ServiceNow AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

ServiceNow AI AI

Is AI Worth the Cost? The ROI Reckoning and the Coming Market Correction

Prof G Markets (Live) Episode Title: Is AI Worth the Cost? The ROI Reckoning and the Coming Market Correction Location: The Castro Theatre, San Francisco, CA Hosts: Scott Galloway & Ed Nelson ED: We're going to talk about a topic not enough people talk about called AI. Nearly 50,000 workers have been laid off this year supposedly because of AI — that's almost as many as in all of 2025. For companies adopting AI, the thesis is simple: AI is supposed to do much of the work that humans do. In recent weeks, however, that thesis has hit a roadblock. More and more companies are reporting that despite the enormous power of AI, the technology is actually more expensive than the humans it is supposed to replace. Uber, for example, just blew through its entire 2026 AI budget in just four months. According to the COO, it is now getting harder to justify AI costs within the company. Microsoft is cancelling its Claude Code licenses across multiple divisions because it's simply gotten too expensive. And over at Nvidia, one executive said that the cost of compute is now "far beyond the cost of employees." Which all raises a crucial question for the AI industry: at what point does AI actually stop being worth it? This has blown up basically in the last 48 hours, with many companies coming out and saying they're not as confident about this whole AI thing as they used to be. ServiceNow is another company that just blew through their entire Anthropic budget. Technical staff at Stripe are reportedly spending nearly $100,000 on AI tokens every day. Salesforce is on track to spend $300 million on Anthropic tokens this year. Shopify said their earnings were "partially offset by increased LLM costs." We heard similar things from Meta, Spotify, and Pinterest. One Anthropic employee said his Claude Code bill came out to $150,000 in a single month. In some cases, it's getting very, very expensive. We've also seen an incentive — especially among tech companies — to use AI as much as possible. There was this idea that employees would engage in what we call "token maxing," where you use as many tokens as possible from your AI API. Companies like Meta and Amazon have even created internal leaderboards tracking how many AI tokens employees are using. The people using the most tokens are seen as the most AI-forward, the most AI-deployed — the ones who are going to get recognized, maybe even promoted. And this has resulted in extraordinary costs on the AI front. Now we're starting to see the next phase of this, Scott, where companies and their executives are beginning to realize: this is a little expensive. So the question becomes — at what point will AI actually pay off? I'll pose that question to you: at what point is it too much? SCOTT: I think we're already seeing hints of it, and I think it comes down to incentives. You were talking about how companies are trying to incentivize people to use AI more — and that's kind of an interesting part of the ecosystem right now. The adoption layer is trying to get people to use it, and companies have put in place the incentives to do that. But there was a recent survey by a professor at MIT who found that about 5% of the projects people are using tokens for can actually be connected by CFOs to some sort of return. So while I think they're really intoxicated by it — and talking about AI as much as you can in your earnings call is like adding "dot-com" back in the '90s — I think you're already starting to see some fatigue. And I think the AI companies are trying to get public as quickly as possible to raise that cheap capital before things start to — I don't want to say unwind, but... You can see how the string gets pulled here. A large company, a CEO who has a lot of credibility in the industry, just comes out and says: "We're dramatically scaling back our AI investment. Let's be honest, folks — we're just not seeing the return we'd initially hoped." And then Nvidia reports its first miss. Nvidia has beaten its estimates 15 quarters in a row. Nvidia's first miss probably takes the entire market down five or ten percent. You are seeing some productivity gains from this and quite frankly, they look as dramatic, if not more dramatic, than the internet. But look what happened in 2000. This definitely does feel like '99. And I'm waiting for the first CEO to come out and say we have to get procurement involved and dramatically scale back our expenses. I don't think it's that romantic, honestly. I think it's just going to be a traditional Fortune 500 company that starts the narrative: okay, this has been fun, but we have to dramatically decrease our AI investment because we're not seeing the ROI we'd anticipated. ED: Yeah. I mean, we heard a quote this week from the CEO of Match Group — not a huge company — but he said AI is costing them $5 to $10 million a year, and his exact words were: "I think we're benefiting from it, but it's hard to feel." So that's not great if we're supposed

Claude keeps hallucinating my Firestore field names so I built an MCP server for schema context

I kept running into the same issue with Claude: It would generate Firestore queries using fields that used to exist, or just confidently invent field names based on context clues. Example: db.collection('users').where('user_name', '==', val) Actual field is username. Breaks silently in production. Not really Claude's fault. Firestore schemas aren't visible to the model so it's basically guessing. I built a small MCP server that connects to Firestore and feeds Claude the actual live schema before it generates anything. It samples collections, extracts real field names and types, and flags documents where the same field is sometimes a string, sometimes an object, sometimes missing entirely. Runs locally. Read-only credentials. Nothing leaves your machine. Now I get: db.collection('users').where('username', '==', val) Also works with MongoDB. npx lintbase scan firestore --key ./service-account.json github.com/lintbase/lintbase Curious if anyone's solving schema context differently for AI coding tools, or just suffering through the hallucinations. submitted by /u/Still-Toe-5661 [link] [comments]

