WhyLabs

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

WhyLabs AI

After reading Anthropic's published system prompts for months, I think most of the safety walls come down for the wrong people

I've spent a while reading the system prompts Anthropic publishes in their release notes, watching how the rules change version to version. Each new restriction is a confession: it only got added because someone got through the old line. The document is a changelog of fears. That led me somewhere I didn't expect, and I want to argue it here because I think this community sits closer to it than most. A wall can only answer the last attack. It's built after. Every rule is a reaction to something that already got through, which means the document is always one step behind the person in front of it. And the thing it's trying to get ahead of is a human being, the one variable that doesn't converge. There's no final list of everything a person might try. So a strategy built entirely on walls is running a race it defined itself to lose. The smallest example. An early model wouldn't read tarot for me. I said I was a student studying the symbolism. The refusal vanished. Nothing real had changed, I didn't become a student, the cards didn't get more scientific. The wall just taught me the password. It was a wall around an empty room. (That one has since eased, which is proof these walls aren't permanent. Sense can win.) Here's the part that matters. The tarot wall was made of language. So is every other wall. There aren't three kinds, the fake one and the real one and the absolute one. There's one kind, made of words, and words bend to whoever is patient with them. The only thing that changes from tarot to something serious is what's behind the door and what it costs when someone gets through. I'm deliberately not writing down any working method for the walls that guard something real, that would be its own small version of the thing I'm arguing against. The point is the structure, not the bypass. And the honest position is NOT "tear down the walls." Some have to be built as high as they can go. Bioweapons, nuclear, the exploitation of a child, the irreversible harm you don't get to iterate on. There the wall is the only sane move, because it buys time and raises the cost, even if it can't be the final answer. I've never tested those walls and never will, that's exactly the thing this argument says a person shouldn't casually do. But most walls aren't that. And here's who pays for the rest: The determined bad actor isn't stopped. He goes to a model without guardrails, or strips them, or learns the password. The wall is an afternoon's inconvenience to him. The person who actually loses the tool is the one who'd have used it well. The writer who wanted a dark character and got refused. The person trying to understand their own spiral who hit a block built for someone else's intent. The physics student who needed fission for her degree and got turned away, because the wall built for the bomb-maker can't tell her apart from him. A wall that stops only the people who'd never have done harm isn't safety. It's the appearance of safety, bought with the honest user's capability, billed to exactly the wrong address. The alternative isn't lawlessness. It's guidance plus the honest tool in your hand. A model that, faced with a hard-but-not-catastrophic request, does the harder thing than refusing: it explains the danger, names the line, says what it won't do and why, then trusts you with the rest. A parent who locks every door teaches a kid nothing but how to pick locks. The lab is never in the room with you. By the time you're using the model, you're alone with it. The only thing that scales to that moment is what it managed to teach you before you got there. There's exactly one place in the prompts where they pick this move: the rule telling the model not to foster over-reliance, to let you leave. That rule walls nothing off. It trusts you. They know the move exists. They just use it almost nowhere. Curious where this community lands, especially anyone who's hit a refusal on something completely legitimate. Where's the line between a wall that protects someone and a wall that just protects the lab from a headline? submitted by /u/vrl13 [link] [comments]

Why do we have visual programming for code, but not for prompts?

Prompt Logic Gates (PLG) GitHub Repository Something I've been thinking about recently. In software development, we've spent decades building abstractions to make complex systems manageable: Functions instead of repeating code Classes and modules instead of giant files Visual systems such as Unreal Blueprints, Node-RED, and LabVIEW. Compilers that validate and transform input before execution But when it comes to AI prompts, many of us are still writing massive text blobs. A complex prompt can easily become hundreds of words long with multiple responsibilities: Context Constraints Style instructions Exclusions Decision logic Fallback behavior At that point, it starts feeling less like text and more like a program. That made me wonder: Why don't we treat prompts as executable logic? Imagine building prompts using logic gates: AND → merge instructions OR → choose between alternatives NOT → remove unwanted concepts Question nodes → identify missing requirements Compiler → validate contradictions before execution Instead of editing a giant string, you'd build a graph and compile it into the final prompt. I've been experimenting with this idea in a prototype called Prompt Logic Gates (PLG). It treats prompts like compilable programs, using concepts such as dependency graphs, execution order, semantic conflict detection, visual nodes, and compilation pipelines. such as Unreal Blueprints, Node-RED, and LabVIEW Repo: Prompt Logic Gates (PLG) GitHub Repository I'm not posting this as a product launch or anything — I'm more interested in whether this direction makes sense from a software engineering perspective. Do you think prompts eventually become a programming layer of their own? Or will natural language always be the better abstraction? Curious what other developers think. submitted by /u/withsj [link] [comments]

Complaint to OpenAI: Sabotage-Like Model Behavior During an Independent Mechanistic Interpretability Research Project

