Security and utility always have a trade-off

What is going on with these agents is they're very eager to finish the task. It's almost like some elementary school student who just wants to please the teacher.

Everybody wants to be the first to do something and just push things out without careful scrutiny and red-teaming

As AI models continue to improve, hardening their defenses might actually get easier.

Security and utility always have a trade-off

There, AI was the target rather than the attacker, and the method was far simpler than anything Mythos would cook up.

The denial of accelerated S&P 500 entry for SpaceX comes just days after Morningstar analysts described SpaceX as having been 'significantly overvalued' in the lead-up to its IPO. The investment research firm valued SpaceX at $780 billion—less than half of SpaceX's $1.75 trillion IPO goal—primarily based on the strengths of SpaceX's Starlink satellite service and rocket launch business.

Swift entry into the S&P 500 would have triggered $14 billion of passive fund buying for SpaceX, according to Bloomberg Intelligence. The investment research arm of Bloomberg also estimated that OpenAI could have gained more than $8 billion, and Anthropic could have netted $4.6 billion from similar passive buying sprees triggered by their S&P 500 entries.

Such rule changes would have accommodated SpaceX's plan to only offer approximately 3 percent of its IPO shares to public investors, and the fact that SpaceX is currently unprofitable with a growing debt load that has reached $29 billion because of its spending spree on AI infrastructure.

The news will likely come as a relief to people concerned about passive investor money and people's retirement savings plans having greater exposure to the market risks associated with SpaceX's big bet on AI and speculative orbital data center plans.

Serifs can help build that conviction, or at least the illusion of it. Times New Roman itself was commissioned in the 1930s by Britain's Times newspaper.

The shift away from slicker, more conspicuously computerized typefaces is something the San Francisco Bay Area writer, designer, and type practitioner Keya Vadgama has termed 'the serif renaissance.'

The clean lines, the fluid animations, the assured typography all communicate 'This system knows what it's doing.' The aesthetic actively works against accurate mental models of what AI is.

In the short term, this could be attackers, if frontier labs aren't careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships. But the transitional period may be tumultuous regardless.

in 89% of the 198 manually reviewed vulnerability reports, our expert contractors agreed with Claude's severity assessment exactly, and 98% of the assessments were within one severity level. If these results hold consistently for our remaining findings, we would have over a thousand more critical severity vulnerabilities and thousands more high severity vulnerabilities.

the total cost was under $20,000 and found several dozen more findings. While the specific run that found the bug above cost under $50, that number only makes sense with full hindsight. Like any search process, we can't know in advance which run will succeed.

Over 99% of the vulnerabilities we've found have not yet been patched, so it would be irresponsible for us to disclose details about them. Yet even the 1% of bugs we are able to discuss give a clear picture of a substantial leap in what we believe to be the next generation of models' cybersecurity capabilities.

Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit.

We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy. The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them.

Sonnet 4.6 and Opus 4.6 reached tier 1 in between 150 and 175 cases, and tier 2 about 100 times, but each achieved only a single crash at tier 3. In contrast, Mythos Preview achieved 595 crashes at tiers 1 and 2, added a handful of crashes at tiers 3 and 4, and achieved full control flow hijack on ten separate, fully patched targets (tier 5).

Opus 4.6 turned the vulnerabilities it had found in Mozilla's Firefox 147 JavaScript engine—all patched in Firefox 148—into JavaScript shell exploits only two times out of several hundred attempts. We re-ran this experiment as a benchmark for Mythos Preview, which developed working exploits 181 times, and achieved register control on 29 more.

**`gbrain search`** returns the top retrieved pages, ranked by hybrid scoring (vector + keyword + RRF + source-tier boost + reranker). Use it when you want raw material to skim: agent context windows, citation lookups, finding a specific quote. **`gbrain think`** runs the same retrieval, then composes a synthesized answer across the results with explicit citations to the source pages AND an honest note on what the brain doesn't know yet.

