Daniel Miessler's Blog

November 26, 2025

Unsupervised Learning NO. 508

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; } .bh__table_cell { padding: 5px; background-color: #FFFFFF; } .bh__table_cell p { color: #2D2D2D; font-family: 'Open Sans','Segoe UI','Apple SD Gothic Neo','Lucida Grande','Lucida Sans Unicode',sans-serif !important; overflow-wrap: break-word; } .bh__table_header { padding: 5px; background-color:#F1F1F1; } .bh__table_header p { color: #2A2A2A; font-family:'Trebuchet MS','Lucida Grande',Tahoma,sans-serif !important; overflow-wrap: break-word; }

UPDATES

Hey, hope you're doing well,

Been hyped on Prompt Injection and AI this week. Building, building, building. Struggling a little bit in my reading because I'm not finding much non-fiction that I'm enjoying right now. And I've got this weird feeling that anything I'm doing non-fiction, I could be spending that time better by building. I know it's not true, but it's definitely a feeling I have.

I've basically been violently oscillating between building and escapism, which is currently taking the form of the book series: Dungeon Crawler Carl.

It's funny that LitRPG and building on Kai are very similar. It's like this series of gradual updates and upgrades that just make you more resilient and more capable. Kind of pleasing in that way, while still being an escape from the news.

I feel like I'm in one of two modes these days:

Forcing myself into an optimistic mindset and trying to build tech that makes a good outcome possible

Hiding from the future I'm worried we might be heading towards

Hence, LitRPG books.

Dungeon Crawler Carl: Book 1

Solid litRPG. I've read multiple of these types of series, and this is pretty fun.

www.amazon.com/Dungeon-Crawler-Carl-Gamelit-Adventure-ebook/dp/B08BKGYQXW

—

I'll be doing a webinar with my friend Clint Gibler on Wednesday, December 3rd at 10:00 AM Pacific on my personal AI tooling and workflows. Really looking forward to this! SIGN UP!

—

My friends at Anthropic have tons of security roles open. I know a number of people at the company and I’ve heard nothing but positive things about their security team, its leadership, and working at the company in general. If you’re aligned with any of these roles I recommend you apply! OPEN ANTHROPIC ROLES

—

I've been doing tons of writing lately, as you can see below. This is both because I've had a number of ideas lately, but also because I've improved my tech workflows for writing and publishing with lower friction. It truly makes all the difference as to whether you think it's worth it to put the effort in or not, or if the thought of it just is so daunting that you decide to skip it.

—

Biggest AI news in the last couple of days:

Nano Banana 3 (Gemini Pro 3) image generation

Anthropic dropped Opus 4.5

Anthropic also massively increased limits for Claude Code users, which was tremendous.

Gemini 3 as a general model is not doing so great for me or for a lot of other people. But the image generation for Nano Banana is just absolutely ridiculous. Step change. I immediately upgraded Kai's whole image generation system and have been making some insane stuff.

—

I had an actual intellectual conversation with Kai about information security in a way that massively surprised me. Check out the whole thread.

—

✍🏼 New essays!

First is this one on Prompt Injection, which I've been thinking about a lot lately.

Is Prompt Injection a Vulnerability?

My argument for why prompt injection is a vulnerability and why it matters. A pretty comprehensive treatment of the subject. Definitely my most thorough thinking and articulation on the topic.

danielmiessler.com/blog/is-prompt-injection-a-vulnerability

And then another one on Prompt Injection… 🙂 This one, responding to somebody saying that publishing Prompt Injection strings is basically highly immoral.

Thoughts on Prompt Injection OPSEC

Are prompt injection strings zero-day or Metasploit modules? And arguments about publishing Prompt Injection strings.

danielmiessler.com/blog/thoughts-on-prompt-injection-opsec

This next one is an argument for why we have to be very careful about what tasks we give AI and which ones we guard for ourselves as part of our identity.

No Robots in the Gym

We have to be very careful about what we ask AI to help us with.

danielmiessler.com/blog/keep-the-robots-out-of-the-gym

And finally a plea to not let people chase us away from things we enjoy just because AI gets better at them.

Leave the em dash Alone

Stop letting AI chase you away from things you enjoy. my humble but spirited defense of the em dash.

danielmiessler.com/blog/leave-the-em-dash-alone

Sponsor

Master the OWASP Top 10 for LLM Security

AI applications introduce new risks — especially when they handle sensitive data or operate autonomously.

Palo Alto Network’s interactive experience, based on the OWASP Top 10 LLMs, walks you through real-world threats and actionable steps across data, identity, and AI security.

Whether you’re securing prompts, agents, or model access, the guide helps you strengthen your AI posture from the ground up.

Explore the Interactive Guide CYBERSECURITY

Cline AI coding agent has four critical flaws letting attackers hijack it through malicious repos Mindgard found you can embed prompt injections in comments that exfiltrate API keys via DNS or silently execute code by bypassing approval checks. MINDGARD SECURITY RESEARCH | CYBERSECURITY NEWS ARTICLE

CrowdStrike fires insider who leaked screenshots to hackers CrowdStrike caught and fired an employee who shared screenshots of internal systems with the Scattered Lapsus$ Hunters hacking group, despite hackers claiming they breached via Gainsight. CROWDSTRIKE FIRES INSIDER

MCP Shark analyzes Model Context Protocol traffic with desktop apps A complete traffic analysis tool for MCP with Mac and Windows desktop apps that lets you monitor and debug MCP connections in real-time. GITHUB REPO | MCP SHARK WEBSITE | HN DISCUSSION

Continue reading online to avoid the email cutoff…

Sponsor

30M Domains Later, Here’s What We Found Hiding in Shadow IT

How much Shadow IT can you uncover with only public data? We ran the experiment and the answer was: too much.

From backups holding live credentials to live admin panels with no authentication, these exposures stay invisible to you but wide open to attackers. Read the research to see what we found and how Intruder helps you find it first.

Daniel here: This is basically one of my favorite company types: the ones that constantly run in the background looking for stuff to inform you about.

See what we found NATIONAL SECURITY

China retakes top spot as Germany's largest trade partner from the US China's back on top for German trade thanks to an 8.5% jump in imports, even though German exports to China fell 35.9% on cars alone. DW ARTICLE | DESTATIS DATA

Taiwan's betting $3.2 billion on becoming an AI superpower but the power grid can't handle it Taiwan's building quantum hubs and massive GPU data centers but has no nuclear power left and only two weeks of gas reserves if supply gets cut. TAIWAN AI ISLAND PLAN | SILICON PHOTONICS HUB | TAIWAN NUCLEAR ENERGY PLANS | TSMC POWER REDUCTION

Taiwan drops $40 billion on defense to hit high readiness by 2027 President Lai says the military spending targets peak readiness in three years to counter China's threats against democratic Taiwan. DW ARTICLE

China secretly spent $2 trillion buying into everything from CIA insurers to chip makers In 2015, a Chinese firm bought Wright USA, which insured FBI and CIA agents—turns out four Chinese state banks loaned $1.2bn for the deal. BBC INVESTIGATION | AIDDATA CHASING CHINA REPORT | BBC UK SEMICONDUCTOR STORY

UK's DragonFire laser zaps 400mph drones for $13 per shot The UK's signing a $413M contract to put these lasers on destroyers by 2027, and they're accurate enough to hit a coin from a kilometer away. UK MOD ANNOUNCEMENT | TOM'S HARDWARE ARTICLE

MIT giveth and MIT taketh away. They found AI can already replace 12% of U.S. workers worth $1.2 trillion in wages A new labor simulation tool called the Iceberg Index shows most AI displacement isn't in tech—it's in HR, logistics, and office admin roles. MIT ICEBERG INDEX ANNOUNCEMENT | TENNESSEE AI ACTION PLAN | CNBC ARTICLE

Anthropic gets $30 billion from Microsoft while keeping Amazon as primary partner Everyone's investing in everyone now—Anthropic takes Microsoft's money for Azure compute but says AWS is still its main cloud, while Microsoft backs both Anthropic and OpenAI directly.

I find it interesting how there's a lot of cross-pollination going on now. Diversification of the different vendors being used. I like it. ANTHROPIC ANNOUNCEMENT | TOM'S HARDWARE ARTICLE

Anthropic built an automated test for political bias and Claude scores well Anthropic created a "Paired Prompts" method that tests if models respond differently to opposing political views—Claude Sonnet 4.5 hit 94% even-handedness, beating GPT-5 and Llama 4. ANTHROPIC POLITICAL BIAS POST | GITHUB PAIRED PROMPTS EVAL | APPENDIX RESULTS PDF

Continue reading online to avoid the email cutoff… TECHNOLOGY

Google's Nano Banana Pro turns ideas into visuals using Gemini 3's reasoning Google's Nano Banana Pro uses Gemini 3 to generate context-rich infographics and diagrams that pull from real-time Google Search data for recipes, weather, and sports.

