Scott Ratigan

@lukefr09 @nnwakelam Human-only vulnerability research is effectively already done, even before this new model.

@nnwakelam 2 to 181 is not an improvement... that's a different capability entirely. i genuinely think this could be the end of vuln research, or at least human only vuln research

red.anthropic.com/2026/mythos-pr… Opus 4.6 turned Firefox 147 JavaScript engine vulnerabilities into shell exploits only two times out of several hundred attempts. Mythos Preview developed working exploits 181 times from the same starting point.

@pleasedontatme The stack overflow method. One day there will be no contributors.

love AskHistorians. the posts mostly have comment counts of 50+ and they’ve all been deleted for not following the rules

my friends and i bought a foreclosed alley in san francisco. it's an actual road that cars drive down! we're letting the entire internet design a mural on it. submit a drawing, vote on them, and the top 1,280 get painted on the pavement permanently ⬇️

Signal acquired! 📡 Engineers at @NASAJPL have confirmed that the Orion spacecraft is communicating with the Deep Space Network. For the first time in over 50 years, we’re receiving a signal from a spacecraft carrying humans toward the Moon.

hiring is impossible BECAUSE it's so easy to apply finding a relationship is impossible BECAUSE new dates are a swipe away getting into university is hard BECAUSE you can CommonApp apply to 50 at once convenience is washing away friction that actually carried a lot of signal

I don’t think people realize how much healthcare costs are driving big companies to fire and not hire. It costs them $30k per family, per year for premiums and care. Most of that goes to the massive, vertically integrated insurance companies that send weekly bills that no one reviews in details. And it doesn’t include the company overhead to deal with it all. It’s usually the 2nd largest expense after payroll. Which is insane It’s far easier to blame AI than it is to blame Healthcare costs. Want to increase jobs, wages and improve affordability for every American ? Break up the biggest insurance companies. Make divest non insurance companies. They don’t need thousands of subsidiaries. That’s how they game and abuse the system and increase costs for all of us. Call your senator and tell them to support the BreakUp Big Medicine Bill by @HawleyMO and @SenWarren.

@karbon0x @weswinder @GrantSlatton Did you see recent Reddit discussions on this? It sounds fairly common.

@weswinder @GrantSlatton We can definitely do better! Feedback is always welcome and my DMs are always open for help.

a friend switched his pro subscription from openai to anthropic in a show of support for all the department of war stuff anthropic banned his account for false-positive suspicious activity within a few days lmao

Probably not a good time to remind y'all that the terror prevention chief is a 22-year-old former gardener and grocery store clerk.

What you’re hearing is the sound of a nation roaring in celebration at the death of Khamenei, the man who murdered thousands of Iran’s children.

@ianldgs @mattpocockuk Yes, ideal solutions help humans too. This only works for a subset of things though. Cloud workspaces can help here.

@mattpocockuk I get the point of the video (can do this for anything), but for npm, just use `packageManager` field in package.json and engine strict. Will work for human agents in the team too ;)

Claude Code: "npm add ..." You: "Use pnpm, you idiot!" *adds it to CLAUDE​.md* Claude: "npm add ..." There's a better way:

@proxy_vector @mipsytipsy The intent can be included with the code base in comments, markdown, mermaid, etc.

the real shift nobody talks about: debugging was always about understanding *intent* behind code, not just the code itself. when AI writes it, theres no intent to trace back to observability tooling is gonna eat the debugging market because you literally cant "ask the author" anymore. structured logs, traces, and runtime introspection become the only source of truth

If you're a developer platform that runs hosted code, "find the person who wrote it" was *never* a viable option for debugging. AI is forcing the industry to level up on this now, but places like Heroku and Parse learned that (painful) lesson over a decade ago.

@JarkkoPFC You get better results if you give it clues on how it should architect the code. If a code path will be hot, be explicit and ask AI to benchmark it and iterate.

I’ve been AI-coding a lot the past couple of months, and it’s amazing how quickly you can implement features. The issues I keep running into are non-functional requirements (NFRs). The generated code is often sub-optimal in performance and memory, and it’s not well structured for maintenance. You can debate maintenance if you think AI will keep doing the bulk of the work, but performance and memory are critical NFRs for software that users actually enjoy using. The development speed is alluring, and skipping code review can be very tempting because of volume and velocity. But if you only validate the functional part, it feels like the frog-in-boiling-water problem with today’s AI-generated code. The codebase gradually deteriorates, and later it’s very difficult to recover because the issues aren’t just a few hotspots but spread everywhere. Death by a thousand paper cuts. I’m not sure how to keep the development speed benefits while avoiding the NFR hit. For prototypes it’s usually fine, but for production code the quality bar needs to be higher.