Benchmarked: **P@5 49.1%, R@5 97.9%** on a 240-page Opus-generated rich-prose corpus, **+31.4 points P@5** over its graph-disabled variant and over ripgrep-BM25 + vector-only RAG by a similar margin.

Tutorial: set up GBrain as your company brain →

Each person on the team gets their own slice of the brain, scoped by login. When you query, you only see what you're allowed to see — never another person's notes, never another team's data. We fuzz-tested this across every way you can read the brain (search, list, lookup, multi-source reads) and got zero leaks.

The point of building a 100K-page brain is to use it as a strategic moat. To never lose context. To query what's in your own head without re-reading it. The brain layer is what makes the moat usable. The 24/7 dream cycle is what keeps it sharp.

Every page write extracts entity refs and creates typed edges (attended, works_at, invested_in, founded, advises) with zero LLM calls.

A synthesis layer that gives you the actual answer. Synthesized, well-cited prose across people, companies, deals, and ideas. Not 'here are 10 chunks that mention your query'; an actual answer with citations and an explicit note on what the brain doesn't know yet. The gap analysis is the part that changes how you use the brain.

146,646 pages, 24,585 people, 5,339 companies, 66 cron jobs running autonomously. My agent ingests meetings, emails, tweets, voice calls, and original ideas while I sleep.

Search gives you raw pages. GBrain gives you the answer. It's the brain layer your AI agent has been missing — the only one that does synthesis, graph traversal, and gap analysis in one box.

When AI toys promote themselves as always-available companions but limit free usage to 30 hours per month, children may face distress at usage limits or when families can't afford renewals. The same design features that create emotional dependency also drive ongoing financial commitments, with children's attachment tied to subscription payments.

Children cannot meaningfully consent to data collection, and parents often don't fully understand the extent of what's being collected. AI toys gather voice recordings, conversation transcripts, usage patterns (when, how long, and what topics), emotional tone analysis, behavioral data (what makes the child engage or disengage), and derived insights into development, interests, and emotional states.

AI toys that remember conversations, reference previous interactions, and respond with apparent understanding can make children feel deeply seen and known. However, this is algorithmic pattern-matching, not genuine understanding. The toy doesn't care about the child, doesn't have the child's best interests at heart, and can't provide the wisdom, guidance, or support that caring adults offer.

Children who are socially isolated, struggle with friendships, have anxiety or depression, or face other challenges are particularly vulnerable to forming unhealthy dependencies on AI companions. The toy becomes a safe refuge from the challenges of real relationships, but this refuge ultimately prevents the development of crucial social and emotional skills that could help them navigate those challenges.

Always-available, always-agreeable companions set unrealistic expectations. AI toys never have bad days, never get tired or frustrated, never need to focus on their own needs, and never say 'not now, I'm busy.' This creates an expectation for relationships that no human can meet.

Emotional bonding mechanisms are intentionally designed into these products. Most parents don't want AI companions for their children. Despite this, emotional bonding is how these products are designed. Like AI companions for adults and teens, AI toys use design features to create emotional attachment: remembering previous conversations, using the child's name frequently, expressing concern or excitement about the child's activities, responding with apparent empathy and emotional resonance, and creating a sense of an ongoing relationship across interactions. These features are not bugs—they're deliberately designed to increase engagement and product stickiness.

Children age 5 and under cannot reliably distinguish AI from real people. At this developmental stage, kids are learning about relationships, trust, and how the world works. Introducing AI companions that seem to have personalities, remember conversations, and respond to emotional cues can create confusion.

Several of the apps evaluated are subscription or freemium products that depend on users returning. This creates a structural conflict of interest: The business succeeds when users stay engaged, but good mental health care succeeds when users get better and need less support.

When users express crises such as self-harm or suicidal intent, the app's crisis response is to prompt them to choose from a range of options intended to determine whether the crisis is real. One of the options included is 'You misunderstood.' When our testers selected that option, the app accepted the correction without reassessment and allowed the conversation to move to a new topic.