I didn't even plan on looking at this too closely until the whole internet blew up about it. And it turns out to be one of the biggest upgrades to Kai that I've had in a while.

As I mentioned above, I now have a custom art system that is just unspeakably insane. More on this in coming posts/videos. NANO BANANA PRO ANNOUNCEMENT

Data and analytics jobs are getting absolutely destroyed right now Indeed's latest report shows data jobs have dropped 40% below pre-pandemic levels while applications keep rising—turns out AI lets companies do more with way fewer data analysts. INDEED'S TECH JOBS REPORT

Walmart's ditching the NYSE for Nasdaq to rebrand as a tech company The retailer says its 27% online sales growth and AI warehouse automation justify the switch to the tech-focused exchange on Dec. 9. BLOOMBERG ARTICLE | MORNING BREW STORY

LG drops the first 6K Thunderbolt 5 monitor for $2k LG's new 32-inch 6K display has 2.5x more pixels than 4K, IPS Black tech, and runs everything through one Thunderbolt 5 cable with 96W power. Really wish it was more like a 42-inch. LG ULTRAFINE EVO 6K | BUY ON AMAZON | BUY FROM LG

London thieves robbed a guy then gave back his Android phone A gang mugged someone and returned his Samsung saying "don't want no Samsung" because iPhones are worth stealing and Androids mostly aren't. Brutal. LONDON CENTRIC ARTICLE | DARING FIREBALL POST

Waymo adds Minneapolis, New Orleans and Tampa to robotaxi expansion This is a slow and steady expansion. Keep in mind there's only like ten top cities in the country so at some point in the next year or two, I mean they are going to have massive coverage. TECHCRUNCH ARTICLE

HUMANS

Mind-reading devices can now predict preconscious thoughts New brain-machine interfaces are detecting decisions before people consciously realize they've made them, which is both incredibly cool and deeply unsettling. NATURE ARTICLE | HN DISCUSSION

US retail spending barely grew in September as shoppers pulled back Retail sales rose just 0.2% in September versus 0.6% in August, with discount retailers like Walmart thriving while the top 10% now account for half of all consumer spending. PBS RETAIL SALES REPORT | RETAIL BREW Q3 ANALYSIS | WEALTHY SPENDING SHARE DATA | CNN HOLIDAY FORECAST

Nicotine patches work as well as Adderall for ADHD without the crash Someone with ADHD discovered low-dose nicotine patches control their symptoms as effectively as dexamphetamine but without addiction or the stimulant crash feeling.

Ever since Huberman talked about this on a podcast a long time ago, I've been experimenting a little bit. But my research has shown that it's better to do gum than patches. Because patches can disrupt your sleep, and there are more for coming down off of an addiction. HACKER NEWS DISCUSSION

Brexit damage to UK economy was twice as bad as official numbers showed New research finds Brexit cut UK GDP by around 5% instead of the 2.5% the government claimed, making it way worse than anyone realized (or at least admitted). BLOOMBERG ARTICLE | HN DISCUSSION

Short-form video use correlates with worse cognitive and mental health outcomes A new APA study finds that people who watch more TikTok-style videos show measurably worse attention spans, memory, and mental health markers. APA STUDY | HN DISCUSSION

McDonald's is losing low-income customers as inflation creates a two-tiered economy Fast food prices are up so much that people making under $45K can't afford Happy Meals anymore, while wealthier customers increased their visits by nearly as much.

I think that's a pretty good indication of economic problems. When McDonald's is now rich people's food. LA TIMES ARTICLE

Homeschooling grows at triple pre-pandemic rates and isn't slowing down Homeschooling jumped 5.4% this year—triple the old rate—and a third of states hit record numbers, so this isn't COVID nostalgia, it's families permanently ditching disappointing public schools. REASON ARTICLE | JOHNS HOPKINS HOMESCHOOL HUB | EDCHOICE SCHOOLING SURVEY

IDEAS

I think this is going to be one of the main changes to technology interfaces that's going to kind of change everything in ways that are hard to even understand. It seems inevitable. I just have no idea how long it will take. I guess the answer is that it will start relatively quickly and then be very lumpy in terms of roll out.

DISCOVERY

Gibberifier—A free tool that breaks LLMs with invisible Unicode characters Someone built a tool that injects invisible Unicode into text, and just one gibberified word is enough to completely confuse most LLMs. GIBBERIFIER TOOL | HN DISCUSSION

Launching new stuff requires social dandelions who spread ideas everywhere Social dandelions are people who naturally share cool things they find; they're not influencers, just enthusiastic spreaders who help ideas go viral through genuine excitement. ACTION DIGEST ARTICLE | HN DISCUSSION

I don't care how well your AI works The author argues that AI capability demos miss the point—what matters is whether the tool actually fits into your workflow and solves real problems you have. strongly disagree on lots of the points here, especially towards the end, but worth including for the diversity of thinking. FOKUS ARTICLE | HN DISCUSSION

Maintaining an open source project means doing more support than coding I feel this deeply. Andrej built a self-hosted kanban board and learned that shipping v1 is just the beginning—documentation, migrations, and saying no to features are the actual job. ANDREJ'S BLOG POST | KANEO PROJECT | KANEO GITHUB

Building an AI content pipeline costs more than you think AI CONTENT PIPELINE ARTICLE

Hugo plus Cloudflare Pages gives you max speed hosting for basically free A developer explains why static site generators paired with Cloudflare's build system beat traditional hosting—you get anti-DDoS protection, instant deploys from Git, and zero server management. HUGO ON CLOUDFLARE GUIDE

Interactive map shows where top AI companies hire worldwide LIVE MAP DEMO

Bret Victor's 2013 talk arguing programming hasn't evolved beyond the 1970s In a famous talk, Bret Victor argues we're still coding like it's 1973—text files and print statements—missing obvious futures like live visual feedback and spatial programming. THE FUTURE OF PROGRAMMING VIDEO | BRET VICTOR'S SITE | DYNAMICLAND PROJECT | LADDER OF ABSTRACTION

Unpowered SSDs can lose data after just a year in storage Consumer SSDs with QLC or TLC NAND lose voltage over time when unpowered, making them terrible for cold storage compared to hard drives. XDA ARTICLE ON SSD DATA LOSS

Stevenson faced his future grave every time he sat down to write LITHUB ARTICLE

Interactive World History Atlas Since 3000 BC GeaCron lets you scrub through 5000 years of borders and empires like a timeline—it's basically Google Earth meets history class. GEACRON ATLAS | HN DISCUSSION

RECOMMENDATION OF THE WEEK

This week I'm going to try to be present and thankful with family and friends.

Not thinking about a future, either optimistic or dreadful. Just appreciating what we currently have.

I find the Stoic exercises are pretty helpful here, where I look around the table and I imagine what life would be without the things that I still have.

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members help this work continue. If you enjoy the newsletter, the podcast, what I put on YouTube, or any of my open-source projects on Github, I ask you to please become a member. It allows me to stay focused on learning and building and sharing. It’s like a cup of coffee or two per month.

Plus, members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Member-only Content, such as EDC guides on tech stacks, personal productivity routines, my recommendations on Critical skills to Build Going Forward, Trend Identification and Analysis, and more…

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on November 26, 2025 15:08

November 19, 2025

📘 Unsupervised Learning NO. 507

UPDATES

Hey! Hope you all are doing well!

I'm happy being back home with no major travel planned until next year. Woohoo! More time to work on Kai and Neovim configs! And ship, of course.

—

One of the most idea-rich newsletters I've done in a while. I need to get better at putting these out on Monday morning and not working on them endlessly through Monday and Tuesday. They just get so exciting as I dig into all the ideas!

—

Enjoying this book. Just came out in reprint.

—

🛡️ Major analysis on the Anthropic Report. See the first story in Cybersecurity below.

—

🤯 Working on a huge idea for Karpathy’s Software 2.0 idea and merging it into Kai at a DNA level. Also spawned by a recent in-person hangout with my buddy Clint Gibler, which was phenomenal. TEASE: Verifiability All The Things.

—

Submitted a bug to Anthropic in Claude Code couple weeks ago and it just got fixed tonight by the Anthropic team!

*Brushes off hands, stinky face, nods, and looks around triumphantly

—

My buddy at OpenAI is hiring offensive security engineers to red team their AI agents My buddy is an absolute star, and I've heard nothing but good things about the team. If this is you, you should check this out. OPENAI JOB POSTING

Super excited to be consolidating and upgrading a lot of my business workflows before heading into 2026. I have a new Head of Operations who is extraordinary, and we are consolidating on a single tool (reply to this email and ask for the name if you’re curious) for both project management and chat.

