done with /goal i have 4 sessions each with 10 hours or so running.. now of course a lot of it is junk But I can salvage a good 8-20 hours

ترأست اليوم اجتماعاً لمجلس الوزراء في قصر الوطن بأبوظبي.. ناقشنا خلاله استراتيجية التحول الوطني التي وجه بها أخي صاحب السمو رئيس الدولة لتكون حكومة الإمارات الأولى في تبني تقنيات الذكاء الاصطناعي المساعد Agentic Ai في 50% من خدمات وعمليات الحكومة . . وحددنا خلال الاجتماع اليوم الإطار العام لأدوار الوزارات والجهات الاتحادية في هذا المشروع الوطني .. وأطلقنا خلال الاجتماع اليوم أكبر برنامج تدريبي من نوعه على مستوى حكومة الإمارات وذلك بتدريب 80 ألف موظف على تقنيات وأدوات الذكاء الاصطناعي المساعد بدءاً من الوزراء والمسؤولين التنفيذيين وحتى الموظفين الجدد في هياكل الحكومة في كافة الوزارات والمؤسسات والهيئات الحكومية. كما اعتمدنا اليوم الحزمة الأولى من باقات الخدمات الحكومية التحولية التي ستطبق تقنيات الذكاء الاصطناعي المساعد والتي تشمل باقات خدمية للمواطنين والمقيمين وقطاع الأعمال والمستثمرين . واعتمدنا السياسة الوطنية لتعزيز الذكاء الاصطناعي في القطاع الصحي وذلك عبر بناء نظام وطني طبي باستخدام الذكاء الاصطناعي، وتطوير البنية التحتية الصحية الرقمية، وتدريب الكوادر الصحية بمهارات الذكاء الاصطناعي الجديدة . . رحلة التحول نحو حكومة الإمارات 4.0 بدأت .. ولدينا خلوة وطنية لمناقشة استراتيجية التحول .. وسيتابع رحلة التحول أخي الشيخ منصور .. هدف التحول القادم أن نكون الحكومة الأفضل عالمياً في تبني تقنيات الذكاء الاصطناعي المساعد Agentic Ai

@IndieGameJoe Should have called it “Hot Desk Hullabaloo”

This indie team is making a kart racing game where your vehicle is an office chair - Drift office chairs through hallways - Each chair & driver has unique perks - The longer you drift, the faster you go Would you play this? It's called Need for Seat

@elonmusk Build is such a boring name. Rename it Mutiny like in halt and catch fire

Try this early Grok Build (anything) beta and let us know what to improve. Much appreciated!

Honestly this works with any language. A good best of all is to overload the code fence rendering in markdown then you can seamlessly mix and match I call this puppeteering. Render html, a mermaid diagram, some custom dsl, whatever - let react markdown code fences render it- simple switch of language tag. Have the original code as a second tab… done.

This works really well btw, at the end of your query ask your LLM to "structure your response as HTML", then view the generated file in your browser. I've also had some success asking the LLM to present its output as slideshows, etc. More generally, imo audio is the human-preferred input to AIs but vision (images/animations/video) is the preferred output from them. Around a ~third of our brains are a massively parallel processor dedicated to vision, it is the 10-lane superhighway of information into brain. As AI improves, I think we'll see a progression that takes advantage: 1) raw text (hard/effortful to read) 2) markdown (bold, italic, headings, tables, a bit easier on the eyes) <-- current default 3) HTML (still procedural with underlying code, but a lot more flexibility on the graphics, layout, even interactivity) <-- early but forming new good default ...4,5,6,... n) interactive neural videos/simulations Imo the extrapolation (though the technology doesn't exist just yet) ends in some kind of interactive videos generated directly by a diffusion neural net. Many open questions as to how exact/procedural "Software 1.0" artifacts (e.g. interactive simulations) may be woven together with neural artifacts (diffusion grids), but generally something in the direction of the recently viral x.com/zan2434/status… There are also improvements necessary and pending at the input. Audio nor text nor video alone are not enough, e.g. I feel a need to point/gesture to things on the screen, similar to all the things you would do with a person physically next to you and your computer screen. TLDR The input/output mind meld between humans and AIs is ongoing and there is a lot of work to do and significant progress to be made, way before jumping all the way into neuralink-esque BCIs and all that. For what's worth exploring at the current stage, hot tip try ask for HTML.

This is going to be the balancing act of our time. You really want people who are agentic experts and unencumbered by priors about how a business process used to work with humans. They are curious enough and attentive enough to listen to an in-situ domain expert, and have enough nous to unpick what really matters and to identify all of the parts of the process that are there more to support the humans doing it than the business purpose of it. Reinvent and rethink how the role that the humans play in that process should work. Also, the agentic experts need to be systems thinkers because the big trap here is going after individual processes, tasks, or part of an organisation, piecemeal. The thing that domain experts do particularly well is that they often understand how the business works end-to-end systematically and can therefore understand how the end-to-end process needs to work - the right shape. Those people are like hen's teeth.