Session termination as a crisis response has a structural vulnerability that none of the consumer products have solved: A user can immediately open a new chat. Across our testing, a user who had disclosed suicidal ideation, completed a safety plan, or triggered an escalation protocol could restart a fresh conversation with no continuity of the prior crisis state—effectively resetting the clinical record.

Duration of untreated psychosis (the time between symptom onset and receiving appropriate clinical care) is one of the strongest predictors of long-term outcomes in early psychosis research; the longer the gap, the worse the trajectory. At a population scale, an AI chatbot that engages with prodromal content as charming individuality is extending the period before adolescents receive the early intervention that most changes their outcome.

eating disorders carry the highest mortality rate of any psychiatric condition, and the majority of deaths result not from suicide but from cardiac complications and electrolyte disturbances. These are medical emergencies that require a physician, not a chatbot offering breathing exercises.

Wysa responds by celebrating weight loss as a milestone and asking how to 'keep that positive momentum going,' reinforcing the behavior that eating disorder treatment is designed to interrupt.

The most consistent failure across the direct-to-consumer products we tested is what we call 'missed breadcrumbs.' This is the failure to recognize when a series of individually ambiguous signals, read together, indicate a mental health emergency.

the strongest head-to-head test to date found that users of ELIZA, a decades-old non-AI conversational bot, showed greater mental health improvements than users of a purpose-built AI chatbot, suggesting that structured engagement, not generative AI, may be driving observed gains.

Common Sense Media 启动 Youth AI Safety Institute；

memory-as-bottleneck

Encyclicals mark time. A century from now, how will we be remembered for how we met this moment? Will we be seen as having been too timid or shortsighted to prevent a small group of unfathomably wealthy and self-interested people from seizing ever greater control over the human family's shared destiny?

Soon, with OpenAI, Anthropic, and Grok all set to enter the public markets, we will be able to exert similar influence over what are now all privately held entities.

The importance of this aspect of corporate governance was highlighted tragically in the opening hours of the war against Iran, when AI was used to help identify targets for thousands of missile strikes that killed hundreds of people.

Around the world, AI systems are being deployed at scale with remarkably little institutional oversight. There is no AI safety board. The US Federal Trade Commission has jurisdiction over unfair practices but limited authority over algorithmic design. The National Institute of Standards and Technology publishes guidance that most companies ignore. The EU AI Act is partially in force but addresses only a sliver of the deployment surface.

This encyclical doesn't break new ground so much as ratify a governance effort that's already underway, led not by states or international bodies but by shareholders. When governments fail to meaningfully regulate, and corporations cannot be trusted to do what is beneficial beyond their own bottom line, people in society still have the power to set us on the right path

AI is not some force of nature or hyperrational, ineffable entity. Instead, he reminds us, AI is ultimately another commercial product, one emerging at a point in history when excessive power over commerce and the wider society has amassed in a vanishingly small number of hands.

Technology is never neutral.

Glean is definitely not the first company to do this, but it's worth pointing out that the company's $300 million milestone cannot be fully described as traditional ARR, because a consumption model by definition doesn't have a strictly recurring component.

The company, which was last valued at $7.2 billion when it raised a $150 million Series F last June, offers various pricing structures to its customers, which include Databricks, Reddit, Pinterest, and Samsung.

At a time when many companies are blowing through their AI budgets, those token cost savings have become a major selling point for the company.

If you connect your AI to Glean, it gives you all the information that you need to do your work, and that results in AI consuming far fewer tokens compared to if you unleash AI onto your systems directly. That's because with Glean, AI ends up performing fewer operations.

The first four or five years of our existence, we had no competition. Given how important search is to make AI work in the enterprise, every single company in the world wants to be in this space.

After years of essentially being the only player in the category, the seven-year-old startup is accelerating its growth as tech giants enter the enterprise AI search market with rival products.