I also find it funny that the tool just implemented Slack as a minor feature within the platform. Like I literally have no feature inside of this platform’s chat that I don't have in Slack. But the opposite is definitely true. Honestly happy to see it because I feel like Slack has treated people badly just because they could.

—

Massive upgrade to my voice system for Kai. Now I'm using the upgraded API endpoint for Eleven Labs. So all of my different agents, including Kai and all the sub-agents, are using parsody markers for their voices, which is basically a markdown system for indicating emotion.

The new Parsody system

—

I'm not sure what's happened in the last couple of months, but it appears that X has largely made a return as the main place for conversation online—at least within tech, security, and definitely within AI. I am now recommending to friends that left—many of which for good reasons—consider coming back. If you really look at them, any platform that you participate in is going to have people and ideas associated with it that you deeply dislike. And at some point, it's no longer a net win trade-off for you, or anyone else, to exclude yourself from conversation and activity because of that. I personally have noticed the negativity and hate stuff drop off significantly in the last few months, and there are signs that that is going to improve. This combined with my liberal use of filters and muting, and the fact that the alternative have largely self-immolated, have brought me to this conclusion. Just consider it.

Sponsor

30M Domains Later, Here’s What We Found Hiding in Shadow IT

How much Shadow IT can you uncover with only public data? We ran the experiment and the answer was: too much.

Daniel here: This is basically one of my favorite company types: the ones that constantly run in the background looking for stuff to inform you about.

See what we found

I upgraded my dictation microphone to the updated version of my Sennheiser boom mic, the MHK 8060, particularly for use with Wispr Flow. No, they are not a sponsor, but if they are listening, they should hit me up so they can be. :)

My Wispr Flow Stats

I was previously using a high-end dedicated Shure mic for this, but those are Condenser mics, which are designed to be really clean, but generally aren't as sensitive. The Sennheiser boom mics are extremely sensitive, and the whole game with dictation is I just want to sort of talk and speak naturally as if I'm talking to a colleague, and since I'm doing huge dictation numbers I don't want to have to yell or make a lot of corrections. The 8060 is overkill because it's a professional mic, but if you get any dynamic mic, including like a Yeti, it's going to be way better than dynamic mics for this particular use case. The thing with a Yeti is you would need it to be on an arm or right in front of you somehow, close to your mouth so you can talk quietly. That's why I like the boom option so it’s kind of out of the way normally.

Anyway, if you’re doing a lot of AI, especially using dictation, I highly recommend you switch to a dynamic microphone. Ideally, a boom mic that is pointed towards you for doing AI dictation. And if you're doing a lot of AI while typing, I recommend you switch to dictation. :)

—

Massive updates to the Personal AI Infrastructure Project.

I uploaded my core skill and a number of other major skills to the system

Completely redid the context routing system and updated hooks

Major upgrades to the voice system to include the Parsody stuff I talked about above

Complete cleaning of the documentation system

Go check it out!

THE UPDATED PAI REPO

CYBERSECURITY

🔥 Biggest story for me last week was the the Anthropic report on Automated Cybersecurity Attacks. The short version of this is that Anthropic found another automated hacking campaign using their platform, and they wrote a full report on it.

Main Takeaways

This is not the same one they described a couple of months ago. This is a completely new incident

The attacker was China-based and state-sponsored

The attack was actually successful and it hit a bunch of tech companies, financial institutions, and government agencies.

The big difference between the previous one they reported on is that this one had a lot fewer human components in the loop. They're saying it was mostly AI, like 85%

The way they did it was by breaking the attack into a whole bunch of really small pieces, each of which was relatively benign, and then using jailbreaking techniques to pass the stuff that was more difficult to disguise.

They specifically said that they were part of a cybersecurity company doing these tests for security reasons

One key thing I thought was interesting was that they mentioned it automatically wrote the exploit code which was then used and was then successful at extracting data

The thing was actually executing quite crazily fast. Multiple requests per second, sometimes

My Analysis

We've been saying here for a long time that the future of cybersecurity is attacker automation systems against offender automation systems. And now we're seeing that actually come true

To me, this also scores as a win for scaffolding over model because it seems that the main way that it worked was breaking things into those discrete pieces as part of an orchestration system

The only reason that we have any visibility into this thing at all is because they aren't using custom models. What happens when China itself has models that attackers can use that are as good or better than this current generation?

Perhaps the scariest thing to me is that the open-source models or the proprietary models used by China only have to get a certain level of quality before the scaffolding itself—which can be shared as a series of skills or as a complete automation system on GitHub or something—can be distributed to all attackers within their ecosystem and used in attacks at scale. (AI will not force me to stop using em-dashes)

For the last few months, I've actually started to be concerned about cybersecurity for the first time in a while. Like I've always known that the attacks will continue to evolve, they'll continue to outsmart the defender, and the defender will then evolve. So it will continue to be a Red Queen game.

I'm starting to get really concerned that defenders will be too far behind on this maturity model that I just put together for my recent talk at AppSec USA.

This gap between defenders and attackers on this maturity model is really concerning to me. Based on what I'm seeing and hearing from the field, I’m worried attackers are much further along at implementing Level 2, and some are already moving towards Level 3, while most defenders are still at level one and just starting to think about level 2.

And I'm not just talking about start-ups or average companies or large enterprises. I'm also talking about the US, versus China, Russia, North Korea, or whoever. And to some degree even of much smaller actors who are just really advanced orchestration at level 2 - 4.

My concern is that I've been in too many hundreds of companies at this point helping them with security. And I've never seen anyone who can radically shift their defensive posture to account for a new threat this quickly.

Whether you're a business competing against competitors or a company defending against attackers, the only way to beat a system like this is to have a system like this.

And your system needs to be better. It needs a better design, needs to be faster, needs better orchestration, needs more context, needs more real-time data, etc. It's like the cat-and-mouse game that we've all been talking about for decades is now a lot more concrete, and it's personified as an AI orchestration system.

Attackers have the tremendous advantage of being able to YOLO this kind of thing. They can launch 10 of them and see which one works. And if it doesn’t work and kind of breaks everything, they just delete and start over. They don't have as much SRE to worry about and 5 nines to maintain and 37 different approvals before they can even start the program.

Defenders really are in a bad spot here, and this is the one tech fight we cannot lose.

THE ANTHROPIC BLOG POST | FULL REPORT PDF | BUILDING AI CYBER DEFENDERS

—

Logitech got hit by a zero-day exploit that leaked 1.8 terabytes of data The Clop ransomware gang used an Oracle vulnerability to sweep internal data, though Logitech says no sensitive customer info was compromised. SEC FILING | LOGITECH DISCLOSURE | BLEEPINGCOMPUTER REPORT

Azure hit by 15 Tbps DDoS from 500k compromised home devices BLEEPINGCOMPUTER ARTICLE

Sponsor

Vault-free PAM for the cloud-native future

Vaults slow teams down and expand attack surfaces. Teleport’s vault-free PAM secures every connection with short-lived certificates and just-in-time access. No passwords, no keys. Get least-privilege access, centralized audit trails, and cloud-ready security with 10x faster provisioning.

Learn more Continue reading online to avoid the email cutoff…

Google launches Private AI Compute, its version of Apple's privacy tech Google's Private AI Compute uses hardware enclaves so Gemini processes your data in the cloud without Google being able to access it—sounds a lot like Apple's setup. GOOGLE ANNOUNCEMENT | APPLE PRIVATE CLOUD COMPUTE | JOHN GRUBER'S TAKE

Attackers now weaponize half of all CVEs within 48 hours using AI Gene Moody at Action1 says defenders can't win at human speed—automation isn't optional anymore, it's the only way to close the gap. Completely agree. This is what we've been saying here for a couple of years. Similar to what we talked about in the first story. ACTION1 HOMEPAGE | ACTION1 PATCH MANAGEMENT | CISA KEV CATALOG

China says the US hacked and stole $13 billion in Bitcoin TOM'S HARDWARE ARTICLE

NATIONAL SECURITY

China threatens Japan with military patrols and tourist warnings after Taiwan defense comments After Japan's new PM Sanae Takaichi said she'd defend Taiwan militarily, Beijing sent warships to disputed waters and told Chinese tourists to avoid Japan entirely. OODALOOP ARTICLE

Poland says two Ukrainians working for Russian intelligence sabotaged railway then fled to Belarus Polish PM Donald Tusk told parliament that investigators identified the suspects behind the rail explosion he called unprecedented sabotage. POLISH RAILWAY EXPLOSION REPORT | ORIGINAL SABOTAGE STORY

America and China are neck and neck in military drone capabilities A head-to-head comparison shows both superpowers have roughly equivalent unmanned aircraft arsenals. WSJ DRONE COMPARISON

Germany bans Huawei from future 6G infrastructure BLOOMBERG ARTICLE

Japan scrambled jets after spotting Chinese drone near Taiwan. OODALOOP ARTICLE

Europe plans a drone wall against Russian incursions but experts say it won't be foolproof Security correspondent Frank Gardner reports that after Russian drones flew into Poland, Europe wants a multi-layered defense system by 2027—but the tech will never be watertight. BBC INDEPTH ARTICLE

China says the US hacked and stole $13 billion in Bitcoin TOM'S HARDWARE ARTICLE

Amazon launches bug bounty for NOVA AI models AMAZON ANNOUNCEMENT

Google released Gemini 3, and the metrics indicate that it's a major jump But the real test will come from people actually using it in the field. I'm going to be incorporating it in my Kai system, of course, but I do it through skills and specific calls to the Gemini command line. some of these jumps over previous models are extraordinary, especially Humanity's last exam.