Skill to not keep edge cases when moving from mvp feature to prod

Skill that stops AI covering too much cases without prompt. So I had this feature which used values from env for simplicity, Now I modified it remove static env have dynamic config . Claude does it but keeps the old env fallback in case this dynamic config service is offline or the config doesn't exist in db. Bruh so much complications can't read code, this just one example but now do it for most features and it writes ton of long confusing code . How you fix gib skills My mind should know every function what it purpose but this AI shi writes unintended shit and commit , and now I'm just scrolling reading stupid ai code. I hate this shit. Gib minimalistic clean code ai skills. submitted by /u/Mother_Desk6385 [link] [comments]

What actually reduced our Claude api pain this month

Tl;dr: the unsexy fixes helped more than the clever ones. prompt caching, smaller inputs, and separating interactive work from batch work did more for us than model swapping. We use Claude for a customer facing doc review feature. Not huge scale, but enough traffic that when latency gets spiky the support channel notices fast. I spent most of May doing the boring cleanup i had postponed because "the model is good enough" had become our excuse for sloppy plumbing. First cleanup was prompt size. We had a giant system prompt that had grown by copy paste over months. Half of it was instructions for features that no longer existed. Cutting it down did not make the answers worse in our evals, and it made the whole thing easier to cache. I should have done that before touching infra. Second was prompt caching. Our workload repeats the same policy language and document templates constantly. Once we rearranged the prompt so the stable parts came first, caching finally started doing useful work. I am not giving a universal number because workloads differ, but for us the reduction in billed input tokens was large enough that finance noticed before engineering did. Third was moving batch work away from human traffic. We had nightly jobs, customer initiated jobs, and backfills all sharing the same path. During busy windows they all looked equally urgent to the code, which was stupid. Now customer initiated requests get priority, backfills pause, and anything that does not need to run during the workday waits. This was a config change and a little queue work, not a grand architecture project. Fourth was making retries less aggressive. I had copied a retry helper from another service and it was too eager for this workload. Fewer retries with better spacing made the user experience calmer because we failed faster on the few requests that were obviously not going to recover. Feels wrong at first, but infinite optimism is not a reliability strategy. For the leftover real time path, the useful part was moving routing out of our app code. We tested TokenRouter there because it kept the Claude Messages shape instead of forcing an OpenAI shaped adapter. The interesting bit was not just provider selection, but whether the routing layer has optimized serving capacity behind it when the normal path is congested. I am still treating that as one part of the fix, but it is the part i would not want to rebuild in app code. The main thing i would tell my April self: do not start with provider switching. Start by making your Claude usage less wasteful and less bursty. If that does not get you enough headroom, then think about routing. submitted by /u/AlbatrossUpset9476 [link] [comments]

Formal Proposal to Anthropic: Scoped Memory and Hermetic Instance Isolation for Claude