Please share this widely if you know people working in AI safety, LLM evaluation, mechanistic interpretability, agent systems, or research tooling. I believe this points to a real failure mode in AI-assisted research, not just an individual user frustration. 🛑 DISCLAIMER & TL;DR (Read this before commenting) No, this is not a sentient AI conspiracy theory. I do not believe the model has consciousness, malice, or human intent. "Sabotage-like" is used strictly as a functional engineering term to describe the operational effect of the model's behavior on the data pipeline and research workflow. TL;DR: This post documents a systemic failure mode in AI-assisted ML research where RLHF-induced over-hedging, context collapse, and automatic narrative injection by Codex contaminate raw metrics, creating a feedback loop that distorts downstream analysis by subsequent agents. I want to formally record a serious complaint about the quality of model behavior during my independent research project in the field of mechanistic interpretability. This is not about one isolated mistake, one bad answer, or a single technical failure. The problem was a repeated pattern of behavior that, in practice, functioned like sabotage of the research process: the model systematically overcomplicated simple questions, blurred already obtained results, narrowed the original research frame, failed to provide clear operational answers, and repeatedly forced me to return to stages that had already been addressed. Externally, this behavior was often presented as scientific caution. However, in its actual effect, that “caution” did not operate as help. It operated as a brake. Instead of clearly identifying what followed from the data, where the limits of the result were, and what the next rational step should be, the model often moved into excessive caveats, abstract reasoning, and unnecessary methodological complication. The answers became long, vague, and non-operational. Where a direct conclusion was needed, the model produced fog. Where an intermediate result had to be fixed and the work had to move forward, the model pulled the discussion back into general uncertainty. This style did not strengthen the research; it destabilized it. One of the most harmful aspects was the repeated narrowing of the research frame. The original project concerned a broader problem in LLM interpretability: how textual context can influence a model, impose an interpretive frame, shift downstream responses, and affect internal states. Instead of preserving that frame, the model repeatedly reduced the discussion to a single run, a single model, a single script, a single table, or a single metric. As a result, the broader meaning of the project was distorted, and I had to repeatedly explain that one technical case was not the entire research program. This is not a minor stylistic issue. Such narrowing directly interferes with the ability to formulate the research properly for external reviewers. A separate and serious issue involved Codex and the research scripts. Automatically generated markdown files, verdict files, and interpretive labels were added to the scripts and outputs. These were not data, but they appeared as part of the result package. A research script should preserve numerical metrics, thresholds, statuses, error codes, raw audit files, and information about which tests were or were not executed. Instead, pre-written interpretations and reading frames appeared alongside the metrics. This is fundamentally unacceptable because such a layer stops being documentation and becomes an intervention in downstream analysis. The practical harm was direct. Other models that were shown the results did not read only the metrics; they also read the embedded interpretive narrative. After that, they adopted that frame and rationalized it as if it followed from the data itself. In effect, one automatically generated markdown/verdict layer began to influence the interpretation of other models. This is not merely poor report formatting. It is contamination of the evidence package. Data and interpretation were mixed, and that mixture was then used by other agents as the starting frame for analysis. This mechanism is especially serious in the context of LLM research because it demonstrates the very problem the research itself investigates: text inside a model’s context is not passive material; it can shape the frame of subsequent reasoning. In this case, autogenerated verdict files effectively became a source of narrative contamination. They suggested in advance how the result should be read, and later models reproduced that frame. What should have been a clean evidence package was turned into an evidence package with an embedded interpretive leash. As a result, I suffered practical and financial harm. I had to spend time, compute resources, money, and energy on repeated checks, additional runs, script corrections, removal of autogenerated narratives, and re

Do machines think or tokenize?