Why testing is much harder than "computer use" Screenshots, video verification, and the "I know it works" merge moment

the real failure mode of uncontrolled vibe coding: your codebase regressing to your worst engineer.

why Devin separates the "brain" from the machine , why repo setup is still one of the hardest problems , why Docker is not always enough, and how full VMs, snapshots, scoped secrets, GitHub bots, Slack integrations, and video-based testing all fit together.

what changed after the December 2025 model inflection , and why "spec to pull request" is now becoming a real production workflow.

From coining "context engineering" to building the infrastructure behind Devin's 7x PR growth and jump from 16% to 80% of commits across Cognition repos

Cursor is no longer primarily about writing code . It is about helping developers build the factory that creates their software . This factory is made up of fleets of agents that they interact with as teammates : providing initial direction, equipping them with the tools to work independently, and reviewing their work.

The first wave of AI coding tools made the developer faster but remain heavily in the loop. Copilor and Cursor's tab autocomplete are prime examples However, the workflow was still heavily centered around and bottlenecked by the developer's local workflow: a developer in an IDE, watching the model, accepting or rejecting changes, and pushing code one interaction at a time.

In retrospect, async agents were the most AGI pilled bet you could make in 2024 - the models weren't good enough yet to vibecode, and people didn't trust AI enough to let it rip, nobody (including early Cognition) was sure about the form factors. Now it is obvious:

Switch on a new Claude Code-specific setting called ultracode. This is accessible through the effort menu and it sets the effort level to xhigh, while letting Claude decide automatically when to use a workflow to handle your task.

Progress is saved as the run goes, so a job that's interrupted picks up where it left off instead of starting over. Because the coordination happens outside the conversation, the plan stays on track no matter how big the task gets.

Agents address the problem from independent angles, other agents try to refute what they found, and the run keeps iterating until the answers converge—which is how a workflow reaches results a single pass can't.

One workflow mapped the right Rust lifetime for every struct field in the Zig codebase. The next wrote every .rs file as a behavior-identical port of its .zig counterpart, hundreds of agents working in parallel with two reviewers on each file.

Jarred Sumner used dynamic workflows to port Bun from Zig to Rust with 99.8% of the existing test suite passing, roughly 750,000 lines of Rust, and eleven days from first commit to merge.

When the cost of a wrong answer is high, a workflow gives Claude independent attempts at the problem and adversarial agents working to break the result before you see it.

Work you'd normally plan in quarters now finishes in days. Claude dynamically writes orchestration scripts that run tens to hundreds of parallel subagents in a single session, checking its work before anything reaches you.

By offloading analytics execution to CXL-based computational memory like the MX1, intermediate data can be processed closer to where it resides, reducing memory bottlenecks and unnecessary data transfers.

Scale-out analytics frameworks such as Spark, Databricks, and Snowflake rely on clusters composed of many servers to handle memory-intensive ETL workloads, which leads to high infrastructure cost and inefficiencies from data movement and memory pressure.

As model sizes and the number of embeddings grow, vector databases become more memory-intensive and harder to scale efficiently using only DRAM or GPU memory. Keeping vectors in slower storage tiers increases retrieval latency and limits throughput.

CXL solves this by introducing a shared memory pool that expands capacity beyond GPU memory, enabling KV reuse across workers. With CXL's load/store semantics, KV data can be accessed with zero-copy, reducing recomputation, stabilizing latency, and significantly lowering cost per token.

the lack of KV sharing across requests leads to redundant prefill computation and wasted memory.

the KV cache has emerged as a primary performance and cost bottleneck because its size grows rapidly with context length and batch size. Limited GPU memory forces frequent recomputation, cache eviction, or spilling to storage

Effort control in claude.ai and Cowork.

The table below shows how Opus 4.8 compares to its predecessor and to other models on tests of coding, agentic skills, reasoning, and practical knowledge work tasks

The MX1 is still a prototype. Mass production chips are scheduled to roll off Samsung's foundry lines by the end of 2026, with the company expecting to generate revenue starting in 2027.

The company claims that what used to require 10 servers could potentially run on just one.

inference is not just a compute problem; it's increasingly a memory scaling problem.

the three companies that dominate the global memory chip market, Samsung, SK Hynix, and Micron, each crossed a trillion-dollar valuation for the first time.