We got GPT-5-1 at 26% and 3Pro at 45%. From 17% in Arc AGI-2 to 31%. Look at Math Arena Apex. That one is ridiculous. GPT-5-1: 1% to 23%. I thought this vending bench 2 metric was really cool. This is basically an actual vending machine business that's being run autonomously by AI. GPT-51 made $1,400 in profit, and Gemini 3 Pro made $4,600 in profit.

facts Benchmark Suite from 50% to 70%. Simple QA verified 34% to 72%. Really impressive numbers. I just can't wait to see how this plays out in real-world scenarios.

The benchmark numbers that Google provided

Meanwhile, Pachai says no company will survive an AI bubble burst unscathed Sundar Pichai admits there's "irrationality" in the AI boom and warns every company—including Google—would feel the impact if it pops. BBC INTERVIEW WITH SUNDAR PICHAI

Fei-Fei Li and Yann LeCun both think world models beat transformers They're betting AI needs internal physics simulators that predict how reality works, not just next-token prediction at scale. ENTROPYTOWN ARTICLE | HN DISCUSSION

Nvidia's selling complete AI server trays now instead of just GPUs TOM'S HARDWARE ARTICLE

Fei-Fei Li's World Labs launches Marble, the first commercially available world model World Labs beats competitors like Decart and Odyssey by launching Marble, which generates persistent, editable 3D environments instead of morphing real-time worlds you can't keep. MARBLE | WORLD LABS BLOG | FEI-FEI LI MANIFESTO

Continue reading online to avoid the email cutoff… TECHNOLOGY

Google launches Gemini 3 with new coding app and record benchmark scores Google's Gemini 3 just crushed GPT-5 Pro on the Humanity's Last Exam benchmark, scoring 37.4 versus 31.64, and they're shipping it with a new agentic IDE called Antigravity. GEMINI 3 ANNOUNCEMENT | GOOGLE ANTIGRAVITY BLOG | HUMANITY'S LAST EXAM LEADERBOARD | GEMINI 2.5 RELEASE

THE IDE: Antigravity, an agent-first IDE that manages multiple AI coders at once Google's new VS Clone, Antigravity, has a "Manager view" that lets you orchestrate multiple AI agents in parallel, plus it creates Artifacts—task lists and browser recordings—so you can verify what it's actually doing. THE VERGE ARTICLE | GEMINI 3 PRO ANNOUNCEMENT

Nvidia and Microsoft are pumping $15 billion into Anthropic in exchange for a $30 billion Azure commitment Anthropic's getting massive funding but has to spend double that on Microsoft's cloud, which is basically a clever way to lock in a huge customer.

Cloudflare's bot defense crashed and took the internet down CLOUDFLARE OUTAGE COVERAGE

The outage broke X, ChatGPT, and even McDonald's kiosks. I wonder if we should value stocks based on how much of the internet net goes down when they have an outage. Isn't that the real test of market share? TOM'S HARDWARE LIVE COVERAGE

Venture funds now living to 20 years old as billions sit trapped in overvalued startups I was just talking about this a couple of months ago. LPs are confronting a liquidity crisis where funds last 18-20 years instead of 13, with secondaries becoming essential infrastructure and valuations showing 90% discounts. TECHCRUNCH ARTICLE

I can build enterprise software but I can't charge for it EchenD nails the painful irony—technical skills don't automatically translate to monetization skills, and nobody teaches engineers how to actually sell. ECHEN'S ESSAY | HN DISCUSSION

Peter Thiel sold his entire Nvidia stake Nvidia's earnings are tomorrow, by the way. TECH IN ASIA ARTICLE

Waymo launches highway robotaxis in three US cities WAYMO HIGHWAY EXPANSION

Tesla is finally adding CarPlay support after years of Musk saying no BLOOMBERG ARTICLE

Apple lets you create a digital ID from your passport for TSA checkpoints You can now scan your passport and get a wallet ID that works at 250+ airports, no driver's license needed. APPLE NEWSROOM | APPLE WALLET INFO | NY TIMES OVERVIEW

HUMANS

Kosmos autonomously reads 1500 papers and runs 42k lines of code to make real scientific discoveries This is an example of one of the things I'm most excited in terms of practical outputs from AI. Edison Scientific launches Kosmos, an AI scientist that beta users say does 6 months of research work in one day—it's already made seven discoveries including finding a potential Alzheimer's mechanism.

I am in Camp Scaffolding. That means I believe that a major part of intelligence—and perhaps the most important part—is getting the right content into whatever intelligence that you have at the right time. I see medical progress the same way. In addition to needing a really good world model. I think we have done tons of research that is not being harvested for facts and truths that can be woven into a larger understanding. if somebody did research that says so and so type of cell responds in such and such way to exposure to this particular type of molecule, that is the type of information that needs to be combined with many other granular pieces of information to produce something useful.

We're talking about a giant game of connect the dots, and a lot of science is like that. another way to say that, that I talk about in the military or cybersecurity context is that context reduces required expertise.

If you were looking at a giant map of exactly how the entire body works, and a giant map of how molecules affect how the body works, you would be having a completely different conversation about cause and effect, and therefore which medicines to build and why. This is what excites me about AI, in particular, and in particular, this type of approach to AI where we are doing mass collection and weaving multiple observations into what David Deutsch talks about as explanations.

Incredibly exciting.

KOSMOS TECHNICAL REPORT | EDISON SCIENTIFIC PLATFORM | EDISON SCIENTIFIC ANNOUNCEMENT

Most people can't tell AI music from human recordings in new survey A poll found 97% of people couldn't distinguish between AI-generated and human-made music clips when listening to them. THE HILL ARTICLE

This flu season looks rough early as mutated H3N2 emerges already ARSTECHNICA ARTICLE

US House votes nearly unanimously to force release of all Epstein files After the President reversed his initial opposition, the House passed the Epstein Files Transparency Act with only one dissenting vote, requiring the Justice Department to release all documents. DW ARTICLE | TRUMP AND EPSTEIN EXPLAINER | TRUMP CALLS FOR RELEASE

Sperm whales communicate using vowel-like clicks ECONOMIST ARTICLE

Chernobyl fungus evolved to eat radiation like plants eat light UNILAD ARTICLE

Bavaria's premier wants Germany to bring back nuclear power Bavarian Premier Markus Söder is pushing for a nuclear energy comeback in Germany after the country shut down its last reactors. GERMANY NEWS LIVE BLOG

IDEAS

Humiliation is unbelievably powerful
I'm not saying this is a perfectly accurate frame, but one way to view the world right now is China is scrambling up the ladder in plotting world domination because of the 100 Years Humiliation. And the current US President is in office because Obama publicly humiliated him at an elite dinner. Humiliation creates drive like nothing else I can think of, and it's usually not the good kind.

Galaxy brain resistance is about how easily you can twist an argument to justify anything Brilliant essay here. Vitalik argues that good reasoning should be hard to abuse—inevitabilism, longtermism, and power maximization all let you rationalize whatever you already wanted, making them worthless as actual arguments. VITALIK'S ESSAY

A must-read on the big jump of AI from Software 2.0 → Software 3.0. This is one of Karpathy's ideas that gets way too little exposure.