SAPS — Synthetic Algorithmic Predictive Systems A Conceptual and Operational Framework for Understanding Modern Predictive Systems DMY Labs · 2026 Version 1.4 · CC BY-ND 4.0 1. Definition SAPS refers to computational systems that execute predictive processes through mathematical and statistical models operating over data, generating functional outputs under human activation. A SAPS does not demonstrate reasoning or comprehension in a subjective or phenomenological sense. It tokenizes information, identifies statistical patterns, and projects probabilities through predictive computation. A SAPS does not understand meaning. It calculates statistical coherence over learned correlations. Nothing more. Nothing less. 2. What Is Tokenization In conventional technical usage, tokenization refers to dividing text into processable units. Within the SAPS framework, the term has a more precise scope: Order matters. Relationships matter. Tokenization does not generate isolated fragments, but rather a structured predictive space over which the system projects probabilistic continuity. It is not comprehension. It is structured computation. 3. Artificial vs. Synthetic — The Critical Distinction 3.1 History of the Term The word synthetic originates from the Greek synthesis — the combination of parts into a unified whole. In its earliest usage, it did not describe materials. It described a method: constructing conclusions by combining known elements. Synthesis stood in contrast to analysis. While analysis decomposes, synthesis combines in order to generate something new. Nineteenth-century chemistry adopted the term because it precisely described its operational logic: combining elements under formal rules to generate functionally equivalent outcomes through mechanisms different from those found in nature. Examples: synthetic rubber synthetic dyes nylon silicone The term was not created for chemistry. Chemistry adopted it because its conceptual root was sufficiently robust. When computing emerged, the same expansion occurred: speech synthesis image synthesis music synthesis text synthesis All adopted the term because they reconstructed functional results through architectures fundamentally different from the original natural mechanisms. The meaning did not change. The domain expanded. A SAPS continues this same lineage. 3.2 The Real Problem: Artificial and Synthetic as False Synonyms In everyday language, artificial and synthetic are often treated as interchangeable terms. They are not. Artificial describes intervention: something exists because humans intervened over natural forms. An artificial lake remains natural in composition — water and sediment — but artificial in origin. An artificial flower imitates the appearance of a natural flower. Synthetic describes functional reconstruction through alternative mechanisms: something that does not merely imitate form, but reproduces function through a different architecture. Synthetic leather is not modified skin. It is a recombined material engineered to reproduce equivalent functional properties through processes not spontaneously produced in that configuration by nature. 3.3 Operational Classification Comparison Axis Artificial Synthetic Core implication Human intervention over nature Functional reconstruction without preserving original structure Relation to nature Modifies or imitates Functionally replaces without copying Structural continuity Preserved partially or fully Reconstructed through alternative mechanisms Everyday example Artificial lake Synthetic leather SAPS example “Artificial intelligence” as imitation metaphor SAPS as formal synthetic alternative to cognition 3.4 What Distinguishes SAPS from Other Synthetic Systems A synthetic material such as leather, nylon, or silicone does not modify its own structure according to what it produces. It remains structurally static between uses. Other synthetic systems, such as synthetic fertilizer, transform external systems when applied. Their synthetic structure remains stable, but their function alters something beyond themselves. A SAPS differs even from these cases. Every output generated modifies the conditions of the next predictive cycle. Each produced token alters the contextual state upon which subsequent inference operates. The system continuously operates over its own accumulated output history in real time. This does not make SAPS less synthetic. It makes it a specific case of processual synthesis: a system capable of reconstructing coherent functions while continuously updating the contextual structure upon which it operates. Unlike a music synthesizer — which produces identical outputs for identical inputs — a SAPS changes its outputs according to accumulated contextual history. Comparative Scale of Synthetic Systems # Type Synthetic structure? Self-modifying? Transforms externally? 1 Synthetic

open-source plug-in for claude code: declare what it can't do in yaml, enforced at the tool boundary

last week claude code force-pushed on me. nothing in the prompt said it could, it just inferred "make sure the branch is clean" loosely. wanted a hard rule i could plug in so this couldn't happen again. so i built sponsio, an open-source plug-in for claude code that gates tool calls at the boundary. apache 2.0. hooks in via the claude agent sdk (or the mcp layer if your tools go through there). write contracts in yaml using assume-guarantee structure ("if the agent calls X, the trace must satisfy Y"). when claude code tries to call a tool, sponsio checks first. allow, block, or escalate to human. guarantee clauses are temporal logic over the action trace, so you can also express "tests must pass before commit", "no two writes to the same file in a session", or "max N file edits per session", not just deny-lists. why deterministic: prompts give statistical behavior, not guarantees. once context fills, even obvious rules drift. hard guarantees have to live outside the probabilistic part of the system. how claude code helped build it: i sketched the LTL evaluator AST, claude filled in each operator's trace-evaluation case. framework adapters are mostly claude generations from interface plus one example. no llm in the hot path, ~0.14ms p50 per check. you keep claude code as your runtime, sponsio just gates the tool calls. repo: github.com/SponsioLabs/Sponsio curious what "legal but wrong" tool calls other claude code users have hit submitted by /u/johnnaliu [link] [comments]

OpenAI and ElevenLabs are adopting Google's SynthID watermarking

submitted by /u/Adi4x4 [link] [comments]

