Last updated: 2026/04/15 13:01
OpenAI's answer to Claude Mythos appears to be a new model called GPT-5.4-Cyber: In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning …
The UK's AI Safety Institute recently published Our evaluation of Claude Mythos Preview’s cyber capabilities, their own independent analysis of Claude Mythos which backs up Anthropic's claims that it is …
The TL;DR is that Google engineering appears to have the same AI adoption footprint as John Deere, the tractor company. Most of the industry has the same internal adoption curve: …
The problem is that LLMs inherently lack the virtue of laziness. Work costs nothing to an LLM. LLMs do not feel a need to optimize for their own (or anyone's) …
Thanks to a tip from Rahim Nathwani, here's a uv run recipe for transcribing an audio file on macOS using the 10.28 GB Gemma 4 E2B model with MLX and …
The Top AI Papers of the Week (April 6 - April 12)
Claude Managed Agents, Muse Spark, Project Glasswing, Advisor Strategy, GLM-5.1, Memento, and More
Claude に新たに追加された advisor tool を使用すると、通常のタスクは軽量モデルに任せつつ、必要に応じて高性能モデルに相談することで、性能とコストのバランスを最適化できます。この記事では Claude Code 内で advisor tool を活用する方法について紹介します。
Lenny posted another snippet from our 1 hour 40 minute podcast recording and it's about kākāpō parrots!
I think it's non-obvious to many people that the OpenAI voice mode runs on a much older, much weaker model - it feels like the AI that you can talk …
AI-generated tests can speed up React testing, but they also create hidden risks. Here’s what broke in a real app.
Claude Managed Agents は Claude を自律的なエージェントとして動作させるためのハーネスとインフラストラクチャーを提供します。長時間かかるタスクや非同期のタスクを実行するために使用するのが想定されています。この記事では実際に Claude Managed Agents を試してみた内容を紹介します。
Meta announced Muse Spark today, their first model release since Llama 4 almost exactly a year ago. It’s hosted, not open weights, and the API is currently “a private API …
I have a feeling that everyone likes using AI tools to try doing someone else’s profession. They’re much less keen when someone else uses it for their profession.
Chinese AI lab Z.ai's latest model is a giant 754B parameter 1.51TB (on Hugging Face) MIT-licensed monster - the same size as their previous GLM-5 release, and sharing the same …
Anthropic didn’t release their latest model, Claude Mythos (system card PDF), today. They have instead made it available to a very restricted set of preview partners under their newly announced …
Microsoft has released an open source toolkit for enforcing runtime security policies on AI agents as adoption accelerates faster than governance cont...
この記事では、AIスキルの管理と共有について考察されています。スキルはAIが自動的に起動し、プロンプトに従って動作する機能であり、特にチームでの開発においてスキルの共有が重要です。スキルは「知識系」と「ワークフロー系」に分類され、知識系スキルは共有に適し、ワークフロー系スキルは個人ごとにカスタマイズが求められます。スキルのモジュラー化が理想とされますが、AIの指示追随能力の限界から、実際にはうまく機能しないことが多いと述べられています。最終的には、知識系スキルを全社で共有し、ワークフロー系スキルを個人で管理する運用が現実的であると結論づけています。 • AIスキルは自然言語で条件を示すことで自動的に起動する機能である。 • スキルの共有はチーム開発において重要であり、リポジトリや社内マーケットプレイスを通じて行われる。 • スキルには「知識系」と「ワークフロー系」の2種類があり、知識系は共有に適し、ワークフロー系は個人のカスタマイズが求められる。 • 知識系スキルの例として、チケット管理システムの操作方法が挙げられる。 • ワークフロー系スキルの例として、PRを作成する手順があり、個人の要望に応じてカスタマイズされる。 • スキルのモジュラー化が理想だが、AIの指示追随能力の限界から実現が難しい。 • スキル名を明示することで、AIが必要なスキルを呼び出す確率が上がる。 • 全社的な知識は知識系スキルとして共有し、個人のワークフローはワークフロー系スキルとして管理する運用が望ましい。
Terrible name, really great app: this is Google's official app for running their Gemma 4 models (the E2B and E4B sizes, plus some members of the Gemma 3 family) directly …
Scan for secrets in files you plan to share
Cleanup Claude Code Paste
Lalit Maganti provides one of my favorite pieces of long-form writing on agentic engineering I've seen in ages. They spent eight years thinking about and then three months building syntaqlite, …
From anonymized U.S. ChatGPT data, we are seeing: ~2M weekly messages on health insurance ~600K weekly messages [classified as healthcare] from people living in “hospital deserts” (30 min drive to …
The Top AI Papers of the Week (March 30 - April 5)
Scan for secrets in files you plan to share
Scan for secrets in files you plan to share
Scan for secrets in files you plan to share
コーディングエージェントの自動承認の範囲をどこまで許可するかは、ユーザー体験とセキュリティのバランスを取る上で重要な設計指針の1つです。Codex ではサンドボックス機能を提供することで、エージェントが安全に自律的に動作できる環境を実現しています。この記事では、Codex のサンドボックスの仕組みと、サンドボックス外でコマンドを実行する際の承認プロセスについて説明します。
Research into the HTTP APIs from various LLM providers.