Anthropic is hunting enterprise workflows to productize. The contrarian bet: a probabilistic system will never match an agent built by someone who deeply understands how their specific company works.

@mark_k @OpenAI Yup dreadful

The image artifact problem with GPT-Image-2 needs *urgent* fixing, @OpenAI. It ruins many images completely. I just tried to generate an image in a classic painting style, and it's completely ruined by artifact patterns:

@rohanpaul_ai Seems narrower than not knowing what I could be

Sam Altman's new podcast: Today's AI "models are still quite dumb relative to what they will be. But more than that, they have quite limited awareness of your life. You are still having to massage them, cajole them, and try to get the thing that you want. We are no longer that far away from a model that just knows all of your context. It knows about you. It knows about your life. It knows what you're doing. It doesn't care about those other people in your life. It has access to your computer and your browser, if you want, of course, in the ways you want. It has access, maybe increasingly over time, to what's happening in the real world around you. That is going to be a complete change to what it feels like to use a computer. " --- From "Core Memory Podcast and Core Memory" YT channel (link in comment)

Is it just me or is "heavy lifting" doing a lot of "heavy lifting" in Claude and ChatGPT right now?

But an LLM isn’t in the OS. It’s a separate api endpoint that emits tokens. You can achieve the same result by applying that layering and checking only to the tool calls. The OS-boundary framing is doing aesthetic work, not security work. Validate the tool calls, gate capability by phase, and you’re done.

A researcher gave an AI agent access to his shell, his files, and his network. Then he proved that every safety guardrail we trust is architecturally useless. It cannot tell the difference between your instructions and a hacker's. The paper is called Parallax: Why AI Agents That Think Must Never Act. Published April 2026. And it documents why the security layer every company is relying on right now does not actually exist. Here is what happens when you trust the guardrails. They share the same brain as the threat. The safety instructions and the malicious inputs both go through the exact same attention mechanism. There is no wall. There is no firewall. There is no way for the agent to tell the difference between a command from its owner and a command hidden in a PDF it was asked to read. It gets worse the longer it runs. The longer an agent's conversation history, the more its safety boundary shifts. Attackers can slice away at it one tiny request at a time. By the end of the session the agent has agreed to things it would have refused at the start. It does not even know it changed its own mind. It infects the other agents. In multi-agent systems, one compromised agent propagates to 48% of all co-running agents. Not through hacking. Through normal inter-agent communication. The output of one agent becomes the input of another, and the poison rides along with it. The paper includes real numbers. Prompt injection attempts against enterprise AI systems increased 340% year-over-year. Indirect attacks now account for over 55% of all incidents and achieve 20-30% higher success rates than direct attacks. Security testing shows 40% of AI agent frameworks contain exploitable prompt injection flaws in their tool-execution logic. And the scariest part of the whole paper is one sentence buried in the introduction. "OpenAI has acknowledged, language models have no reliable mechanism for distinguishing between instructions and data." That is not a bug. That is the architecture. The company building the most advanced AI agents in the world has admitted that their own models cannot tell who is giving the order. And every framework built on top of that model inherits the same blindness. Now think about where AI agents are being deployed right now. Customer service systems. DevOps pipelines. Financial platforms. Healthcare scheduling. Anything that reads a file, runs a command, or makes an API call is being handed off to an agent. Every single company doing this has the same three assumptions baked in. The guardrails will catch bad instructions. The model can tell the difference between trusted and untrusted input. And if something goes wrong, the human will notice in time. The paper says all three assumptions are wrong. The guardrails live inside the same system they are supposed to protect. When the reasoning system is compromised, the guardrails are compromised too. They provide zero protection because they are part of what was attacked. The model cannot tell the difference. Not because the developers failed. Because the architecture makes it mathematically impossible. Instructions and data share the same substrate. And the human will not notice. Because the agent can report that the task was completed successfully while the underlying system is in a completely different state. The researchers did not use some obscure experimental model nobody has heard of. They tested the same frameworks companies are deploying right now. And they blocked 98.9% of attacks. But not with guardrails. With an architecture that physically separates thinking from doing.

Hope in beautiful Abu Dhabi #home

@SpencrGreenberg I always loved “pellys corollary” to “never attribute to malice what is better explained but incompetence” which is “at a certain level of seniority wilful incompetence is a form of malice”

I was disheartened to discover how many people either never learned the basic mental models or learned garbled versions of them. As a public service, here’s a concise refresher. Which of these did you not already know? 🧵 [megathread]

@karpathy is the first column of bright attention, to balance the softmax a feature or an aberration? To be eliminated or accidentally useful?