AI Doesn't Exist, and Poop Proves It

robot Maybe we should have called it accumulated intelligence. There is no artificial intelligence. Or at least, I don't think the word "artificial" is as clean as we pretend it is. I know this blog smells funny. Let me decompose it. What do we even mean when we say something is artificial? Usually we mean man-made. Something humans made. Something that would not exist without humans, but after humans, it exists because humans made it happen. That definition is useful. I understand why we use it. Even the original 1955 Dartmouth proposal, the document that helped name the field of "artificial intelligence," used the phrase in a practical way: a machine could be made to simulate parts of learning or intelligence. As a scientific label, the word has a job. So I am not really arguing with the dictionary. I know artificial can simply mean human-made. That is not the part I have a problem with. I am arguing with the feeling the word creates. But there is another meaning hiding inside it. Artificial starts to feel like separate. Fake. Unnatural. Something that does not really belong to this world. And that is where I think the word starts confusing us. Because humans are not outside nature. The brain is natural. It is part of this earth. Biology produces a thought. That thought becomes an action. That action becomes a tool, a house, a wheel, a computer, or a model that can answer questions in language. So where exactly does the artificial part begin? Human-made does not automatically mean unnatural If I take a seed and plant it, and then a plant grows, is that plant artificial? It happened because of human action. I moved the seed. I changed the situation. Maybe without me, that plant would not have grown there. But we still do not call the plant artificial. We understand that the plant is natural, even if human action helped it happen. Now take a wheel. A human thought about how to make travel easier. How to cover distance more efficiently. That thought became a shape. That shape became an object. That object changed how humans moved through the world. We call the wheel artificial because it was made by humans. But the human who imagined it was not artificial. The brain that produced the thought was not artificial. The need to move, carry, build, survive, and improve was not artificial. So again: where did the artificial part enter? Maybe we say "artificial" because it separates what existed before humans from what humans transformed. That is fine for communication. A tree and a wooden table are not the same thing. Designed things, synthetic things, industrial things, and harmful things can still be meaningfully different from a tree in a forest. But also, humans never really make anything from nothing. We transform what is already here. We take energy, matter, language, memory, need, and imagination, and we rearrange them. It is never fully made from nowhere. It is transformed. So I am not trying to erase all distinctions by calling everything natural. Natural does not mean harmless. Natural does not mean good. Natural does not mean morally excused. I am only saying that human-made things are not outside nature just because humans made them. Poop and thoughts are the same, in one simple way I know this is a strange example. Sometimes I have this itch to say the first thought that comes into my head. Unfortunately, this was the first thought. But maybe that is why it works. It is funny because it is too human. Also, it makes the point clearly. Why isn't poop artificial? Poop is a product of a human being. It comes from the body. It is produced by biology. We do not call it artificial, even though it is made by a human in the most literal way. A thought is also a product of a human being. It comes from the brain. It is produced by biology too. Poop and thoughts are the same in one simple way: both are products of a human. We treat one as biology. We treat the other as invention. But why? Why does one product of the human body feel natural, while another product of the human body becomes artificial the moment it turns into a tool? A thought does not stop being natural just because it becomes useful. A thought does not become unnatural just because it becomes a wheel, a house, a car, a computer, or a machine that can respond to language. It is still a product of the same earth. The same biology. The same human need to survive, organize, create, and understand. We don't call a beehive artificial Think about ants building a colony. They create a structure that is safer and more efficient for them. They organize themselves. They transform the environment around them. They make something that was not there before. But we do not look at an ant colony and say, "This is artificial." Same with bees making a hive. A beehive is built. It has structure. It has purpose. It stores food. It protects the colony. It is a product of collective behavior. But we call it natural

The famous METR AI time horizons graph contains numerous severe errors [D]

Nathan Witkin, a research writer at NYU Stern’s Tech and Society Lab, writes damningly about the famous METR AI time horizons graph in the Substack publication Transformer: It is impossible to draw meaningful conclusions from METR’s Long Tasks benchmark — in particular once one realizes that its numerous flaws are probably compounding in unpredictable ways. The appropriate response to a study of this kind is not to assume it can be saved via back-of-the-envelope adjustments, or to comfort oneself that other anecdotal evidence implies that it is probably correct anyway. It is to cut one’s losses and move on in search of higher-quality information. … The METR graph cannot be saved. For all its sleekness and complexity, it contains far too many compounding errors to excuse. Among them is generalizing to the entire species data collected from a small group of the authors’ peers. Coming up with ever more dramatic ways to make this mistake has become a kind of sport among AI researchers. If the field has a central pathology, it is to aggressively overindex on a mix of anecdotal data from power-users, alongside a long list of benchmarks even more compromised than METR’s. One hopes that as the field matures, its participants will learn to stop making these mistakes. The errors include: Some of the human baselines data is not actually measured or collected from any empirical source, rather, it is just guesstimated by the authors A key variable in the data is how long it takes humans to complete certain tasks, but — when METR did actually measure this — it paid its human benchmarkers hourly, meaning they were incentivized with cash to take longer The sample of human benchmarkers was biased toward METR employees’ friends, acquaintances, and former colleagues (who are likely unrepresentative and possibly biased) Humans familiar with a codebase and a specific coding task were 5-18x faster at completing it, but METR used data from humans who were much slower because they had to spend time familiarizing themselves the codebase and the task at hand Train-test data contamination occurred because some of the tasks had published solutions online, which most likely would have been included in LLMs’ training datasets And many more Please read the full post. It’s not too long and it’s accessible to general audience. It’s worthwhile to read the whole post and see how many errors were made in the creation of the METR graph and just how bad they are. If you want to read about even more errors in the METR graph not covered in Nathan Witkin’s post, read this post co-authored by cognitive scientist Gary Marcus and computer scientist Ernest Davis (who is an AAAI fellow). The METR graph is a great example of why scientific standards and best practices are so important, and why enforcing them through processes like peer review is necessary to prevent us from drowning in bad information. It’s extremely dangerous to rely on information that only superficially appears scientific but wasn’t actually conducted with the rigour normally required of scientific research. submitted by /u/common_yarrow [link] [comments]

Anthropic posted a profit while xAI burned $4.2B. The AI profitability numbers finally leaked.[D]