Cursor 3, Gemma 4, Qwen3.6-Plus, GLM-5V-Turbo, Claude Code Source Leak, Emotion Concepts in LLMs, and More
3月31日の朝、Xのタイムラインが騒がしくなっていました。Claude Codeのソースコードが流出したというのです。調べてみると、npmパッケージ(v2.1.88)にデバッグ用のsource mapファイル(cli.js.map)が含まれた状態でリリースされていました。source mapのsourcesContentフィールドに元のTypeScriptソースコード全体がそのまま埋め込まれており、発見者の投稿は数千万ビューを記録。GitHubにミラーリングされ数万フォークされる事態になりました。 Claude code source code has been leaked via a map file in their npm registry! Code: https://t.co/jBiMoOzt8G pic.twitter.com/rYo5hbvEj8 — Chaofan Shou (@Fried_rice) March 31, 2026
Thomas Ptacek's take on the sudden and enormous impact the latest frontier models are having on the field of vulnerability research. Within the next few months, coding agents will drastically …
A fun thing about recording a podcast with a professional like Lenny Rachitsky is that his team know how to slice the resulting video up into TikTok-sized short form vertical …
On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week …
The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a ... plain security report tsunami. Less slop but lots of reports. …
Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality. It was kind of funny. It didn't really worry us. …
The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …
I was a guest on Lenny Rachitsky’s podcast, in a new episode titled An AI state of the union: We’ve passed the inflection point, dark factories are coming, and automation …
Four new vision-capable Apache 2.0 licensed reasoning LLMs from Google DeepMind, sized at 2B, 4B, 31B, plus a 26B-A4B Mixture-of-Experts. Google emphasize "unprecedented level of intelligence-per-parameter", providing yet more evidence …
LLM plugin to access Google's Gemini family of models
Anthropic leaked Claude Code via source maps. A Bun bug, missing .npmignore, and weak release checks exposed 500k+ lines of code.
I just sent the March edition of my sponsors-only monthly newsletter. If you are a sponsor (or if you start a sponsorship now) you can access it here. In this …
LLM integration plugin for other plugins to depend on
Enrich data by prompting LLMs
Discover what's new in The Replay, LogRocket's newsletter for dev and engineering leaders, in the April 1st issue.
