chip

Core - AI Workspace Launching open-source + hosted (100% free) next week.

anthropic and openai are so far ahead it’s difficult to comprehend what secret sauce they have. the new models are beyond anything dreamt of in your wildest imagination. most of you won’t be able to afford the tokens and a handful of token hungry mega rich first movers will pull away forever. i’m not sure how i feel about it all. think more; 100x the price and 100x the performance.

This news article is absolutely insane and probably a good glimpse into what the future of hedge funds look like in an AI driven world Coatue backed hedge fund, Epicenter, is using AI to replace massive teams of hedge fund analysts Their AI bot, Eve, is plugged into every part of the firm, including emails and every trade that the fund puts on Without any prompts, the AI bot is able to assign tasks to human analysts and write code on their behalf Eve also contains a screening tool which scours through more than 13,000 company disclosures, listens to podcasts, and summarizes news reports on specific businesses The AI bot can then generate primers and custom podcasts on behalf of the human analysts without requiring any instructions beforehand If you read this and don’t think that AI is going to impact headcount in finance, you are absolutely mistaken

I ordered a $10,000 Mac Studio to test local AI models for my firm. And I sent it back. The tech wasn't bad. It just wasn't ready for what I needed it to do. I’m interested in local for one main reason: data security and privacy. Actually keeping client information on our machines instead of sending it out to AI labs. I spent a weekend running it through: - Journal entries - Tax diagnostics - Real accounting scenarios I had to prompt the same question six to eight times before I got a usable answer. It felt like a second job. The people saying AI will replace accountants in 12 months have not actually tried to use it for accounting. I am not against it. I've been testing it constantly. Being honest about where the technology actually is helps more than pretending it is further along than it is. When local inference gets sharp enough to run smoothly on firm hardware, I'll be there.

this is why they’ve shut sora down.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.