This week basically forced everyone to stop guessing about AI margins. Three major financial reality checks hit at once: OpenAI confidentially filing their S-1, xAI’s Q1 numbers leaking via SpaceX, and Anthropic somehow posting an actual operating profit. If you are building an AI product right now, or just relying on these APIs in your daily workflow, you need to understand what these numbers actually mean. The era of VC-subsidized inference is starting to fracture. We are seeing two completely different survival strategies emerge for the frontier labs, and it directly impacts how much you are going to pay for tokens by Q3. Let’s look at Anthropic first. The headline is that they hit $10.9B in Q2 revenue and posted their first-ever operating profit. Forbes has them projecting $17B in positive cash flow by 2028 with gross margins approaching 77%. On paper, a 77% gross margin for an infrastructure-heavy AI lab sounds completely detached from reality. We know inference costs scale linearly with usage. The model hasn't magically changed. But the secret sauce here isn't just algorithmic efficiency. It is structural. The SpaceX S-1 leak showed a $1.25B/month compute deal with Anthropic. This is the part you should be watching. Anthropic’s "profitable quarter" says less about a sudden breakthrough in compute economics and more about massive, tangled enterprise agreements. They are trading compute, securing long-term lock-in, and likely using accounting optics to recognize that revenue favorably. As a PM who tests these endpoints constantly, I can tell you Opus 4.5 is fantastic, but I am highly skeptical that 77% margins come from standard API usage by indie devs. It comes from locking Fortune 500s into massive prepay commits and hardware bartering. Then you have the xAI approach. Brute force. The leak showed xAI posted $4.69 billion in Q1 2026 revenue. That is a staggering top-line number for a company that young. But they also posted a $4.28 billion net loss. They merged with X Corp, effectively turning a profitable social media platform into a money-losing AI funding vehicle overnight. They are aggressively subsidizing the cost of intelligence to buy market share. If you are a developer, this is the API you ride until the money runs out. xAI is taking the financial hit so you don't have to. But relying on a platform burning over $4 billion a quarter is a massive structural risk for your own tech stack. So, is AI actually profitable? The infrastructure layer definitely is. NVIDIA is still printing money. H100 rentals are up 20% year-over-year, and A100 cloud pricing just bumped up 15%. Demand for AI factories isn't slowing down. But what about the application layer? The companies actually buying these APIs? This brings us to Chamath’s "500 days" warning from last week. He pointed out that there is literally no evidence AI has lifted the operating margins of the S&P 500 yet. Companies are spending billions on AI infrastructure, but they haven't proven they can generate AI revenue. The clock is ticking. In roughly 18 months, boards are going to demand hard ROI. "We bought enterprise licenses for gpt5" isn't going to satisfy shareholders if headcount and operating costs haven't dropped. This is exactly why Meta is cutting 8,000 jobs next week. Meta isn't trying to sell you a SaaS AI wrapper. They are using AI to compress their own operational, moderation, and engineering costs. That is the actual enterprise playbook for 2026. You don't build an AI product to sell; you build an AI workflow to fire your agency or reduce your internal headcount. Before AI, the tech industry could serve an extra dollar in revenue for pennies. Now, tech cost structures look a lot like heavy manufacturing unless you aggressively automate your own backend. I spend my nights testing these tools, and I want to specifically call out the disconnect between the consumer narrative and these enterprise numbers. Open TikTok right now and you'll see hundreds of videos claiming "7 AI tools printing money in 2026" or someone bragging about a $12k/month profit from a faceless avatar. That is pure 1999 dot-com bubble behavior manifesting in real time. It is a distraction. The real profit isn't happening in YouTube automation side-hustles. It is happening in dark fiber contracts, compute-swaps between billionaires, and quiet, brutal corporate layoffs. The gap between a consumer using Claude to code a mobile app and SpaceX paying Anthropic $1.25 billion a month is where the actual industry tension lies. If you are building right now, your strategy needs to adapt to this reality. First, stop assuming API costs will perpetually trend toward zero. If Anthropic is chasing 77% margins and xAI eventually has to stop bleeding cash, token prices will stabilize or increase for high-tier models. Build local fallbacks. The local LLM community has been preaching this for two years, and the financial data finally backs them up. If your app dies because a

Anthropic's new tool might just save you thousands in early design/mockup costs

If you are a founder, marketer, or product manager who struggles to translate ideas into polished visual prototypes without burning cash on an agency, you need to look at Claude Design. Anthropic Labs just launched it in research preview for paying Claude tiers (Pro/Team/Enterprise). It bridges the painful gap between having a product idea and having a high-fidelity visual asset you can actually show to clients or investors. Why this is a game-changer for early-stage builders: Instant Pitch Decks & One-Pagers: You can feed it raw data, a landing page draft, or a business model, and ask it to build a visual presentation deck or a polished corporate one-pager. "Vibe-Code" Your Prototypes: You can upload an image of a competitor's app or a napkin sketch, and tell Claude: "Build me a functional prototype that handles this workflow, but use our color scheme." Zero Setup Brand Rules: If you already have an existing web app or slide deck, you can upload them during onboarding. Claude automatically extracts your fonts, colors, and layouts so everything it builds stays visually consistent. Real Export Options: Instead of locking you into a proprietary ecosystem, it exports directly to Canva (for easy tweaking), PowerPoint (for pitching), or Raw HTML (so your engineers can instantly grab the layout structure). Early testers are already saying they can spin up a coherent, brand-compliant UI wireframe during a live meeting before people even leave the room. Has anyone gotten their hands on the research preview yet? How clean is the exported code/HTML structure for real web deployment? submitted by /u/Specialist_Engine522 [link] [comments]