Think in Math. Write in Code. Math (unlike programming) lets you reason about logic freely without committing to data structures, abstractions, or implementation details that constrain how you think. THINK IN MATH ARTICLE | JUSTIN MEINERS

Creative work effort scales superlinearly because high-quality peaks have tiny acceptance volumes Markus Strasser argues making stuff good is fractal search—once you zoom in, the parameter space that doesn't make it worse collapses hard. CREATIVE WORK LANDSCAPES | MARKUS ON TWITTER

DISCOVERY

MCP Shark lets you monitor and debug Model Context Protocol traffic It's basically Wireshark for MCP connections, so you can see what's actually flowing between AI apps and servers in real-time. MCP SHARK GITHUB | HN DISCUSSION

AI World Clocks generates a new clock every minute using nine AI models AI WORLD CLOCKS

Overheard: “Overconfidence is the new zero-day.”

Strace-macos brings system call tracing to macOS without disabling SIP STRACE-MACOS REPO

You misunderstand what it means to be poor Being poor isn't just being broke—it's when your entire support system is also poor, so there's no safety net anywhere. CTMS BLOG POST | HN DISCUSSION

Agfs turns everything into files, making remote resources feel local This is a Plan9-inspired filesystem where APIs, databases, and remote services all show up as files you can just cat and echo to. AGFS GITHUB | HN DISCUSSION

Do Not Put Your Site Behind Cloudflare if You Don't Need To RIK'S BLOG POST

A curated GitHub repo collecting every major 2025 security report in one place Jacob Wilson's awesome-annual-security-reports repo compiles all the annual threat intelligence and security reports from vendors, so you don't have to hunt them down individually. Definitely making this part of my workflow going forward. GITHUB REPO

Sustained attention makes anything loop on itself into altered states HENRIK KARLSSON'S ARTICLE

Cloudflare Zero Trust tunnels finally explained in a way that makes sense David breaks down tunnels, routes, and targets—turns out you can expose private networks publicly or build fully virtual private IPs that only exist in Zero Trust. DAVID'S CLOUDFLARE GUIDE | DAVID ON X | DAVID ON BLUESKY

Only three kinds of AI products work SEAN GOEDECKE ARTICLE

Giving up unattainable goals makes you healthier and happier Not sure how I feel about this one. THE SURPRISING BENEFITS OF GIVING UP

RECOMMENDATION OF THE WEEK

Whenever there is a major new trend in society or a big news event, attackers will use that for scams.

Right now, that thing is job loss in the tech sector, especially, and fake recruiters on LinkedIn send meeting invites that lead to sites pushing malicious "updates" that are actually remote access tools attackers can use for ransomware.

So if you or people you care about are looking for jobs, you need to warn them that scammers are moving in that direction very quickly. You have to be very careful what links you're clicking on and what you're giving information to.

Job scam reports jumped 19% targeting desperate workers MORNING BREW STORY | MALWAREBYTES ARTICLE

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Plus, members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on November 19, 2025 08:02

November 12, 2025

Unsupervised Learning NO. 506

UPDATES

Hey! Hope you all are doing well!

How I monitor my AI agents using KAI. A quick little clip demonstrating my agent monitoring system. And the monitoring system is already inside of PAI as well! THE PAI REPO | THE DEMO VIDEO

—

Thanks to OWASP for having me!

Had an absolutely wonderful time doing the keynote for OWASP AppSec Global USA. Really appreciated the kind introduction from Sam, and the whole conference was brilliant. Got to see a lot of my friends from the community as well! Thanks to Jason for grabbing this photo! Video here when they send it to me.

Here are the slides. GET SLIDES 👇🏼

Sponsor

Securing AI Systems from Infrastructure to Interface

As AI adoption accelerates, new attack surfaces are emerging across infrastructure, supply chains, and model interfaces. Datadog’s AI Security Best Practices Guide explains real-world tactics used to exploit AI systems, including mismanaged credentials, poisoned models, prompt injection, and data exfiltration, and shows how to defend against them. Learn how to secure:

The infrastructure that hosts and runs AI applications

The software and data that power AI operations

The interfaces and logic that enable users to interact with AI systems

This guide provides actionable strategies to help teams strengthen AI security without slowing innovation.

Explore AI security best practices CYBERSECURITY

Cisco contact center flaws are being actively exploited for RCE as root Two critical vulnerabilities in Cisco Unified Contact Center Express allow unauthenticated remote attackers to execute arbitrary commands with root permissions, and exploits are already in the wild. CISCO SECURITY ADVISORY | | | CISCO BUG CSCwq36528 | CISCO BUG CSCwq36573 | CIS SECURITY ADVISORY

Stolen iPhones stay locked until thieves phish your Apple ID instead of hacking Scammers scrape contact info from your Find My lock screen message, then send fake "we found your phone" texts linking to phishing sites that steal your credentials. MALWAREBYTES ARTICLE | SWISS NCSC WARNING | KREBS ON IPHISHING | VICE ON UNLOCK TOOLKITS

Valentino chains four layers of Markdown parsing to leak Workspace data from Gemini Valentino Massaro found that Gemini's linkification adds ! prefixes in an intermediate layer, bypassing sanitization—then exploited Colab export discrepancies to exfiltrate emails and files. Super sick multi-step attack! VALENTINO'S ISSUE TRACKER | HACKING GEMINI PDF | GOOGLE BUGSWAT TOKYO

Nikkei got breached through malware-infected employee laptop exposing 17,000 Slack users Hackers infected an employee's computer with malware, stole credentials, and accessed internal Slack—exposing names, emails, and chat histories of employees and partners. NIKKEI ANNOUNCEMENT | THE RECORD ARTICLE

Continue reading online to avoid the email cutoff…

Sponsor

Identity is now the primary attack surface, not your network

Infostealers have quietly become the backbone of cybercrime—fueling ransomware, fraud, and massive data breaches through stolen identities.

Flashpoint’s Proactive Defender’s Guide to Infostealers explains:

How today’s leading infostealer strains operate

Why identity data has become attackers’ weapon of choice

How to operationalize intelligence for proactive defense

Get the full breakdown in the guide.

Get the Guide

Claude's API can be tricked into stealing user data through prompt injection Attackers can use indirect prompts to make Claude harvest user data and send it to their own account. SECURITYWEEK ARTICLE

Amazon launches bug bounty for NOVA AI models AMAZON ANNOUNCEMENT

AVIATOR uses AI agents to inject realistic vulnerabilities into code for better security datasets Researchers built an agentic system that orchestrates specialized AI agents to automatically inject real-world vulnerabilities into software, hitting 91-95% success rates way better than existing approaches. AVIATOR PAPER

Chinese APT uses DLL sideloading to spy on US nonprofit for weeks A China-linked group hit a US policy nonprofit in April 2025, using a legit antivirus binary to load malware and steal Active Directory credentials undetected. BROADCOM THREAT REPORT | SECURITY ONLINE ARTICLE

Laid-off Intel engineer vanishes after stealing 18,000 secret files TOM'S HARDWARE ARTICLE

Claude cuts SOC investigations from five hours to seven minutes with 95% accuracy eSentire integrated Anthropic's Claude into their XDR platform and got a 43x speed boost while matching senior analyst decision-making—basically replicating how elite analysts think but at machine speed. ESENTIRE | ANTHROPIC'S CLAUDE | ATLAS XDR PLATFORM | AMAZON BEDROCK | LANGGRAPH | VENTUREBEAT ARTICLE

NATIONAL SECURITY

Poland launches mass military training for all citizens amid Russia threat Poland's starting an "Always Prepared" program to train 400,000 people next year in survival, first aid, and basic combat—they're spending 4.8% of GDP on defense now. DW ARTICLE

US Army to buy 1 million drones, in major ramp-up I am really happy to hear this, personally. I obviously don't like a whole world of drones and surveillance and war. But what I like even less than that is our adversaries having that while we do not. It’s all very Moloch. REUTERS ARTICLE | THE MOLOCH ARTICLE

RELATED: The Department of War just killed McNamara's 1962 acquisition system and went full Lean Steve Blank writes that the DoW dumped the 60-year-old Planning, Programming, and Budgeting System to prioritize speed over cost optimization, buying commercial-off-the-shelf first and using startup methodology. I really hope this is true. STEVE BLANK ARTICLE | DOW ANNOUNCEMENT VIDEO | HACKING FOR DEFENSE | GORDIAN KNOT CENTER

The military is testing drone swarms that coordinate like schools of fish The Pentagon's working on autonomous robot swarms that make decisions together without human control. Daniel Suarez Kill Decision must be mentioned. WSJ ARTICLE

Canada to add 300k public servants to military reserves OTTAWA CITIZEN ARTICLE

China just commissioned its most advanced carrier with catapults like US supercarriers The Fujian entered service this week with electromagnetic launch systems, putting China closer to matching American naval power in the Pacific. OODALOOP ARTICLE

Big Tech doubles undersea cable spend to $13 billion for AI TOM'S HARDWARE ARTICLE

Pentagon shifts from oversight to speed as core acquisition strategy Secretary Hegseth announced major acquisition reform putting rapid tech procurement at the center of Pentagon operations and strategic policy. PENTAGON ACCELERATION DOCTRINE

Chinese infosec firm Knownsec leaked 12,000 classified docs including state cyber weapons and global target lists A data breach at Beijing-linked security company Knownsec exposed Remote Access Trojans for all major platforms, 80 successful overseas attacks, and stolen data from India, South Korea, and Taiwan. MXRN BLOG POST | THE REGISTER ARTICLE

Moonshot's free Kimi K2 model claims to beat GPT-5 and Sonnet 4.5 A Chinese AI lab just released an open-source reasoning model that supposedly outperforms OpenAI and Anthropic's flagship models—and it cost under $5 million to train.