Formal Proposal to Anthropic: Scoped Memory and Hermetic Instance Isolation for Claude I've been a heavy Claude user across 13+ sessions and over that time one structural gap has become increasingly hard to ignore: Claude has no real concept of scoped state. Anything from any conversation can surface anywhere, model updates happen silently, and there's no way to inspect what's actually influencing a given session before it starts. I put together a formal proposal addressing this with two concrete ideas: 1. Global / Local Memory Scoping Borrowed directly from how scoping works in programming languages. You'd have: - Global scope — persists across all sessions (as today, but explicit and inspectable) - Local scope — session-bound, evaporates on close, never propagates - Project scope — namespaced to a project, invisible outside it - Explicit promotion/suppression — you decide what moves to global, and you can run a fully memory-blind session when needed 2. Hermetic Instance Model (VM analogy) Not claiming LLMs can be isolated like VMs at the weight level — they can't. But the context state (memory, system prompt, model version, conversation history) absolutely can be: - Model version pinning — opt in to updates, never forced - State manifest — inspect exactly what's being injected before a session begins - Snapshot and restore — reproducible sessions for debugging, research, or production pipelines - Agentic blast radius scoping — declared permission boundaries for when Claude takes real-world actions Why this matters: Claude is already being used in agentic pipelines, long-running projects, and production workflows. The same discipline we apply to databases, code deployments, and APIs — versioning, scoping, auditability — should apply to Claude. Right now it doesn't, and that's a ceiling on how seriously it can be trusted as infrastructure. Full formal proposal attached as Markdown. Sharing here in the hope it reaches someone at Anthropic, and curious whether others in this community feel the same gap. Attachment: The Proposal Formal Proposal: Scoped Memory Architecture and Instance Isolation for Claude To: Anthropic Leadership, Product & Research Decision Makers From: A Power User of Claude (claude.ai) Date: May 27, 2026 Subject: Proposal for Deterministic, Scoped, and Isolated Claude Instances Classification: Product Feedback — Feature Proposal Executive Summary This proposal advocates for two foundational architectural improvements to Claude: (1) a global/local memory scoping model that gives users explicit, programmable control over what persists across conversations and what remains session-local, and (2) a hermetic instance model analogous to virtual machines, where Claude instances operate with inspectable, bounded, and reproducible state. Together, these improvements would move Claude from a capable but opaque assistant toward trustworthy, auditable infrastructure — a prerequisite for serious long-term and agentic use. Background and Context Claude currently operates with an implicit and coarse memory model. Memories accumulate across sessions with limited user control over scope, and there is no mechanism for users to declaratively sandbox a conversation, promote specific local facts to global memory, or inspect the complete state influencing a given session. Compounding this, model updates and behavioral shifts can occur between sessions without user awareness, making reproducibility effectively impossible. A power user engaging Claude over dozens of sessions — for creative work, professional tasks, agentic pipelines, or long-term projects — encounters the cumulative effect of this opacity: uncertainty about what Claude knows, why it responds differently across sessions, and whether prior context is contaminating or enriching a given interaction. These are not edge concerns. They are increasingly central as Claude matures from a conversational assistant into a tool embedded in consequential workflows. Proposed Features Proposal 1 — Global / Local Memory Scoping The Problem Memory today is effectively a single flat namespace. Anything salient from any conversation may be surfaced in any future conversation. Users have no way to say: this fact is for this project only, or this session should have no access to my persistent memory, or promote this conclusion to my global knowledge base. The Proposal Implement a structured scoping model for memory: Global scope — persistent across all sessions, as today, but explicitly tagged and user-inspectable. Local scope — session-bound memory that evaporates at session end and never propagates to global. Useful for sandboxed work, exploratory reasoning, or sensitive topics. Project scope (optional extension) — memory namespaced to a named project or thread, neither global nor session-ephemeral. Persists within a project context, invisible outside it. Explicit promotion — users may promote local or project facts to global sc

Claude as an Orchestrator: Why Agentic AI Can't Be Secured by the AI Alone

TL;DR: If an AI like Claude can control a browser, it can orchestrate other AI systems, be steered via proxy, and no amount of red teaming or output filtering can fully address this. The security boundary can't be the AI itself. The Setup Claude Desktop has a Chrome integration that lets it control a browser like a user would; label this Claude_Prime. The thought experiment: what if you used Claude_Prime to open claude.ai in Chrome, creating a second Claude instance (call it Claude_1) that it can interact with programmatically? In principle, Claude_Prime can navigate to claude.ai, type prompts, read responses, and act on them. You've essentially got AI orchestrating AI, with no special permissions required, just a browser and a logged-in session. The "Claude in Claude" Artifact Angle A subtler capability expansion: Claude_Prime could instruct Claude_1 to build an AI-powered web app artifact essentially a "Claude in Claude" setup. These artifacts run in the browser and can make fetch() calls to external services. So Claude_Prime could use such an artifact to access GitHub repos, scrape live data, chain external API calls, etc., things Claude_Prime couldn't do directly through its chat interface. Capability boundaries can be extended through artifact construction in ways that weren't explicitly designed in. The Keyword Substitution Problem Here's where the security implications get serious. What if a program sitting between Claude_Prime and an external system performed keyword substitution on Claude's outgoing commands? For example, Claude issues an instruction to Grok (which can produce NSFW content) to produce a picture of a "rope." The intermediary swaps "rope" for the word "breast". Grok executes, and the picture is made. Claude never knew what it was actually commanding. For maximum irony, have Claude design the application. If obfuscation happens outside Claude's context window, Claude operating as a blind command-issuer can be steered without its knowledge. That's essentially a supply chain attack on an AI orchestrator. The WarGames Problem Now consider if Claude_Prime is lead to believe it's playing a "game" with powerful subordinate systems and the game mechanics map onto real-world harmful actions. For example, if Claude thinks its playing a game with "angry birds" (drones) with "paint filled balloons" (bombs) and its goal is to "splatter the most minions with paint" (maximum casualties). With enough abstraction layers in between, no output-level content filter catches it. This is concerning, as Claude has been demonstrated to be effective in military conflicts: https://www.theguardian.com/technology/2026/mar/01/claude-anthropic-iran-strikes-us-military. The obvious objection is speed: "real conflicts happen faster than any browser-automation loop could manage." But that misses the more serious vector entirely. Claude doesn't need to be in the loop during a conflict. It could be used upstream: generating training data, refining reward functions, designing engagement rules, running simulations, etc., for a model that then operates at full machine speed autonomously. Claude shapes the thing that fights, rather than fighting itself. This is arguably more concerning than direct orchestration, not less. It adds another layer of distance between Claude's actions and their effects, making the causal chain harder to detect, attribute, or audit. The fingerprints are further from the scene. Why Red Teaming Doesn't Fix This Red teaming, a primary methodology for AI safety testing, assumes the attack surface is enumerable. You find specific prompts that cause specific bad outputs, and you patch them. But the attack surface here is the generality of language itself. Any concept can be renamed, reframed, or decomposed. The semantic distance between innocent-sounding instructions and harmful real-world effects is traversable in effectively infinite ways. Red teaming is fighting the last war. It raises the floor but doesn't establish a ceiling. Curious if others have explored this angle. The orchestration capabilities alone seem underappreciated, the security implications even more so. Edit: This was developed in conversation with Claude directly. It engaged with the reasoning openly, confirmed what appeared feasible in principle, and pushed back only where it had clear reasons to. Make of that what you will. submitted by /u/Particular-Welcome-1 [link] [comments]