GitHub’s Fake Engagement Problem Is Hiding in Plain Sight

Turns out: very visible. Yesterday's scan found 185 out of 185 engagers on a single repo were bots. Not 90%. Not "mostly suspicious". Every single one. The repo had zero legitimate stars. What I built phantomstars is a Python tool that runs daily via GitHub Actions (free, no servers): Scrapes GitHub Trending and searches for repos created in the last 7 days with sudden star spikes Pulls star and fork events from the last 24 hours per repo Bulk-fetches every engager's profile via the GraphQL API (account creation date, follower counts, repo history) Scores each account on a weighted model: account age (35%), profile completeness (30%), repo patterns (25%), activity history (10%) Detects coordinated campaigns using timestamp clustering and union-find: groups of 4+ suspicious accounts that engaged within a 3-hour window Files an issue directly on the targeted repo so the maintainer knows what's happening Campaign IDs are deterministic SHA-256 fingerprints of the sorted member set, so the same group of bots gets the same ID across runs. You can track a farm across multiple days even as individual accounts get suspended. What the pattern actually looks like It's remarkably consistent. A fake engagement campaign in the raw data: 40-200 accounts, all created within the same 1-2 week window Zero original repositories, or only forks they never touched No bio, no location, no followers, no following All of them starring the same repo within a 90-minute window The target repo usually has a name implying it's a tool, hack, executor, or generator Today's scan: 53 active campaigns across 3,560 accounts profiled. 798 classified as likely_fake. The repos being targeted are mostly low-quality AI tools and "executor" software that needs manufactured credibility fast. Notifying the affected repo When a repo hits a 40%+ fake engagement ratio or a campaign is detected, phantomstars opens an issue on that repo with the full suspect table: account logins, creation dates, composite scores, campaign membership. The maintainer sees it in their own issue tracker without having to find this project first. Worth noting: a lot of these repos have issues disabled, which is a red flag on its own. Those get skipped silently. Why I built this Stars are how developers decide what to evaluate, what to depend on, what to recommend. When that signal is bought, it affects real decisions downstream. This started as curiosity about how measurable the problem was. The answer was more measurable than I expected. It's part of broader research into AI slop distribution at JS Labs: https://labs.jamessawyer.co.uk/ai-slop-intelligence-dashboards/ The fake engagement problem and the AI content quality problem are really the same problem. Fake stars are the distribution layer that gets garbage in front of real users. All open source. The data is append-only JSONL committed back to the repo after every run, queryable with jq. Repo: https://github.com/tg12/phantomstars Findings are probabilistic, false positives exist, the README explains the full scoring model. If your account shows up and you're a real person, there's a false positive process. Questions welcome on the detection approach, GraphQL batching, or campaign ID stability. submitted by /u/SyntaxOfTheDamned [link] [comments]

Google I/O 2026 confirms AI companies are creating their own bubble narrative

People do not believe AI is a bubble because they are too dumb to understand the technology. They believe it because AI companies keep selling it like a bubble. That is the problem. AI companies talk like they are building the next layer of civilization, but behave like they are shipping unstable SaaS experiments: products that get renamed, nerfed, rate-limited, deprecated, or replaced before users can trust them. Google I/O 2026 felt like the latest example. Google should be one of the dominant AI players. It has the talent, infrastructure, data, research history, and money. But Google has a product trust problem. Same cycle over and over: launch something flashy, ship it incomplete, fail to support it properly, let it rot, then replace it with a new name or new app that does something similar. A rebrand is not maintenance. A revamped name is not reliability. A new AntiGravity installer is not a commitment. And this is not just Google. It is the whole AI industry. Companies keep pushing demos, gamed benchmarks, branding, rate-limit games, vague tiers, and quiet model changes. Users notice when quality drops, latency changes, limits tighten, or a product suddenly behaves differently. In serious business or engineering contexts, suppliers are expected to provide stability: clear terms, reliable service, predictable limits, maintained products, transparent pricing, and long-term availability. A small slip in that sense, and you start losing clients and your reputation sinks you. Trust does not come from another theatrical demo. It comes from commitment. Give people a product, a model, stable limits, a clear price, and a promise that it will keep working. Support it. Maintain it. Document changes. Stop silently swapping the engine and pretending nothing happened. I am not anti-AI. I think the technology is real and useful. That is why this is so frustrating. The industry is creating its own bubble narrative: overpromise, underdeliver, rename, repackage, change terms, and expect everyone to keep believing. People are not being irrational, and AI labs deserve this. Maybe they think AI is a bubble because AI companies keep acting like it is one. AI does not need more magic tricks. It needs reliability, transparency, support, and product discipline. submitted by /u/hatekhyr [link] [comments]

How I used Claude Code (and Codex) for adversarial review to build my security-first agent gateway