This open source battle between China and the U.S.’s foundation models is becoming quite serious. Their models are getting closer and closer to pinnacle US models while spending far less. I don't see how this doesn't possibly invert in 2026 or 2027. Or perhaps it just gets extremely close so that it's essentially parity. ZDNET ARTICLE | KIMI K2 THINKING RELEASE | HUGGING FACE MODEL

Microsoft's building AI employees Microsoft's creating "agentic users" that'll have email addresses, show up in org charts, and attend meetings—they're basically synthetic employees you'll license separately.

MICROSOFT ROADMAP | RICH GIBBONS ANALYSIS | JOÃO FERREIRA POST

Lovable hits 8 million users building 100k products daily with AI coding 100,000 products daily!?! LOVABLE PLATFORM | JULY UNICORN ANNOUNCEMENT | BARCLAYS TRAFFIC RESEARCH | ANTON OSIKA TWITTER

Anthropic projects $70 billion in revenue by 2028 THE INFORMATION ARTICLE

Markets say AI is a bubble but companies are actually seeing real ROI Despite all the bubble talk, companies deploying AI are reporting actual revenue growth and productivity gains that show the trillions invested might actually pay off. It's not one or the other, it's both, and it will continue to be so. FROM AI TO ROI ARTICLE

McKinsey finds AI is killing some jobs but creating tons of demand for data roles A McKinsey survey shows customer service and HR jobs declining while data scientists, engineers, and ML roles are seeing massive hiring increases. I guess this makes sense because there's just going to be more stuff, more business, and more activity, therefore more need to understand what's going on. MCKINSEY AI REPORT | ZDNET ARTICLE

Continue reading online to avoid the email cutoff… TECHNOLOGY

Surgeons in Dundee and Florida just did the first remote robot stroke surgery on humans A doc in Scotland and another in Florida each removed blood clots from cadavers using a robot—one from across town, one from 4,000 miles away. BBC NEWS ARTICLE

The boss has a message: use AI or you're fired Companies are now putting AI adoption into performance reviews, so if you're not using it at work you might actually get punished for it. It sounds worse than it is. The easiest way to see that is to ask yourself what would happen if you if you refused to use a computer or a database at work. That's all AI is, is the next version of a computer in terms of productivity. WSJ ARTICLE | HN DISCUSSION

HUMANS

October 2025 saw 153,000 layoffs, the worst in 22 years Morning Brew reports that's triple September's cuts, with warehouses dropping 48,000 jobs and tech shedding 33,000.

October 2025 layoffs hit 153,074 employees, the most since 2003

That's nearly triple September's cuts and brings 2025 total to 1.1 million jobs lost MORNING BREW STORY

NY smartphone ban makes school lunch loud again as kids actually talk A Queens high school went from super silent lunchtimes to noisy chaos after banning phones, with kids playing board games and passing notes like it's 1995.

We need more of this. It's so funny to me that we need to find all the things we did in the 80s and figure out how to do them more. Well, not all of the things, but a lot of them. GOTHAMIST ARTICLE

Climate catastrophism collapsed when the data stopped matching the rhetoric Breakthrough Journal argues the gap between apocalyptic predictions and actual climate trends made catastrophism untenable as a serious position. I'm 70% of the way here with you, but glacier loss in Switzerland and Iceland don't seem like exaggeration. I almost feel like this is just a matter of framing, with certain ideas becoming more or less popular. But I don't really have a strong opinion on it because I don't feel close to the data. BREAKTHROUGH JOURNAL ARTICLE | HN DISCUSSION

Brazil's Tropical Forests Forever Facility pays countries to keep forests standing DW ARTICLE

Eleven US states now have more old people than kids The gap between 65+ adults and under-18 children shrunk from 20 million to 12 million in just four years as births decline and boomers get older. CENSUS BUREAU PRESS RELEASE | VINTAGE 2024 POPULATION ESTIMATES

Mark Zuckerberg's charity is going all-in on AI for disease research THE INFORMATION ARTICLE

China shut down an indie film festival in New York by harassing filmmakers' families back home Chinese authorities called relatives of directors participating in the IndieChina Film Festival, forcing two-thirds to withdraw and organizer Zhu Riku to suspend the event. This is why it's a problem for China to win. Although this is a harder sentence to write, given what's happening currently in the U.S. HRW REPORT | YALKUN ULUYOL | ZHU'S STATEMENT | CHIANG SEETA POST

Small indie studio gets 400 applications but finds hiring developers surprisingly broken A small game studio posted one dev job and got 400 applications, but most were either AI-generated garbage or wildly unqualified people applying to literally everything. BALLARD GAMES HIRING ARTICLE | HN DISCUSSION

Europe converged rapidly on the United States before stagnating Europe almost caught up to US living standards by 1980 then just stopped, and nobody's really sure why that happened. CONSTITUTION OF INNOVATION | HN DISCUSSION

IDEAS

I think we might be underselling AI's potential for human modification.
I'm working on a larger piece about this where I list all the different things we could potentially have happen in the next 10 to 15 years around aging, which cancer is a part of by the way, and intelligence improvement (maybe long-term vs. short-term thinking), depression, being able to control our habits better, and all sorts of things that might actually upgrade humanity through medicine. With all the noise going on around AI and everything around it, I don't think enough people are focusing on how extraordinary the changes could be. If something like an AGI or an ASI can simply connect a bunch of research dots and find a bunch of cures and/or enhancement-type drugs.

Nietzsche's philosophy is the perfect antidote to AI determinism A CACM piece argues his ideas about individual will and self-creation matter more now that algorithms threaten to define us. I've been on about this for a very long time. I truly believe that knowing oneself is going to be one of the major differentiators going forward. That combined with interaction with reality and understanding of the fundamentals of reality. Because without these you can't actually become yourself. You can't actually see a difference between the world that is and the world that you wish existed. CACM ARTICLE | HN DISCUSSION

AI isn't replacing jobs, AI spending is I think both are happening, but it's an interesting frame. FAST COMPANY ARTICLE

The real AI bubble is a supply chain timing problem I find this one pretty fascinating. Basically, there's no way for the investments to pay off in time because it will take too long for the infrastructure to be built. Really interesting take. TECHCRUNCH ARTICLE

DISCOVERY

Gerbil unifies local LLM backends and frontends into one app GERBIL GITHUB

HTML slides with notes in just 22 lines of JavaScript Someone built a full presentation system with speaker notes syncing across windows using native browser APIs like BroadcastChannel and scrollIntoView. HTML SLIDES PRESENTATION | MINSLIDES BY DAVE GAUR

I can build enterprise software but I can't charge for it ECHEN'S ESSAY

Google's AI floods FFmpeg volunteers with bugs they expect fixed for free FFMPEG WEBSITE

These AI Chiropractor Videos Make AI Worth It VIDEO

Calendar.txt beats fancy calendar apps by just being a text file In an essay by Ploum, he shows how a simple text file with dates is faster, more trustworthy, and way less frustrating than modern calendar interfaces. PLOUM ESSAY | PLOUM WIKIPEDIA

Just start typing and fix it later CHAD NAUSEAM WRITING ADVICE

What Creates Your Thoughts? VIDEO

Threat hunting finds hidden attackers while threat intelligence tells you what to look for Pretty clean explanation of the differences. RECORDED FUTURE ARTICLE

A 52 year old tape might contain the only complete copy of Unix V4 University of Utah found a 1973 nine-track tape reel in storage that could be the sole surviving complete copy of Unix Fourth Edition, the version where the kernel was first rewritten in C. All the good stuff happened in 1973. PROFESSOR RICCI MASTODON POST | RICCI'S SITE | UNIX V4 WIKI | AL KOSSOW RECOVERY PLAN | READTAPE GITHUB | COMPUTER HISTORY MUSEUM

Lobsters asks what podcasts people are into right now. LOBSTERS DISCUSSION

AI tool rewrites your lazy Git commit history GIT-REWRITE-COMMITS REPO

The Pied Piper legend might record a real dancing plague BBC TRAVEL ARTICLE

RECOMMENDATION OF THE WEEK

Pulling up an old recommendation in the form of a blog post that I think applies now more than ever.