Import unstructured data (text and images) into structured tables
Enrich data by prompting LLMs
Track usage of LLM tokens in a SQLite table
LLM integration plugin for other plugins to depend on
I want to argue that AI models will write good code because of economic incentives. Good code is cheaper to generate and maintain. Competition is high between the AI models …
LLM integration plugin for other plugins to depend on
Register async versions of models from LLM plugins that only provide a sync version
Access large language models from the command-line
Debug plugin for LLM providing an echo model
Debug plugin for LLM providing an echo model
Codex プラグインを使用すると、Claude Code から Codex を呼び出してコードレビューをしたり、タスクを委任するといったことが簡単にできるようになります。この記事では、Codex プラグインの使用方法と、どのような方法で Codex を呼び出しているのかといった内部の仕組みについて紹介します。
Note that the main issues that people currently unknowingly face with local models mostly revolve around the harness and some intricacies around model chat templates and prompt construction. Sometimes there …
LLM integration plugin for other plugins to depend on
Trip Venturella released Mr. Chatterbox, a language model trained entirely on out-of-copyright text from the British Library. Here’s how he describes it: Mr. Chatterbox is a language model trained entirely …
Chat with Mr Chatterbox, trained on a corpus of over 28,000 Victorian-era British texts published between 1837 and 1899
Pretext — Under the Hood
The Top AI Papers of the Week (March 23 - 29)
Hyperagents, Multi-Agent Harness Design, Chroma Context-1, Composer 2, ARC-AGI-3, and More
The thing about agentic coding is that agents grind problems into dust. Give an agent a problem and a while loop and - long term - it’ll solve that problem …
Datasette plugin for SHOWBOAT_REMOTE_URL
FWIW, IANDBL, TINLA, etc., I don’t currently see any basis for concluding that chardet 7.0.0 is required to be released under the LGPL. AFAIK no one including Mark Pilgrim has …
I have a new laptop—a 128GB M5 MacBook Pro, which early impressions show to be very capable for running good local LLMs. I got frustrated with Activity Monitor and decided …
コーディングエージェントの普及にともない、エージェントをリモートで動作させるための専用実行環境——リモートサンドボックスが注目されています。ここでいうサンドボックスとは、プロジェクトやエージェントごとに気軽に生成・破棄できるリモートVMのことで、exe.dev、Sprites、Docker Sandbox などのサービス・ツールが登場しています。 本記事ではこれらのリモートサンドボックスの用途を整理し、exe.dev・Sprites・Docker Sandboxの3つを比較します。 なぜ専用の実行環境が必要なのか コーディングエージェントをリモートで走らせる環境として、これまで一般的だった選択肢を列挙すると以下のようになります。 * Mac miniやRaspberry Piを買って自宅サーバーを立てる * VPS(Hetzner、さくらVPSなど)を契約する * Devin、Claude Code on the web、Codex(Cloud)などのマネージドサービスを使う * GitHub Codespaces、Gitpodなどのクラウド開発環境を使う これらの
Bit of a hyperbolic framing but this looks like another case study of vibe-porting, this time spinning up a new custom Go implementation of the JSONata JSON expression language - …
Callum McMahon reported the LiteLLM malware attack to PyPI. Here he shares the Claude transcripts he used to help him confirm the vulnerability and decide what to do about it. …
Sam Rose continues his streak of publishing spectacularly informative interactive essays, this time explaining how quantization of Large Language Models works. Also included is the best visual explanation I've ever …
Mario Zechner created the Pi agent framework used by OpenClaw, giving considerable credibility to his opinions on current trends in agentic engineering. He's not impressed: We have basically given up …
LLM integration plugin for other plugins to depend on
Daniel Hnyk used the BigQuery PyPI dataset to determine how many downloads there were of the exploited LiteLLM packages during the 46 minute period they were live on PyPI. They …
<h2><a id="1-the-problem-the-necessity-and-vulnerability-of-wide-ep" class="anchor" href="#1-the-problem-the-necessity-and-vulnerability-of-wide-ep" aria-hid...
Really interesting new development in Claude Code today as an alternative to --dangerously-skip-permissions: Today, we're introducing auto mode, a new permissions mode in Claude Code where Claude makes permission decisions …
I really think "give AI total control of my computer and therefore my entire life" is going to look so foolish in retrospect that everyone who went for this is …
The LiteLLM v1.82.8 package published to PyPI was compromised with a particularly nasty credential stealer hidden in base64 in a litellm_init.pth file, which means installing the package is enough to …
I wrote about Dan Woods' experiments with streaming experts the other day, the trick where you run larger Mixture-of-Experts models on hardware that doesn't have enough RAM to fit the …