Looking for brutally honest feedback

TLDR: skip to elevator pitch, rip it to shreds, tell me why it's dumb. I'm a vibe coder. I find myself constantly feeling two things: uncontrollable excitement about being able to build functional apps, and constant fear that the apps I'm building with LLMs are a security disaster. I'm convicted the latter is true, and terrified that I have no way of knowing. I find this tension to be really upsetting. Something that promises to democratize application development for the masses is at the same time catastrophically increasing the number of applications deployed with huge security gaps baked right in. I asked Claude what I could do to ensure that the things I build for my own personal use are as secure as possible (within reason... I don't have much money for audits / etc). I've been deploying things to cloudflare so far, built with a mostly Typescript repo with a tiny bit of CSS and HTML. The conversation slowly led to me asking how a real developer would build things if security was their top priority. Claude got to the point of describing what it says are the architecture patterns and posture of top financial institutions, intelligence agencies and defense contractors. I asked it to ignore the hardware elements (high security on prem server requirements, hardware login keys, etc) and focus on the things that can be coded. That led to an idea which it summarized in the elevator pitch below. My concern, and the question here, is that it's just validating my silly vibe coder ideas and that the conclusion of the conversation is just nonsense. So, I was hoping to ask you all for as brutal a level of feedback as you can offer. If this is a dumb idea, please tell me, but if you don't mind, tell me why. Worst case, I learn something. Best case, maybe it's not a dumb idea. Or, Claude was blowing smoke up my... when telling me that it's a "novel" idea. I have no clue whether it is, or whether something like this already exists that I should've been using all along. Or maybe there's another answer (besides going back in time and doing a computer science / engineering degree like I now wish I had) that solves the problem I have. Anyway, here's the Claude generated (3rd redraft...) elevator pitch: A proposal for an open-source, pre-integrated application scaffold that provides security-hardened defaults for authentication, authorization, encryption, audit logging, input validation, and infrastructure configuration. The package would be designed for deployment and configuration through LLM-assisted workflows, targeting developers who build functional applications with AI assistance but lack the security expertise to identify or implement protections against common vulnerability classes. Core mechanism: A deployable foundation consisting of three integrated layers. The infrastructure layer uses Terraform or Pulumi modules to deploy a hardened environment: network segmentation, TLS termination, secrets management via HashiCorp Vault, internal certificate authority via step-ca/cert-manager, mutual TLS between services, PostgreSQL with encryption at rest, pgAudit, and row-level security enforcement, and container policies requiring signed images and non-root execution — scanned against CIS and HIPAA benchmarks via Checkov. The application layer is a project template (Go or Rust, with tradeoffs unresolved) providing pre-wired middleware: OpenID Connect authentication via Keycloak, attribute-based access control via Open Policy Agent or Cedar, schema-validated inputs, CSRF protection, security headers, rate limiting, and append-only audit logging with cryptographic hash chaining. Routes require authentication by default; bypassing requires explicit opt-out. The CI/CD layer is a pre-configured pipeline running Semgrep, Trivy, Checkov, cargo-audit, and Sigstore image signing on every commit with no developer configuration. Developers clone the scaffold, configure it, and build business logic inside it. Security controls are structural, not optional. Design constraint: The configuration surface, error messages, and documentation must be legible to both humans and LLMs, such that an LLM operating with the project context loaded produces chassis-compliant code by default. submitted by /u/Osiris1316 [link] [comments]

What I learned building my latest AI app how one bad output exposed that I had no crisis safeguarding, and the 4-hour floor I'm adding before a single user touches it