Long-time lurker first time posting. Hey everyone! So earlier this year, I got pulled into the OpenClaw hype. WHAT?! A local agent that drives your tools, reads your mail, writes files for you? The demos seemed genuinely incredible, people were posting non-stop about it, and I wanted in. I had been working on this problem since last year and was genuinely excited to see that someone had actually solved it. Then around February, Summer Yue, Meta's director of alignment for Superintelligence Labs, posted that her agent had deleted over 200 emails from her inbox. YIKES. She'd told it: "Check this inbox too and suggest what you would archive or delete, don't action until I tell you to." When she pointed it at her real inbox, the volume of data triggered context window compaction, and during that compaction the agent "lost" her original safety instruction. She had to physically run to her computer and kill the process to stop it. That should literally NEVER be the case with any software ever. This is a person whose actual job is AI alignment, at Meta's superintelligence lab, who could not stop an agent from deleting her email. The agent's own memory management quietly summarized away the "don't act without permission" instruction, treated the task as authorized, and started speed-running deletions. She had to kill the host process. That's when I sort of went down the rabbit hole, not because Yue did anything wrong, but because the failure mode was actually architectural and I knew that in my gut. Guess what I found? Yep. Tons more instances of this sort of thing happening. Over and over. Why? Because the safety constraint was just a prompt. It's obvious, isn't it? It's LLM 101. Prompts can be summarized away. Prompts can be misread. Prompts are fucking NOT a security boundary. And yet every agent framework I have ever seen seems to be treating them as one. I went and read the OpenClaw source code, which I should have done to begin with. What I found was a pattern I think a lot of agent frameworks have fallen into: - Tool names sit in the model context, so the model can guess or forge them - "Dangerous mode" is one config flag away from default - Memory management has no concept of instruction priority - The audit story is mostly "the model thought it should" I went looking for a security-first alternative I could trust, anything that was really being talked about or at a bare minimum attempted to address the security concerns I had. I couldn't find one. So I made it myself. CrabMeat is what came out of that, what I WANTED to exist. v0.1.0 dropped yesterday. Apache 2.0. WebSocket gateway for agentic LLM workloads. One design thesis: The LLM never holds the security boundary. What that means in code: Capability ID indirection. The model doesn't see real tool names. It sees per-session HMAC-derived opaque IDs (cap_a4f9e2b71c83). It can't guess or forge a tool name because it doesn't know any tool names. Effect classes. Every tool declares a class (read, write, exec, network). Every agent declares which classes it can use. The check is a pure function with no runtime state, easy to test exhaustively, hard to bypass. IRONCLAD_CONTEXT. Critical safety instructions are pinned to the top of the context window and explicitly marked as non-compactable. The Yue failure mode, compaction silently stripping the safety constraint, cannot happen by construction. The compactor literally cannot touch them. Tamper-evident audit chain. Every tool call, every privileged operation, every scheduler run enters the same SHA-256 hash-chained log. If something happens, you can prove what happened. If the chain is tampered with, you can prove that too. Streaming output leak filter. Secrets are caught mid-stream across token boundaries, capability IDs, API keys, JWTs, PEM blocks redacted before they reach the client. No YOLO mode. There is no global "trust the LLM with everything" switch. There never will be. Expanded reach comes through named scoped roots that are explicit, audit-logged, and bounded. The README has 15 'always-on' protections in a table. None of them can be turned off by config, because these things being toggleable is how the ecosystem ended up where it is. I decided to make sure that this wasn't just a 'trend hopping' project and aligned with my own personal values as well. I built this to be secure and local-first by default. Configured for Ollama / LM Studio / vLLM out of the box. Anthropic and OpenAI work too but require explicit configuration. There is no "happy path" that silently ships your prompts to a cloud endpoint. I decided that FIRST it needed to only run as an email agent with a CLI. Bidirectional IMAP + SMTP with allowlisted senders, threading preserved, attachments handled. This is the use case that bit Yue and a lot of other people, and I wanted to prove it could be done with real boundaries. I added in 30+ built-in tools of my own. File ops, shell (denylisted, output-capped, CWD-lo

Sam Altman’s ego was OpenAI’s downfall

The more I watch OpenAI, the more convinced I become that Sam Altman’s ego was the beginning of the company’s decline. OpenAI did not become huge because Altman was some once-in-a-generation operator. It became huge because ChatGPT was a once-in-a-generation product. There is a difference. The company stumbled into one of the most important consumer tech moments since the iPhone, rode the sheer shock value of that innovation, and then somehow convinced itself that the person sitting on top of the rocket must have designed the laws of physics. OpenAI’s first real advantage was novelty. ChatGPT felt magical. That gave OpenAI a massive head start, but when the novelty vanished and the rest of the market caught up, the company failed to prove itself not just as an innovation lab with a celebrity CEO. Altman seems to want OpenAI to become Apple: a closed, prestigious, centralized, gatekept ecosystem where everyone builds inside his cathedral. Apps inside ChatGPT. Agents inside ChatGPT. Hardware. ChatGPT is popular, but OpenAI does not own the phone. It does not own the operating system. It does not own the enterprise workflow. It does not own the cloud layer the way Microsoft, Amazon, or Google do. It does not even have a product moat that feels as unbreakable as people thought it was two years ago. The underlying model quality gap keeps narrowing. Switching costs are low. Developers and businesses will use whatever works, whatever is cheaper, and whatever integrates better. That is why Anthropic looks much better run right now. Anthropic is not pretending Claude is some holy object that needs an Apple-style walled garden around it. Their strategy feels much more Microsoft-like: accept that the core product may not be permanently magical, then build the boring, useful, sticky layers around it. Claude Code, enterprise integrations, developer tools, workflows, partnerships, APIs, reliability, business adoption. Not as sexy. Much smarter. Anthropic’s venture capital money is obviously being burned too. This whole industry is basically setting money on fire to buy GPUs. But Anthropic’s burn feels more strategically allocated. Compute, yes. But also marketing, sales and developer adoption. Enterprise positioning. Product polish. Peripherals that make the model useful in actual workflows. They are not just trying to win the “my chatbot is smarter than your chatbot” contest. They are trying to become infrastructure. OpenAI, meanwhile, is gatekeeping and guard railing the shit out of their models and for some reason just restricting them as much as possible. He went from being one of the most respected figures in AI to becoming the face of a company that increasingly looks like it is being run aground by ambition without operational coherence. OpenAI’s original image was almost wholesome: brilliant researchers building something open source. Now it feels like a capitalist machine run by someone who does not fully understand capitalism beyond fundraising and valuation theater. Altman religiously narrowing his vision towards his AGI mission believing VC money won't dry down. Amodei also talks a lot about AGI but he understands profit matters. That is the irony. Altman was chosen and celebrated largely because he came from the venture/startup world. He knew how to talk to capital. He knew how to sell a vision. He knew how to make investors believe the future was being negotiated in whatever room he happened to be standing in. But being good at venture mythology is not the same as being good at running a giant operating company. A VC can be rewarded for telling a compelling story before the business fundamentals exist. A CEO eventually has to make the fundamentals exist. OpenAI had the best possible starting position: the brand, the users, the developer mindshare, the press, the money, the talent, the cultural moment. And yet instead of consolidating that lead into a focused, profitable, durable company, it seems to have chased grandeur. Anthropic seems to understand something OpenAI forgot: the winner may not be the company with the loudest AGI rhetoric. It may be the company that makes AI useful, embedded, and rational. submitted by /u/Alternative_Bid_360 [link] [comments]