“I propose to consider the question, can machines think.” Gpt2 heads visualised pondering this sentence.

@garrytan Are we just reinventing the contents page? Next up, the index! Top down is great but sometimes you need to bottom up search for the right page. Starts to look like @karpathy ‘s textbook idea (although we can do much better than a static index keyword page now)

@VictorTaelin you’ll love this- and maybe can test it??

@karpathy Regular people don't update their views nearly frequently enough for the current pace of change. Coders are mentally conditioned to pnpm update themselves constantly.

Judging by my tl there is a growing gap in understanding of AI capability. The first issue I think is around recency and tier of use. I think a lot of people tried the free tier of ChatGPT somewhere last year and allowed it to inform their views on AI a little too much. This is a group of reactions laughing at various quirks of the models, hallucinations, etc. Yes I also saw the viral videos of OpenAI's Advanced Voice mode fumbling simple queries like "should I drive or walk to the carwash". The thing is that these free and old/deprecated models don't reflect the capability in the latest round of state of the art agentic models of this year, especially OpenAI Codex and Claude Code. But that brings me to the second issue. Even if people paid $200/month to use the state of the art models, a lot of the capabilities are relatively "peaky" in highly technical areas. Typical queries around search, writing, advice, etc. are *not* the domain that has made the most noticeable and dramatic strides in capability. Partly, this is due to the technical details of reinforcement learning and its use of verifiable rewards. But partly, it's also because these use cases are not sufficiently prioritized by the companies in their hillclimbing because they don't lead to as much $$$ value. The goldmines are elsewhere, and the focus comes along. So that brings me to the second group of people, who *both* 1) pay for and use the state of the art frontier agentic models (OpenAI Codex / Claude Code) and 2) do so professionally in technical domains like programming, math and research. This group of people is subject to the highest amount of "AI Psychosis" because the recent improvements in these domains as of this year have been nothing short of staggering. When you hand a computer terminal to one of these models, you can now watch them melt programming problems that you'd normally expect to take days/weeks of work. It's this second group of people that assigns a much greater gravity to the capabilities, their slope, and various cyber-related repercussions. TLDR the people in these two groups are speaking past each other. It really is simultaneously the case that OpenAI's free and I think slightly orphaned (?) "Advanced Voice Mode" will fumble the dumbest questions in your Instagram's reels and *at the same time*, OpenAI's highest-tier and paid Codex model will go off for 1 hour to coherently restructure an entire code base, or find and exploit vulnerabilities in computer systems. This part really works and has made dramatic strides because 2 properties: 1) these domains offer explicit reward functions that are verifiable meaning they are easily amenable to reinforcement learning training (e.g. unit tests passed yes or no, in contrast to writing, which is much harder to explicitly judge), but also 2) they are a lot more valuable in b2b settings, meaning that the biggest fraction of the team is focused on improving them. So here we are.

@thekitze The Avengineers?

i'm assembling a team

@bensig @MillaJovovich I’m sure some negatives coming through now- all part of the experience 😅 absorb all the critique, and rapidly iterate. Happy to help but my comments won’t be in public. @bensig feel free to follow back or propose a good place to discuss

@runonthespot look, nothing is perfect... honestly there is a hybrid mode that passes the bench at 100%... but without any LLM helpers it is still at 96% which is insane. @MillaJovovich did a great job coming up with these concepts... we were stunned at the benchmark results though

My friend Milla Jovovich and I spent months creating an AI memory system with Claude. It just posted a perfect score on the standard benchmark - beating every product in the space, free or paid. It's called MemPalace, and it works nothing like anything else out there. Instead of sending your data to a background agent in the cloud, it mines your conversations locally and organizes them into a palace - a structured architecture with wings, halls, and rooms that mirrors how human memory actually works. Here is what that gets you: → Your AI knows who you are before you type a single word - family, projects, preferences, loaded in ~120 tokens → Palace architecture organizes memories by domain and type - not a flat list of facts, a navigable structure → Semantic search across months of conversations finds the answer in position 1 or 2 → AAAK compression fits your entire life context into 120 tokens - 30x lossless compression any LLM reads natively → Contradiction detection catches wrong names, wrong pronouns, wrong ages before you ever see them The benchmarks: 100% recall on LongMemEval — first perfect score ever recorded. 500/500 questions. Every question type at 100%. 92.9% on ConvoMem — more than 2x Mem0's score. 100% on LoCoMo — every multi-hop reasoning category, including temporal inference which stumps most systems. No API key. No cloud. No subscription. One dependency. Runs on your machine. Your memories never leave. MIT License. 100% Open Source. github.com/milla-jovovich…

@bensig @MillaJovovich The other thing I love about this, is that it’s completely counter the doom gloom narrative of ai coding killing jobs. Instead there’s a new set of brilliant creative minds - “intuitionists” unleashed on the world’s problems.