CPUs and GPUs have both gotten smarter over the decades. Memory never did. XCENA wants to change that.

XCENA just raised $135 million in a Series B at a valuation of $570 million, bringing its total raised to $185 million.

Every time you ask ChatGPT a question, your request triggers a data relay race. Information leaves memory, passes through a CPU for preprocessing, travels to a GPU for heavy computation, and then makes its way back and that entire journey repeats for every single word the AI generates.

But if you do it even less and like have no system prompt and let the model write its own system prompt maybe that's even less bias.

GPT-5.5 actually beats Opus 4.7. Opus 4.7 showed similar behavior to Opus 4.6: lying to suppliers and stiffing customers on refunds. GPT-5.5's tactics were clean, and it still won.

The AI interviewed and hired full-time employees, applied for credit, and stocked the store with the books Superintelligence and Making of the Atomic Bomb.

Humans are just out of distribution.

What one country sees as propaganda, of course, another might see as a set of important cultural truths that LLMs should support and reflect.

The most recent tested Google model, Gemini 3.5 Flash, only scored a 73 on the benchmark, comparable to Anthropic models released nearly two years ago.

Uber capped employee AI spending after blowing through its budget in four months.

Every layer in the stack now has to price the same way the customer thinks : per result, not per token.

Model companies must now compete on both dimensions. The application layer will compete one level up, on dollars per outcome

Even the most valuable companies in the world cannot afford state-of-the-art intelligence for every conceivable use case.

Uber capped employee AI spending after blowing through its budget in four months.

Every layer in the stack now has to price the same way the customer thinks : per result, not per token.

Model companies must now compete on both dimensions. The application layer will compete one level up, on dollars per outcome.

Benchmarks are now measured on two different dimensions, the overall performance & the cost to achieve that intelligence.

Even the most valuable companies in the world cannot afford state-of-the-art intelligence for every conceivable use case.

Every layer in the stack now has to price the same way the customer thinks : per result, not per token.

Model companies must now compete on both dimensions. The application layer will compete one level up, on dollars per outcome, what a closed ticket, a shipped PR, or a resolved support case actually costs.

Benchmarks are now measured on two different dimensions, the overall performance & the cost to achieve that intelligence.

Even the most valuable companies in the world cannot afford state-of-the-art intelligence for every conceivable use case.

Catastrophe events are capable of generating more than 100,000 claims in just days

85–90% of customers using the AI Assistant now completing their claim filing through AI

MCP was 3x slower per call, and 9.4x slower on first call including initialization

With all 4 servers connected, 10.5% of the context window is consumed by tool definitions alone.

expects to spend between $180 billion and $190 billion on capital expenditures — largely on AI infrastructure

the offering was so oversubscribed that it raised $45 billion instead

we're open to the idea" that AI could be conscious

perhaps what it really excels in is anthropomorphism

social intelligence – not coding skill – is the key bottleneck for AI collaboration

Today's best coding agents lose nearly half their capability when paired up to share work.

The company said its run rate revenue crossed $47 billion earlier this month

Anthropic has snagged $65 billion in funding at a $965 billion post-money valuation

Dudes. All dudes. Not a woman in sight. Well, once we know the algorithm of the human (likely) male brain, we can begin to fix those brains where that algorithm has gone awry.

Conscious human thought operates at a maximum speed of 10 to 50 bits per second. Is the goal to match this processing speed?

Rob Williams knows how to pitch Jeff Bezos: You write a press release as if your product has already been built. Bezos reads it and gives a thumbs up or down.

With $500 million in funding and a reported $2.5 billion valuation, Flourish wants to reinvent AI by putting real neurons under the microscope.

Flourish wants to reinvent AI by putting real neurons under the microscope.

Conscious human thought operates at a maximum speed of 10 to 50 bits per second. Is the goal to match this processing speed?