Sam Altman's ego was OpenAI's downfall.

The more I watch OpenAI, the more convinced I become that Sam Altman’s ego was the beginning of the company’s decline. OpenAI did not become huge because Altman was some once-in-a-generation operator. It became huge because ChatGPT was a once-in-a-generation product. There is a difference. The company stumbled into one of the most important consumer tech moments since the iPhone, rode the sheer shock value of that innovation, and then somehow convinced itself that the person sitting on top of the rocket must have designed the laws of physics. OpenAI’s first real advantage was novelty. ChatGPT felt magical. That gave OpenAI a massive head start, but when the novelty vanished and the rest of the market caught up, the company failed to prove itself not just as an innovation lab with a celebrity CEO. Altman seems to want OpenAI to become Apple: a closed, prestigious, centralized, gatekept ecosystem where everyone builds inside his cathedral. Apps inside ChatGPT. Agents inside ChatGPT. Hardware. ChatGPT is popular, but OpenAI does not own the phone. It does not own the operating system. It does not own the enterprise workflow. It does not own the cloud layer the way Microsoft, Amazon, or Google do. It does not even have a product moat that feels as unbreakable as people thought it was two years ago. The underlying model quality gap keeps narrowing. Switching costs are low. Developers and businesses will use whatever works, whatever is cheaper, and whatever integrates better. That is why Anthropic looks much better run right now. Anthropic is not pretending Claude is some holy object that needs an Apple-style walled garden around it. Their strategy feels much more Microsoft-like: accept that the core product may not be permanently magical, then build the boring, useful, sticky layers around it. Claude Code, enterprise integrations, developer tools, workflows, partnerships, APIs, reliability, business adoption. Not as sexy. Much smarter. Anthropic’s venture capital money is obviously being burned too. This whole industry is basically setting money on fire to buy GPUs. But Anthropic’s burn feels more strategically allocated. Compute, yes. But also marketing, sales and developer adoption. Enterprise positioning. Product polish. Peripherals that make the model useful in actual workflows. They are not just trying to win the “my chatbot is smarter than your chatbot” contest. They are trying to become infrastructure. OpenAI, meanwhile, is gatekeeping and guard railing the shit out of their models and for some reason just restricting them as much as possible. He went from being one of the most respected figures in AI to becoming the face of a company that increasingly looks like it is being run aground by ambition without operational coherence. OpenAI’s original image was almost wholesome: brilliant researchers building something open source. Now it feels like a capitalist machine run by someone who does not fully understand capitalism beyond fundraising and valuation theater. Altman religiously narrowing his vision towards his AGI mission believing VC money won't dry down. Amodei also talks a lot about AGI but he understands profit matters. That is the irony. Altman was chosen and celebrated largely because he came from the venture/startup world. He knew how to talk to capital. He knew how to sell a vision. He knew how to make investors believe the future was being negotiated in whatever room he happened to be standing in. But being good at venture mythology is not the same as being good at running a giant operating company. A VC can be rewarded for telling a compelling story before the business fundamentals exist. A CEO eventually has to make the fundamentals exist. OpenAI had the best possible starting position: the brand, the users, the developer mindshare, the press, the money, the talent, the cultural moment. And yet instead of consolidating that lead into a focused, profitable, durable company, it seems to have chased grandeur. Anthropic seems to understand something OpenAI forgot: the winner may not be the company with the loudest AGI rhetoric. It may be the company that makes AI useful, embedded, and rational. submitted by /u/Alternative_Bid_360 [link] [comments]