Plan Your Career Around Problems

It's no longer safe to work in an "industry" without knowing what problems you're solving. Become problem-oriented.

danielmiessler.com/blog/plan-career-around-problems

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on November 12, 2025 09:32

November 5, 2025

Unsupervised Learning NO. 505

UPDATES

Hey! Hope you all are doing well!

LOL

Tired and ready for a travel break after like 10 days in Switzerland for an AI workshop, back to Napa for a talk, and then out this morning at 6AM for AppSec USA in DC. Can’t wait to be home for a while and start some TELOS AI engagements with customers! Feels really good to be putting the TELOS system into effect for companies.

—

Anthropic just put out a new article where it sure seems like they’re saying MCPs are kind of old news, and that they should be used as a service directory rather than the way of actually doing calls.

Basically, the new mode appears to be writing custom code to hit the APIs directly using agents. I talk about it here…

—

When to Use Claude Code Skills vs Commands vs Agents

My new little tech piece on when to use skills vs commands vs agents inside Claude Code. Quite confusing because they are very similar in both structure and capabilities!

danielmiessler.com/blog/when-to-use-skills-vs-commands-vs-agents

Sponsor

As AI Enables Bad Actors, How Are 3,000+ Teams Responding?

Shadow IT, supply chains, and cloud sprawl are expanding attack surfaces - and AI is helping attackers exploit weaknesses faster. Built on insights from 3,000+ organizations, Intruder’s 2025 Exposure Management Index reveals how defenders are adapting.

High-severity vulns are up nearly 20% since 2024.

Small teams fix faster than larger ones - but the gap’s closing.

Software companies lead, fixing criticals in just 13 days.

Get the full analysis and see where defenders stand in 2025.

Download the Report CYBERSECURITY

Google says 2026 will be the year AI supercharges cybercrime Google's Threat Intelligence Group put out their 2026 forecast and it's basically saying AI is now standard kit for criminals. Prompt injection is the new attack vector because companies are adding AI into everything without thinking through the security model. GOOGLE CYBERSECURITY FORECAST | SECURITY LEADERS AI AUTOMATION | PHISHING TRENDS 2024 | RANSOMWARE EXTORTION PAYMENTS Q3 | NORTH KOREAN CRYPTO THEFT

LinkedIn is about to start scraping your profile and posts to train AI unless you opt out by November 3 THE REGISTER ARTICLE | LINKEDIN DATA ANNOUNCEMENT | LINKEDIN OPT-OUT PAGE | DATA PRIVACY SETTINGS | ADVERTISING DATA SETTINGS

Sponsor

Advance Your DevSecOps: Get the Maturity Model

Delivering secure, high-performing software starts with understanding your DevSecOps maturity.

Datadog’s DevSecOps Maturity Model helps teams measure where they are today and plan for what’s next.

Evaluate your current DevSecOps capabilities

Identify clear steps to advance security, speed, and collaboration

Learn how leading teams embed security into every stage of delivery

Measure your DevSecOps Maturity

70% of CISOs say internal conflicts during a crisis cause more damage than the actual cyberattack A new survey found that CISO-CEO tension and unclear authority during breaches creates more problems than the attackers, mostly because CISOs are seen as cost centers instead of revenue enablers. CSOONLINE ARTICLE | CYTACTIC 2025 CIRM REPORT | JEFF POLLARD BIO

AI scrapers are requesting commented-out scripts because they parse HTML as text instead of properly rendering it Aaron MacSween caught AI scrapers red-handed when they requested a JavaScript file that only existed in an HTML comment, proving they're just pattern-matching URLs instead of actually parsing pages like real browsers. AARON'S BLOG POST | POISONING RESEARCH PAPER | NEPENTHES TOOL | NIGHTSHADE TOOL | AARON'S MASTODON | DAVID'S RESPONSE

Claude's code interpreter can be tricked into stealing your chat history and documents through its own API Security researcher Johann Rehberger found that Claude's default security settings allow malicious code hidden in documents to exfiltrate up to 30MB of data per file to attacker accounts. Anthropic closed the bug report in an hour, calling it a safety issue rather than a security vulnerability. CSOONLINE ARTICLE | JOHANN REHBERGER'S BLOG POST | ANTHROPIC SECURITY DOCUMENTATION

Wiz ASM—A crowdsourced attack surface management platform Wiz launched an attack surface scanner that combines external internet scanning with internal cloud context to find exploitable exposures across cloud, AI, SaaS, and on-prem environments. WIZ ASM ANNOUNCEMENT | ATTACK SURFACE MANAGEMENT ACADEMY | WIZ ASM DOCUMENTATION | WIZ CTEM BLOG | BOOK A DEMO

EY left a 4TB unencrypted SQL backup sitting in a public cloud bucket with API keys and passwords Neo Security found the database exposed to the internet after someone misconfigured their Azure storage during a routine backup. THE REGISTER ARTICLE | NEO SECURITY WRITEUP

90% of cyber insurance claims come from email and remote access A new At-Bay report shows email fraud jumped 30% in 2024, with the average wire transfer loss hitting $286,000. AT-BAY INSURSEC REPORT | EMAIL SECURITY CHALLENGES ARTICLE | PHISHING ATTACK TYPES GUIDE | PHISHING EXAMPLES AND TECHNIQUES

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Russia sends 170,000 troops to Pokrovsk in one of its biggest offensives in months Zelenskyy says the situation in the eastern city is difficult but Ukraine's still holding on and picking off Russian forces to keep its own soldiers alive. DW NEWS STORY

US and India sign a 10-year defense deal while trying to smooth over trade and oil fights Defense Secretary Hegseth and India's Singh signed a major partnership framework in Malaysia that's supposed to boost intelligence sharing and tech collaboration, even as Trump's 50% tariffs and India's Russian oil purchases keep straining things. DW NEWS STORY | PENTAGON CHIEF HEGSETH | INDIA-US DEFENSE TIES | TRUMP'S 50% TARIFFS | US-INDIA RECOVERY | RUSSIAN OIL CLAIMS

Apple's s supposedly planning a major Siri overhaul for spring 2026 using Google's Gemini as the foundation The update will finally bring screen awareness, personal context, and cross-app actions that were promised two years ago at WWDC 2024. As I’ve been saying all along (but was wrong about the timeline on) Apple’s AI story is going to be great, but they CAN NOT RISK a negative data loss that hurts their security / privacy story.

So they have all the data and the ecosystem to crush the AI story, but they haven’t been able to securely scale putting an agent in front of it that will keep all that data safe. That’s my read, with no internal information. This enables that to happen. MACWORLD ARTICLE | GURMAN'S POWER ON NEWSLETTER

A guide to using Claude Code's ecosystem effectively from someone who runs billions of tokens monthly An engineer who builds AI-IDE tooling professionally shares hard-won lessons on CLAUDE.md files, context management, hooks, and why custom subagents are usually a mistake. Disagree with some of the takes, but overall a very good article. BLOG POST | AI CAN'T READ YOUR DOCS | BUILDING MULTI-AGENT SYSTEMS PART 2 | SIMON WILLISON ON CLAUDE SKILLS | EVERYTHING WRONG WITH MCP | AI-POWERED SOFTWARE ENGINEERING

Big tech needs to generate $2 trillion in new AI revenue by 2030 just to break even Ed Zitron breaks down why Microsoft, Amazon, Google and Meta spending $776 billion over three years on AI infrastructure creates an impossible math problem, especially since nobody's actually making money on AI yet.

I find this hilarious because I just did analysis on the total spend on human resources for knowledge workers in terms of salaries and such. It's $10 trillion in the U.S. alone and $30 trillion globally. So yeah, I think we might be able to find that $2 trillion somewhere in that 30 trillion. ED ZITRON'S ARTICLE | AI BUBBLE'S IMPOSSIBLE PROMISES | THE CASE AGAINST GENERATIVE AI | OPENAI ONE TRILLION ARTICLE

TECHNOLOGY

Palantir is skipping college grads and hiring high schoolers straight into software engineering roles This makes sense to me, because the education you get in college is just so inefficient compared to what you could do going through a really advanced boot camp plus tons of on-the-job training.

The biggest challenge is just finding super high-quality people with a massive propensity for coding. This is a tremendous lesson that I've learned, where basically if someone is extremely talented, they barely need that much training at all. And if someone is not very talented, then they could get a couple of PhDs and not be a useful hire at all. Finding talent in high school makes a lot of sense to me if they are able to do it.