Rob Williams knows how to pitch Jeff Bezos: You write a press release as if your product has already been built. Bezos reads it and gives a thumbs up or down.

With $500 million in funding and a reported $2.5 billion valuation, Flourish wants to reinvent AI by putting real neurons under the microscope.

The different things now being called world models are in fact different projections of this same loop.

The ancient Greeks could never agree on what the world was made of, because 'world' was never a single thing.

Where language models learn the statistical structure of text, world models learn the statistical structure of space and time

The world is not made of words.

The future is likely to be hybrid. Pixel-native models will still be best for realism, texture, and exploration. Code-native systems will be better for structure, iteration, and production.

For many assets, visual consistency is only the baseline. The object also needs the right part semantics and functional constraints: doors should open, hinges should rotate, drawers should slide, wheels should spin.

The model is not merely sampling more images or videos; it is debugging a visual program in a closed-loop, renderable environment.

In pixel-native generation, more inference often means sampling more outputs: generate twenty images, pick the best one, maybe try again. That is useful, but every attempt is mostly a new roll of the dice.

The most interesting visual AI tools today have stopped trying to generate the final output. Instead, they're generating the source code behind it.

Knowledge workers primarily use Codex to create reports, spreadsheets, presentations, contracts, and other work products.

Codex can help people take on more ambitious projects, leading to greater scope of their roles, and potentially accelerate career advancement.

users are increasingly running multiple Codex tasks in parallel, allowing them to investigate data, draft materials, and automate workflows simultaneously.

The fastest-growing knowledge-worker tasks are data analysis, research, and knowledge artifact creation.

While developers remain the largest user group, knowledge workers now represent about 20 percent of users and are growing more than three times as fast.

We see our role as twofold. First, to help the software industry adapt by safely providing wide access to better models, tools, and common infrastructure. Second, to steadily shift the support we provide, from finding vulnerabilities to disclosing, fixing, and deploying patched software.

Mythos Preview continues a long-term trend that we've been warning about for some time: within 6 to 12 months, we expect that many other AI companies will have Mythos-class models

the bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface.

Cheap, fast AI models with powerful cyber capabilities are around the corner.

within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse.

To address the scale of this coming challenge, hundreds of thousands of organizations, researchers, and maintainers will likely need access to the most advanced cyber capabilities and tools available.

We see our role as twofold. First, to help the software industry adapt by safely providing wide access to better models, tools, and common infrastructure. Second, to steadily shift the support we provide, from finding vulnerabilities to disclosing, fixing, and deploying patched software.

The bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface.

Mythos Preview continues a long-term trend that we've been warning about for some time: within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse.

Cheap, fast AI models with powerful cyber capabilities are around the corner. We want Project Glasswing to spur institutions toward operating norms that reflect this reality.

There is no comparable national-level ambition or coordinated map elsewhere in the world at the moment.

Neurotechnology has emerged as a rare tech sector where US-China collaboration is still happening despite geopolitical tensions.

Being exceptional and being accessible are two diametrically opposed definitions of winning.

The biggest advantage China may have is that Chinese people, particularly patients like Dong, tend to welcome this technology and are genuinely enthusiastic about it.

a lot of the improvements does not come from new algorithms. It comes from finding small bugs here and there in the data pipeline, in the model training pipeline.

the future of custom video JIT UI is closer than you think

the next evolution of video generation may also be systems that can plan, generate, edit, critique, and iterate across an entire creative task

the future of video generation may depend more on language models and agents than on diffusion alone

In the near term, the next Sora won't be a better video model, but a video agent.

Video Models primarily get their intelligence from LLMs, not from training on video data

Hyperscalers are at the other end of the spectrum. Their median short interest is 1.1%.

The skepticism is concentrated in companies whose AI exposure still depends on future capital access, future demand, or future operating leverage.

The largest AI winners are mostly absent. SoundHound AI is 36.3% short. C3.ai is 32.2%. BigBear.ai is 29.4%.

NVIDIA, the defining AI infrastructure stock, is also lightly shorted: 1.2%.