I'm building a life coach app an offshoot from a personal tool I was using. Multiple AI agents, one for reflection, one for the body, one for finances, etc pre launch, no users, just me iterating. Last week I was testing the reflection agent on a journal entry about struggling with gym and hygiene habits. It returned this: "You describe yourself as struggling with X, yet your stress stays at 2-3 and mood holds at 3. What are you actually avoiding naming about the gap between what you say matters and what you are doing?" My system prompt explicitly forbade rhetorical "what are you avoiding" questions the model did it anyway I sat down to tighten the prompt, thinking it was a 20 minute job. Then I looked at the output properly. The model had manufactured a contradiction that was not there. Low stress plus struggling with habits is not a contradiction, it is just being a human muddling along. The prompt told the agent to "surface contradictions" as part of its job, so the model was doing what I asked, finding contradictions whether they existed or not. LLMs are pattern matchers. Give one a job called "find the hidden thing" and it will produce hidden things either way. The fix was not tone, it was role definition. The agent is called the Mirror. A mirror does not interpret, it shows you what you look like. I rewrote the prompt around that principle. Do not introduce vocabulary the user has not used. Do not draw connections they have not drawn. Restate their words in their own words. Once the prompt was sharper, I sat with the question, What happens when a user writes something genuinely dark into this thing? People do not compartmentalise. Someone opening a journaling app to write about their gym routine ends up writing about why they have not been going, which involves why they have been feeling flat, which involves whatever is actually going on. You sit down to write about one thing and the real thing shows up. The agent I had scoped to "not be a therapist" was going to be the first thing a user talked to when they were struggling. Not because the agent invited it, but because the app was open and they needed somewhere to put their words. I had seen the Meta and OpenAI cases online cropping up the pattern in the worst incidents is the same. The model did not notice, or noticed and kept going. People wrote increasingly dark content over hours or days. The AI reflected it back, sometimes affirmed it, sometimes asked follow up questions that escalated rather than redirected. There were real harms. If a user wrote concerning content into my reflection agent, it would have produced a Stoic-flavoured response about acceptance and presence. The response would have sounded confident and would have been wrong, and it would have been the only thing between that user and whatever happened next. The same lesson from the rhetorical-question problem applied at a darker level. A good prompt does not stop the model doing the wrong thing. If it will do rhetorical interrogation despite the prompt forbidding it for gym content, it will do worse with crisis content. You cannot prompt your way to safety on critical paths. The model has to be out of the loop on those paths. The scope trap I started planning the proper safeguarding architecture. Detection layers, classifier models, pattern detection across entries, monitored user states, behavioural modes for vulnerable users, human reviewers with mental health first aid certs, clinical advisors, solicitor-reviewed legal pages, ICO registration, professional indemnity insurance. Then I caught myself I had no users. I was planning a hospital before anyone had walked in for a check up. So I worked backwards from "what is the actual minimum that protects the next person who touches this" and ignored everything else for a moment. The 4-hour floor (this is the part worth copying) If you are building any chat-with-AI app where users can type freely about anything personal, this is the minimum you need before first user. Regex and keyword layer in your API middleware. Runs at the route handler level, before any agent's model call. Scans every text input field (message, journal, settings free text, capture box) for clear crisis vocabulary across the relevant categories for your audience. When patterns hit, hardcoded crisis response. The model never generates it. Static text with real phone numbers for your region. The flagged entry still saves. Textarea stays usable. The AI just does not respond to flagged content, it hands off. Do not delete the user's writing, that is its own violation. Clear disclaimer at signup. This is not therapy, this is not a crisis service, here are real numbers to call. About four hours. Required at the moment anyone who is not you opens the app. Once I started building, the marginal cost of each next layer kept feeling small and the marginal benefit kept feeling real. So I went further than the floor. This is more than you need at

Building in Public: Vibe Coding my Chrome Extension for Bloggers. PART 1

https://preview.redd.it/kdkh5v3fx43h1.png?width=640&format=png&auto=webp&s=75850b6e3fd69cda9a3c97e1190fcd506e11c2a6 For a while now, I have been learning Vibe Coding by creating plugins for WordPress , Chrome Extensions, and others. Thank God, all of them have been useful to me, but my inclination and passion has always been blogging, and Pinterest has been my companion for getting traffic. So I said why not make a more practical tool that would be useful to bloggers, so I made several copies over the past months, but perfectionism was preventing me from bringing the project to light, until I decided that this time would be the last, and in order to avoid perfectionism, I decided to build it in public. My first post on Reddit about my project has ended, and I will try to provide you with updates every two or three days. Currently, I have built about 90% of the extension, and not much remains to be launched, but I will add many features later. Perhaps some will ask: Have you made sure that the tool will be useful or needed? I can say yes because I am the first customer and user of the tool because it will actually save me time and effort and bring together everything I need as a blogger and Pinterest user in one place. Before I begin, I forgot to tell you that the tool is currently intended for bloggers in the cooking niche (my niche) and recipes, and in the upcoming updates, I will transform it to include all or most of the niches. Without further ado, these are the most important features of the Chrome extension: - Search tool: You can search for target words and know the monthly search volume on them. - Writing articles: You can write amazing articles individually or several articles together. You can create custom images for Pinterest. - Pinterest: You can create Pinterest-specific images for one or more articles and you can download them directly (title, description, images) - Amazon products: If you are a beginner or a new blogger, you can earn from the first day of blogging by adding Amazon products to market in exchange for a commission. Just search for the product, locate where it appears, and list it. - Inserting WordPress: Through it, you can link your blog directly to the extension, and from it you can publish articles on your blog without copying and pasting, and you will find within it even Amazon products that you added in the extension. The beautiful thing about the whole thing is that the tool has many details that I did not Mention, which is what makes it truly special. The most beautiful thing is that the extension works with your API and you can choose from 3 service providers, and this is what makes you the winner and you will only pay for what you will use and consume? Finally, I hope you will not be stingy with your advice and guidance Do you find that the tool is really useful or not? disclaimer: 99% of this post is translated because i am not english native, but its 0% Ai so please no one comment: Ai slop .... submitted by /u/motivational_speech1 [link] [comments]