@MaineFrameworks @dustingetz Short term chaos, long term good security. At least for open source software.

@dustingetz The question is does is ultimately benefit hardening or penetration efforts more? In the short term we already know.

Founder of offensive security firm: "I pointed Claude Opus 4.6 at OpenSSL. $6.01 in spent tokens. 8 min of crunch time. 4 new undisclosed CVES in OpenSSL."

"A Black Mississippi child is two and a half times as likely to be proficient in reading by fourth grade as a Black California child." "...states with large increases in school test scores enjoyed rising incomes and drops in teen motherhood, incarceration and arrest rates..."

@BenjaminDEKR "Since you're using macOS..." dude I have more than one computer...

One annoying thing about LLMs (ChatGPT, Gemini) with "Memory" feature turned on: They do this annoying thing of bringing up memories in unrelated chats. You mention one time: "I have a 2015 Toyota Corolla" Six months later: "This problem is much like your 2015 Toyota Corolla"

@berenddeboer @adamdotdev $100 / month means you aren't coding much. Unless there's an unlimited subscription I'm not aware of.

@adamdotdev $100 / month, or upfront $19,000.... I'm not quite sure it keeps them up that much :-)

This idea has to be keeping frontier lab execs up at night

The late Shah raised Iran’s legal age of marriage to 18. The Islamic Republic lowered it to 13—and, in practice, even younger. This was not an accident of culture, but a deliberate rollback of women’s and children’s rights in the name of clerical power. Today, Islamist movements around the world openly point to Iran’s model as something to emulate. Control of women is not a side effect of theocracy—it is one of its pillars. The West must understand this clearly: the struggle to free Iran is not a parochial or regional issue. It is a frontline battle in the defense of universal human dignity. What happens in Iran does not stay in Iran—and appeasing misogynistic theocracy has consequences far beyond its borders.

A couple weeks ago, I came home and my wife, Silvia, said something I almost couldn’t believe.   She looked at me and she said, “I think our state needs you.” Because she believed I could help our kids. Help San José. And help California.   And if you know anything about Silvia — when she talks, you listen.   So I’m running for Governor of California — because we can do better.   I know we can, because we’re proving it in San Jose. We’ve reduced unsheltered homelessness by nearly 1/3rd after a decade of growth. We were rated the safest big city in America last year for the first time in over 20 years. We’re the only city to have solved 100% of homicides nearly 4 years running. And we’re taking on affordability with urgency and honesty — unlocking thousands of housing units in the past couple years.  We need to stand up for our rights, for our freedoms and for our neighbors. We need to use the tools we have at hand to protect our democracy. One tool is the law. The other tool is our results. We have to use both. That’s how we fix California. We don’t just need to be against something. We need to be for something — a government that proves it can solve problems for working people again. And before we ask Californians to give more, we owe them proof that their government can do better.   So I’m running to bring focus back to government. To give cities the tools they need to succeed. To show that the best resistance to division is results.   And to prove that California can work again — for everyone.   That’s why I’m running.   And that’s the future Silvia and I are fighting for. mahanforcalifornia.com