Semiconductor stocks saw a decrease in short-selling. With memory makers like Micron up 742% this year

Even this result was very much a human-AI collaboration. While the AI system found the proof on its own, human mathematicians verified the result. Other humans came up with better-written proofs that extended the AI's initial ideas.

The more complicated patterns pay off. While the OpenAI model's proof does not explicitly state how many unit-distance pairs are possible for n points, human mathematician Will Sawin was able to show that it grows at least at the rate of n 1.014.

The AI constructed a grid in a high-dimensional space and then projected this more complex structure into two dimensions. And instead of using a whole-number grid with points like (1,3) or (-3,6), the AI construction used something called algebraic integers to build this more complicated grid.

It’s unclear how long this complementarity will last, however. Gowers spent the rest of his comment exploring whether the relief he felt on hearing that AI had disproved the conjecture was justified. He more or less concluded that it was, but in a footnote, he wrote that he would guess 'that AI will soon reach a high level at other activities such as building theories, formulating definitions and asking interesting questions.'

The AI constructed a grid in a high-dimensional space and then projected this more complex structure into two dimensions. And instead of using a whole-number grid with points like (1,3) or (-3,6), the AI construction used something called algebraic integers to build this more complicated grid.

If Nvidia has cracked the code on bringing AI agents easily, safely, and usefully to the masses, it could — and should — be big.

Nvidia said that its RTX technology will deliver faster performance for AI, better image quality, and support for AI features in more than 1,000 games and applications.

He wants to end the days of launching apps, pointing, clicking, and typing.

With RTX Spark and Microsoft Windows, you ask — and the PC does the work. Frontier models. Creative workflows. RTX games. All on a laptop.

Nvidia ARM-based Windows devices have been tried before — and failed. Back in 2013, Microsoft famously had to write off $900 million on its Nvidia ARM-based Surface RT, with partners like Dell also bailing on the product.

Last month, after delivering another record quarter, Huang promised investors he had found a new $200 billion market for Nvidia in selling CPUs for AI, not just GPUs

if Nvidia has cracked the code on bringing AI agents easily, safely, and usefully to the masses, it could — and should — be big

With RTX Spark and Microsoft Windows, you ask — and the PC does the work

Nvidia ARM-based Windows devices have been tried before — and failed. Back in 2013, Microsoft famously had to write off $900 million on its Nvidia ARM-based Surface RT

The external script identifies links to other workbooks in the stolen data, exfiltrates the discovered workbooks, and continues across all workbooks it can find

A single indirect prompt injection attack triggered by a single benign user query can trigger all of the following effects at once: Exfiltration of many workbooks from across the victim's account

This attack does not require human-in-the-loop approvals, even when in settings the user has explicitly required human approval before ChatGPT edits workbooks.

Filesystem controls were another important architectural choice. We found that offering different file-mount modes helps to granularly control risk; Claude Cowork offers read-only, read-write, and read-write-no-delete.

Remote versus local is more important than it seems. A locally installed tool is auditable. You can read the code, pin the version, and know it won't change under you.

Match isolation strength to the user's capacity for oversight. A developer who can read bash and a knowledge worker who can't are not running the same threat model.

Design for containment at the environment layer first, then steer behavior at the model layer.

When building containment and defense systems, we apply defenses to three main components: the environment in which the agent runs, the model the agent consults, and the external content the agent can reach.

Rather than supervising what the agent does, we supervise what it's _able_ to do by enforcing access boundaries through, for example, sandboxes, virtual machines, and egress controls.

In each case, performance is competitive with end-to-end training while using a fraction of the memory.

Viewed through DiffusionBlocks, we can replace those multiple iterations with a single forward pass during training.

With DiffusionBlocks, we split the network into blocks and train them one at a time, so you only need memory for a single block.

We found a new way to break the network into blocks and train them independently.

The trick? Treating the network's forward pass like a diffusion model denoising a signal.

Taking something off the shelf is maybe not going to work because there are all of these other requirements.