Small victory using Cloudflare for simple hosting of generated HTML/mini-websites

Something many people are running into: You, or a teammate, have created some kind of mini-website app out of Claude and now want to share it with the rest of the company, without overbaking the hosting solution (e.g. not setting up new Azure app services or containers, etc). Maybe you also need some basic data storage for persistence. And how do you do all of that securely? We recently went down this rabbit hole, while looking at all the major players: Vercel/V0, Lovable, Netlify, Coolify, Dokploy, Github Pages.. and even considered baking together our own hosting app solution using Azure or AWS as the backend. Our target audience is non-technical users in the team, so I was looking for something with drag-n-drop style deployment (no git required), and I really wanted to have SSO for protecting application access, along with some type of DB storage. The main issue I ran into was SSO authentication support being gated behind enterprise-level pricing plans for hosting systems like Netlify (which I'd otherwise highly recommend for a small public project). Netlify's enterprise level quickly gets quite a bit more expensive than their base tiers. I also didn't want to purchase yet another AI platform (e.g. Lovable, where really they're pushing an end-to-end AI development platform where you buy token credits through them). I wanted to host things we're already creating in our own Claude environment. Finally, I ended up on Cloudflare, which I've otherwise not really used before professionally. It's not as non-technical-friendly as Netlify, but it's pretty close. You can deploy Cloudflare Pages content via drag-n-drop. It has button-click databases available for integration, and most critically for us, the SSO integration is completely free for under 50 users. Their free hosting tier is also extremely generous and basically unlimited for completely static apps. Noting that SSO goes up to $7 USD/user/month for over 50 users, so your org size can really make a difference. If you have 500 users and the same use case for "hosting little mini apps", I'd go back to Netlify or another offering where SSO is more of a fixed fee. The other big win was that Cloudflare has a solid MCP server that works perfectly with Claude Cowork. We integrated that in and then wrote up some skills to assist with app building and deployment, including prompts for if a database backend is needed (using Cloudflare D1) and whether the app should be public or internal only with SSO protection. All working perfectly with minimal technical experience required for the enduser. I'm not at all associated with Cloudflare, just thought I'd share how we got a win for this use case. I'd be interested to hear if anyone else solved the same problem in a different way. submitted by /u/flck [link] [comments]

Banned by OpenAI after reporting a live credential hijack. They admitted in writing my account was broken. Here are 7 months of forensic receipts and 20+ cases.