A few random notes from claude coding quite a bit last few weeks. Coding workflow. Given the latest lift in LLM coding capability, like many others I rapidly went from about 80% manual+autocomplete coding and 20% agents in November to 80% agent coding and 20% edits+touchups in December. i.e. I really am mostly programming in English now, a bit sheepishly telling the LLM what code to write... in words. It hurts the ego a bit but the power to operate over software in large "code actions" is just too net useful, especially once you adapt to it, configure it, learn to use it, and wrap your head around what it can and cannot do. This is easily the biggest change to my basic coding workflow in ~2 decades of programming and it happened over the course of a few weeks. I'd expect something similar to be happening to well into double digit percent of engineers out there, while the awareness of it in the general population feels well into low single digit percent. IDEs/agent swarms/fallability. Both the "no need for IDE anymore" hype and the "agent swarm" hype is imo too much for right now. The models definitely still make mistakes and if you have any code you actually care about I would watch them like a hawk, in a nice large IDE on the side. The mistakes have changed a lot - they are not simple syntax errors anymore, they are subtle conceptual errors that a slightly sloppy, hasty junior dev might do. The most common category is that the models make wrong assumptions on your behalf and just run along with them without checking. They also don't manage their confusion, they don't seek clarifications, they don't surface inconsistencies, they don't present tradeoffs, they don't push back when they should, and they are still a little too sycophantic. Things get better in plan mode, but there is some need for a lightweight inline plan mode. They also really like to overcomplicate code and APIs, they bloat abstractions, they don't clean up dead code after themselves, etc. They will implement an inefficient, bloated, brittle construction over 1000 lines of code and it's up to you to be like "umm couldn't you just do this instead?" and they will be like "of course!" and immediately cut it down to 100 lines. They still sometimes change/remove comments and code they don't like or don't sufficiently understand as side effects, even if it is orthogonal to the task at hand. All of this happens despite a few simple attempts to fix it via instructions in CLAUDE . md. Despite all these issues, it is still a net huge improvement and it's very difficult to imagine going back to manual coding. TLDR everyone has their developing flow, my current is a small few CC sessions on the left in ghostty windows/tabs and an IDE on the right for viewing the code + manual edits. Tenacity. It's so interesting to watch an agent relentlessly work at something. They never get tired, they never get demoralized, they just keep going and trying things where a person would have given up long ago to fight another day. It's a "feel the AGI" moment to watch it struggle with something for a long time just to come out victorious 30 minutes later. You realize that stamina is a core bottleneck to work and that with LLMs in hand it has been dramatically increased. Speedups. It's not clear how to measure the "speedup" of LLM assistance. Certainly I feel net way faster at what I was going to do, but the main effect is that I do a lot more than I was going to do because 1) I can code up all kinds of things that just wouldn't have been worth coding before and 2) I can approach code that I couldn't work on before because of knowledge/skill issue. So certainly it's speedup, but it's possibly a lot more an expansion. Leverage. LLMs are exceptionally good at looping until they meet specific goals and this is where most of the "feel the AGI" magic is to be found. Don't tell it what to do, give it success criteria and watch it go. Get it to write tests first and then pass them. Put it in the loop with a browser MCP. Write the naive algorithm that is very likely correct first, then ask it to optimize it while preserving correctness. Change your approach from imperative to declarative to get the agents looping longer and gain leverage. Fun. I didn't anticipate that with agents programming feels *more* fun because a lot of the fill in the blanks drudgery is removed and what remains is the creative part. I also feel less blocked/stuck (which is not fun) and I experience a lot more courage because there's almost always a way to work hand in hand with it to make some positive progress. I have seen the opposite sentiment from other people too; LLM coding will split up engineers based on those who primarily liked coding and those who primarily liked building. Atrophy. I've already noticed that I am slowly starting to atrophy my ability to write code manually. Generation (writing code) and discrimination (reading code) are different capabilities in the brain. Largely due to all the little mostly syntactic details involved in programming, you can review code just fine even if you struggle to write it. Slopacolypse. I am bracing for 2026 as the year of the slopacolypse across all of github, substack, arxiv, X/instagram, and generally all digital media. We're also going to see a lot more AI hype productivity theater (is that even possible?), on the side of actual, real improvements. Questions. A few of the questions on my mind: - What happens to the "10X engineer" - the ratio of productivity between the mean and the max engineer? It's quite possible that this grows *a lot*. - Armed with LLMs, do generalists increasingly outperform specialists? LLMs are a lot better at fill in the blanks (the micro) than grand strategy (the macro). - What does LLM coding feel like in the future? Is it like playing StarCraft? Playing Factorio? Playing music? - How much of society is bottlenecked by digital knowledge work? TLDR Where does this leave us? LLM agent capabilities (Claude & Codex especially) have crossed some kind of threshold of coherence around December 2025 and caused a phase shift in software engineering and closely related. The intelligence part suddenly feels quite a bit ahead of all the rest of it - integrations (tools, knowledge), the necessity for new organizational workflows, processes, diffusion more generally. 2026 is going to be a high energy year as the industry metabolizes the new capability.