slop is something that takes more human effort to consume than it took to produce. When my coworker sends me raw Gemini output he’s not expressing his freedom to create, …
I have been doing this for years, and the hardest parts of the job were never about typing out code. I have always struggled most with understanding systems, debugging things …
Here’s a mildly dystopian prompt I’ve been experimenting with recently: “Profile this user”, accompanied by a copy of their last 1,000 comments on Hacker News. Obtaining those comments is easy. …
In Things That Turbo Pascal is Smaller Than James Hague lists things (from 2011) that are larger in size than Borland's 1985 Turbo Pascal 3.02 executable - a 39,731 byte …
Congrats to the @cursor_ai team on the launch of Composer 2! We are proud to see Kimi-k2.5 provide the foundation. Seeing our model integrated effectively through Cursor's continued pretraining & …
Claude Code v2.1.80 から Research Preview 版として Claude Code channels(以下、チャンネル)が利用できるようになりました。チャンネルとは実行中の Claude Code のセッションに対して、外部からイベントを送ることができる MCP サーバーのことです。この記事では、Discord からチャンネルを通じて Claude Code とやり取りする方法を紹介します。
The big news this morning: Astral to join OpenAI (on the Astral blog) and OpenAI to acquire Astral (the OpenAI announcement). Astral are the company behind uv, ruff, and ty—three …
この記事では、ClaudeとGPTのReact習熟度を測定する実験の結果が報告されています。これまでの6つの仕様から13に増やし、Claude Codeの3モデル(Sonnet、Opus、Haiku)とGPT-5.4を評価しました。各モデルのスコアが示され、特にGPT-5.4がアクセシビリティに強みを持つことが確認されました。SonnetとOpusは状態設計やEffect衛生の理解度が高いとされ、全体的に新しいReact APIの使用においては大きな差は見られませんでした。新規スペックの分析も行われ、特にuseOptimisticやuseActionStateの実装においてモデル間の知識の差が浮き彫りになりました。 • Reactアプリの習熟度を測るために、13の仕様に基づいて4つのモデルを評価した。 • GPT-5.4はアクセシビリティにおいて高いスコアを記録し、SonnetとOpusは状態設計に強みを持つ。 • 新しいReact APIの使用においては、モデル間で大きな差は見られなかった。 • useOptimisticやuseActionStateの実装において、モデル間の知識の差が明らかになった。 • 新規スペックの追加により、Reactの多様なスキルを測定することができた。
Here's a fascinating piece of research by Dan Woods, who managed to get a custom version of Qwen3.5-397B-A17B running at 5.5+ tokens/second on a 48GB MacBook Pro M3 Max despite …
PromptArmor report on a prompt injection attack chain in Snowflake's Cortex Agent, now fixed. The attack started when a Cortex user asked the agent to review a GitHub repository that …
Introducing Arcjet prompt injection detection. Catch hostile instructions before inference. Works with Next.js, Node.js, Flask, FastAPI, and any JavaScript / TypeScript or Python application.
OpenAI today: Introducing GPT‑5.4 mini and nano. These models join GPT-5.4 which was released two weeks ago. OpenAI’s self-reported benchmarks show the new 5.4-nano out-performing their previous GPT-5 mini model …
If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM …
Subagents - Agentic Engineering Patterns
この記事では、GPT-4.1とGPT-5.4のReactに対する習熟度を評価するためのベンチマーク結果が示されています。前回のClaude Codeモデルに続き、これらのOpenAIモデルがどのようにReactのタスクをこなすかを比較しました。結果として、GPT-4.1は全体的に低いスコアを記録し、特にコンポーネントの統合に問題がありました。一方、GPT-5.4はClaudeモデルと同等のスコアを示し、特にアクセシビリティやTypeScriptの品質で優れた結果を残しました。両モデルの強みと弱みが明確に異なり、GPT-5.4は特にアクセシビリティにおいて優位性を持っています。 • GPT-4.1は全モデル中最低のスコアを記録し、コンポーネント統合に問題があった。 • GPT-5.4はClaudeモデルと同等のスコアを示し、特にアクセシビリティで優れた結果を残した。 • GPT-5.4はTypeScriptの品質が高く、特に型安全性において優れている。 • 両モデルの評価はClaude Sonnetによって行われ、一貫性が保たれた。 • GPT-5.4はコンポーネント設計にばらつきがあり、冗長な実装が見られた。
<p>Reinforcement learning (RL) has rapidly become a core stage of modern foundation-model development. While large-scale pretraining remains essential, today...
Big new release from Mistral today (despite the name) - a new Apache 2 licensed 119B parameter (Mixture-of-Experts, 6B active) model which they describe like this: Mistral Small 4 is …
Subagents were announced in general availability today for OpenAI Codex, after several weeks of preview behind a feature flag. They're very similar to the Claude Code implementation, with default subagents …
The point of the blackmail exercise was to have something to describe to policymakers—results that are visceral enough to land with people, and make misalignment risk actually salient in practice …
Here's the handout I prepared for my NICAR 2026 workshop "Coding agents for data analysis" - a three hour session aimed at data journalists demonstrating ways that tools like Claude …
How coding agents work - Agentic Engineering Patterns
Learn 10 practical ways to reduce token usage in LLM apps using system instructions, stop sequences, caching, TOON, and more.
What is agentic engineering? - Agentic Engineering Patterns
The Top AI Papers of the Week (March 9 - March 15)