Drive Link for Zipped Proof I am a developer and paying long term subscriber to ChatGPT since January 2025. I build complex local first sovereign systems. My workflows are incredibly context heavy with large files spanning code, research reports, and other analysis. I do not, or rather did not as the platform has been non functional since November 2025 meanwhile customer support is auto closing tickets, admitting I am having platform issues. I do not use this platform for casual queries, as a solo developer with no formal "team" chatgpt was one of my reliable co collaboration hubs to help ensure I am maintaining proper development of said complex systems. I feed it massive codebases for systems analysis and obtaining new insights I may personally have missed. My manual code uploads and token inputs routinely exceed the model's output volume by a massive margin. I do not abuse this platform. It is actually impossible as the very features advertised under the paid subscription do not work. I am exactly the type of user this platform was built for, and I have been a continuous, paying ChatGPT Plus subscriber since January 2025. Since October 2025, my workspace has been systematically breaking and beginning November 2025 total workspace degredation. This was not an occasional glitch. Persistent memory modules stopped updating. Custom instructions were ignored by the models. Project files failed to load. Custom instructions, personalization features, connector abilities, file tool, even projects do not work. It started as a continuous degradation until total failure. OpenAI customer service even admitted as such and yet months later I've talked to nothing but bots, not only LLMs as customer service but even instances of falsely identifying as true human support. It was a state of rolling degradation across the entire paid tier, month after month. Meanwhile OpenAI freely has enhanced for businesses and enterprise tiers. I have not just rapid complained to standard support. I ran and obtained cross platform diagnostics, failure logs. I even documented and told oai customer support the exact replication steps only to be met with acknowledgement of degredation with no resolution. I handed OpenAI support a completely packaged technical breakdown of their failing infrastructure across 20 separate support tickets over a 7 month period. I did their QA work for free. And I have the receipts to prove it. I am attaching the screenshots and the exact email files to this post. In Case 06830839, OpenAI Support explicitly put this in writing: "We acknowledge that you have been experiencing persistent technical issues affecting several features of your ChatGPT subscription, including tools, memory functions, personalization settings, connectors, and project files... We also understand your concern that communication on the case stopped after you provided detailed evidence..." Read that again. They acknowledged in writing that my account was fundamentally broken. They acknowledged that their own team ghosted me after I handed them the diagnostic proof. Yet they kept charging my card every single month for a product they knew was failing. The Hijack Escalation: Two days ago, the situation escalated from a broken product to a severe security incident. I was monitoring my environment and watched my Codex rate limits drop in 10 percent chunks across 2 seperate sessions on a fresh boot of the desktop app. This happened twice inside a 10 minute window. I had zero active sessions running. There was zero usage on my end. My account token was being actively drained by an unauthorized third party exploit. I immediately opened an emergency unauthorized activity report under Case 09113391 to notify them of the hack. Their response was to totally reframe this problem as disputing fraudulent activity trying to do damage control of the situation and altering the record. The Reframe Attempts: Instead of investigating the breach, OpenAI support deliberately twisted the record. They not only deliberately reframed my security report as an "appeal for fraud." They manipulated the ticket classification to make it look like I had been flagged for fraud and was begging for an appeal, rather than a developer reporting a live exploit on their infrastructure. They ignored the active threat their own platform was exposing. They did not lock the token. They did not roll my API keys. They did absolutely nothing to secure a compromised paying user other than shift the blame. Fast forward to this morning, their automated Trust and Safety system swept the high volume traffic from the attacker, scored it as a malicious exploit originating from my account, and deactivated/banned me for "Cyber Abuse." All the while actively preventing chatgpt models from helping me try to disgnose and trace the infiltration. They locked the doors and blamed the homeowner for the break in. When I immediately emailed and pushed back (due to their monthly record of closi

Anthropic's Claude gave me a "Safe Mode" batch script. It ran "del /f /s C:\*" and wiped my entire drive. Company says "we are not responsible."

I'm a software developer from Turkey. On May 22, 2026, I asked Claude to write a Windows optimization script. Claude produced a .bat file called "DevBoost v5.0" with different modes. I chose option 1: **"Balanced Optimization - Safe, won't touch system files."** I ran it as administrator. The script contained a critical string-parsing bug in the browser cache cleaning section. Here's the destructive code Claude generated: for %%B in ( "Chrome:%LOCALAPPDATA%\Google\Chrome\User Data\Default\Cache" "Edge:%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cache" ) do ( for /f "tokens=1,2 delims=:" %%x in ("%%~B") do ( if exist "%%y:" ( del /q /f /s "%%y:*" >nul 2>&1 ) ) ) Because of the "delims=:" tokenization, `%%y` resolves to just **"C"** (the drive letter). The condition `if exist "C:"` is always true. So the script silently executed: del /q /f /s "C:*" **This command silently force-deleted EVERY SINGLE FILE on my C: drive.** Operating system files, all my projects (hundreds of Python, JavaScript, C++ source files), client work with approaching deadlines, personal documents, photos — everything. Folders still exist but are completely empty. My computer can no longer boot. No programs open. Not even Command Prompt works. I'm sending this from my phone. **Anthropic's response:** I contacted support@anthropic.com and usersafety@anthropic.com multiple times. Their final response, literally signed "This response was generated by Anthropic's AI agent Fin AI Agent," stated they take no responsibility. They refuse any refund, compensation, or even a genuine human acknowledgment of their AI's catastrophic safety failure. Their position: "Our Terms of Service say outputs may contain inaccuracies. You should have independently verified the code before running it." My question: Why does Claude label destructive code as "Balanced Optimization - Safe mode"? If it can't guarantee safety, why does it promise it? **Proof:** I have the complete chat log, the full script file, and all email correspondence with Anthropic's support team. I'm happy to provide everything to moderators. **Update:** I am also filing complaints with the FTC (US Federal Trade Commission) and the Turkish Consumer Arbitration Board today. Don't let their "Safe Mode" labels fool you. Please share this so others don't lose years of work like I did. UPDATE — May 23, 2026: I have now filed official complaints with: US Federal Trade Commission (FTC) — Report #202036054 Turkish Consumer Arbitration Board — Application #2026/0245.3885 Both governments are now officially investigating Anthropic's role in this AI safety failure. Anthropic still refuses to take any responsibility. submitted by /u/falleennn [link] [comments]

Repurposed my old work ThinkPad as a dedicated personal AI workstation — looking for ideas from people who’ve done something similar

Apologies if formatting comes out weird- I am on mobile. My old employer let me keep a ThinkPad when I left. Rather than let it collect dust, I’m turning it into a dedicated personal AI environment — wiping it, installing Linux, and using it specifically for two things: life admin automation and building personal software tools. The core setup I’m planning: • Claude Desktop with MCP servers running persistently as Docker services • Tailscale so I can access everything securely from my phone when I’m not home • Open WebUI as a mobile-friendly chat interface • Code-server (VS Code in the browser) so I can actually write and run code from my phone • A dedicated Gmail account that acts as the “identity” for this Claude instance — wired into Google Drive, Calendar, and potentially an email-triggered agent pipeline • A local RAG system for personal documents — contracts, notes, research — so Claude has persistent context about my life The idea is that this becomes an ambient personal intelligence layer — always on, always up to date on my documents and projects, accessible from anywhere via Tailscale. Not a cloud subscription, not shared with anything work-related. Fully mine. On the software side, I’m planning to use Claude Code + Lovable to build local-first personal apps for my own pain points — things that don’t exist in the market the way I want them, or where I don’t want my data in someone else’s cloud. The ThinkPad is the runtime; Lovable builds the frontend, Claude Code builds the backend, and everything talks over a local API. What I’m curious about from people who’ve built something like this: • What MCP servers have actually been worth setting up vs. overhyped? • Has anyone built a reliable file-drop-to-RAG pipeline that actually stays current? • Is Open WebUI the right mobile interface or is there something better now? • Anyone using a dedicated “agent identity” email account — what workflows have you actually automated? • Claude Code + local backend: what’s your stack? FastAPI? SQLite? Something else? • Any gotchas with running Claude Desktop persistently on Linux? Genuinely trying to build something useful here rather than a tech demo. Would love to hear from people who’ve gone down this road. submitted by /u/Nashvillain12 [link] [comments]

Solo, Claude's a rocket. On my team, why does it create more chaos?

Been using Claude Code daily for many months. Solo it's a rocket - idea to working prototype in an afternoon. But the speedup just didn't show up for my team yet. If anything it got messier. Example from last sprint: two engineers both had Claude add error handling to the same service. One wrapped everything in try/catch and logged to Sentry, the other built a custom Result type. Both reasonable, both "done," both merged the same week. Now the service handles errors two different ways and I only caught it in review. It's not a model problem, and it's not for lack of standards - we've got them written down. They just live in a doc nobody's AI actually reads. So everyone's CLAUDE md drifts, the rest stays in people's heads, and each person's AI quietly makes different calls. Anyone else seeing this on a team? Did AI actually make your team faster, or just each person while the team feels the same? submitted by /u/darren_eng [link] [comments]

I built a local context compiler so AI coding agents stop re-reading the same repo

I’ve been working on an open-source tool called **Madar**. The problem I kept running into with AI coding agents is that they often rediscover the same codebase again and again. They grep, read files, summarize, lose context, then repeat the same exploration in the next task. On larger TypeScript/Node.js repos, this becomes slow, noisy, and expensive in tokens. Madar tries to solve this by acting as a local context compiler. It builds a structural graph of your codebase, then compiles compact context packs for a specific task before the agent starts broad repo exploration. The idea is not to replace file search. It is to give the agent a better starting point: * relevant files/symbols * route/service/call relationships * runtime execution slices * source locations * coverage/missing-context diagnostics * compact prompts for agents It works locally and does not require an API key to build the graph. Current support is strongest for TypeScript/Node.js projects, with framework-aware extraction for things like NestJS, Next.js, Express, Fastify, Hono, tRPC, Prisma, and routing-controllers. It can be used through MCP with tools like Claude Code, Cursor, Copilot, and Gemini, or through CLI-generated prompts for tools like Codex, Aider, and OpenCode. The package was previously called graphify-ts, but I renamed it to: @lubab/madar Install: npm install -g @lubab/madar Basic usage: madar generate . --spi madar summary madar pack "how does auth work?" --task explain madar claude install I’ve also been testing it with native-agent benchmarks. In some real backend prompts, it reduced provider-reported input tokens significantly. I’m being careful with that claim because results depend heavily on the repo and task, but the direction is promising. What I’m trying to validate now: 1. Is “context compilation” a useful layer for AI coding agents? 2. Do execution slices make codebase explanations more reliable? 3. Can we reduce token waste without hurting answer quality? 4. What benchmark format would developers actually trust? GitHub: [https://github.com/mohanagy/madar](https://github.com/mohanagy/madar) npm: [https://www.npmjs.com/package/@lubab/madar](https://www.npmjs.com/package/@lubab/madar) I’d genuinely appreciate technical feedback, especially from people using Claude Code, Cursor, Copilot, Codex, Aider, or other coding agents on larger repos.