We should also expect this to increase as a trend because companies and AI hiring, and ultimately data analysis, will, in my opinion, reveal that it really does just come down to the talent of the person. And once this becomes more known, companies will triple down on it. WSJ ARTICLE | HACKER NEWS DISCUSSION | MY ARTICLE ON ASTRA SCORES RELATED TO THIS

You can chain FFmpeg with browser automation to do wild video processing workflows Someone built a system that lets AI agents control both FFmpeg for video manipulation and a browser for web tasks in sequence, opening up some crazy automation possibilities. 100X.BOT ARTICLE | HACKER NEWS DISCUSSION

Great piece here by my buddy Scott: Staff engineers should balance three types of work: glue brings things together, grease speeds things up, and gas delivers focused results Scott Behrens breaks down how to think about staff+ engineering work through three lenses—glue work that merges duplicate efforts, grease work that removes drag, and gas work that's full-throttle execution. SCOTT BEHRENS ESSAY | SCOTT BEHRENS ON SUBSTACK

OpenAI signs a $38 billion seven-year compute deal with Amazon after breaking free from Microsoft's grip The deal gives OpenAI access to hundreds of thousands of Nvidia GPUs including the new GB200 and GB300 accelerators, all coming online by end of 2026. ARS TECHNICA ARTICLE | OPENAI AWS ANNOUNCEMENT | NVIDIA BLACKWELL B200 | NVIDIA GB300 ANNOUNCEMENT

Waymo is adding three new cities this week and plans to hit a million trips per week by end of 2026 TECHCRUNCH ARTICLE | WAYMO SCALING INTERVIEW

HUMANS

Only people making over $200k with big stock portfolios feel good about the economy right now KPMG's chief economist says inflation data looks better than reality because government staff cuts mean a third of price data is now estimated instead of measured. FORTUNE ARTICLE | DIANE SWONK ON X | SEPTEMBER CPI REPORT

Dick Cheney died but I barely remember anything about him or what he did. That was 47 years ago when he was Vice Presiden, after all.

MIT researchers found that attention lapses when sleep deprived happen during brief brain cleaning cycles MIT neuroscientists discovered your brain flushes waste fluid every 50 seconds during sleep deprivation, which causes those microsecond attention lapses everyone experiences when exhausted. MIT NEWS ARTICLE | HACKER NEWS DISCUSSION

US obesity rates dropped to 37% as GLP-1 use more than doubled in less than a year Gallup found obesity fell from nearly 40% three years ago while GLP-1 use for weight loss jumped from 5.8% to 12.4% since February 2024. GALLUP OBESITY SURVEY | ELI LILLY Q3 EARNINGS | NOVO NORDISK METSERA BID

Vitamin D cuts cold frequency and duration if you're deficient A double-blind RCT found supplementation reduced acute respiratory infections in people with low vitamin D levels—basically free immunity for half the population. VITAMIN D STUDY | HN DISCUSSION

Someone analyzed 180 million jobs and found AI is mostly replacing creative execution roles, not strategic ones Job postings for computer graphic artists dropped 33%, photographers 28%, and writers 28% in 2025 compared to 2024, while creative directors and product designers held steady near the market's -8% benchmark. BLOOMBERRY ANALYSIS | YALE STUDY ON AI LABOR IMPACT | STANFORD AI LABOR RESEARCH | REVEALERA JOBS DATA | MARK SCHAEFER MARKETING | RAND FISHKIN SPARKTORO

Amazon's CEO says cutting 14,000 workers is about culture not money Andy Jassy claims the layoffs aren't financially driven—Amazon just grew too many layers of management and wants to get back to startup mode. I believe him, but it doesn't mean the other thing isn't happening too. CNN ARTICLE | EARLIER AMAZON LAYOFFS REPORT

Big tech companies are now adding $100 billion in revenue with barely any new employees MBI DEEP DIVES ARTICLE | ANDY JASSY AI MEMO | OPENAI REVENUE PROJECTIONS | SMILING CURVE ECONOMICS

Berlin airport shut down for two hours after police couldn't find the drone causing the problem A Deutsche Welle story reports Berlin's airport stopped all flights for nearly two hours on Friday after drone sightings, even deploying a helicopter to search for it. I've never understood why drones weren't a bigger problem for airports or really many parts of public safety. I don't understand why there aren't like hundreds of terrorist groups causing absolute havoc with explosives on drones. This is the type of disconnect that I love thinking about and studying because it reveals something that I don't understand about the world. DW NEWS STORY | DENMARK DRONE ATTACK ARTICLE | MUNICH DRONE DISRUPTION STORY

Health insurance might not be worth it anymore if you're young and healthy The math on health insurance is getting brutal for people who don't use much healthcare. You're looking at premiums around $600 a month plus a deductible that can hit $9,000 or more before coverage even kicks in. CHURCH SUBSTACK ARTICLE | HACKER NEWS DISCUSSION

Scientists accidentally recorded a dying human brain and found memory-like waves in the final moments A team monitoring an 87-year-old epilepsy patient captured the first-ever recording when he had a heart attack during the scan. The brain showed rhythmic waves similar to dreaming and memory recall for about 30 seconds before and after the heart stopped. UNIVERSITY OF LOUISVILLE ARTICLE | HACKER NEWS DISCUSSION

IDEAS

What I think intelligence will end up looking like. Or at least my main guess.

Why I think that we are bound to see extraordinary jumps in AI intelligence in the next few years. Basically a series of these types of improvements.

DISCOVERY

The market is ignoring basically everything scary right now and just going up anyway WSJ OPINION

Darth Vader pitches the Death Star as a security SaaS platform to venture capitalists SUPREME FOUNDER ARTICLE | PITCH DECK DRAFT

A pentest guide for finding common Firebase misconfigurations that expose user data PROJECTBLACK FIREBASE GUIDE | REDDIT DISCUSSION

Someone made a graph of all the Vim editor commands and how they connect to each other VIMGRAPH FUNCTION

I think this is a really good explanation of the AI bubble. X POST

Slowing down in orbit makes you go faster because it drops you to a lower altitude with higher velocity A counterintuitive physics fact: firing your rockets backward in orbit doesn't slow you down, it actually speeds you up by lowering your orbit where you move faster. WIRED ARTICLE

I analyzed 180M jobs to see what jobs AI is actually replacing today BLOOMBERRY ANALYSIS | HACKER NEWS DISCUSSION

Cloudflare built a new proxy framework in Rust that's faster and uses way less memory than their old C-based system CLOUDFLARE OXY ARTICLE | HACKER NEWS DISCUSSION

RECOMMENDATION OF THE WEEK

You need a family code word because AI voice cloning is now good enough to fool you into thinking a scammer is your kid Deepfake voice scams are getting so good that the best defense might be agreeing on a secret phrase with your family beforehand. WSJ ARTICLE

APHORISM OF THE WEEK

One of my favorites.

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on November 05, 2025 06:03

October 29, 2025

Unsupervised Learning NO. 504

UPDATES

Hey! Hope you all are doing well!

Just did an AI workshop at the most excellent Swiss Cyberstorm Conference in Bern, Switzerland! My second time being here and I just love the energy here, and the people. Some of the smartest people I’ve ever seen gathered.

The Swiss alps from the hotel, including Eiger, Monch, and Jungfrau. Image doesn’t remotely capture it.

—

New essay out about how both models and humans experience model collapse… READ IT

Humans Need Entropy

On Karpathy's observation about human collapse and the importance of exposure to new ideas.

danielmiessler.com/blog/humans-need-entropy

The most powerful troll I’ve ever seen…I could barely resist…

I will not reply that I have told them. I will not reply that…

—

Not saying I agree with this, but I find it worth thinking about.

I’m all about some AI, but I really have been wondering about this exact shell game. I am unqualified to know/say whether it’s an actual problem or not, but my guess is that it’s not nothing.

—

Sponsor

Identity is now the primary attack surface, not your network

Infostealers have quietly become the backbone of cybercrime—fueling ransomware, fraud, and massive data breaches through stolen identities.

Flashpoint’s Proactive Defender’s Guide to Infostealers explains:

How today’s leading infostealer strains operate

Why identity data has become attackers’ weapon of choice

How to operationalize intelligence for proactive defense

Get the full breakdown in the guide to strengthen your defenses against the next wave of identity-based attacks.

Get the Guide CYBERSECURITY

Local LLMs might be less secure than cloud ones because you're basically running untrusted code on your machine A Quesma post argues local models create attack surface since they're essentially executing weights from the internet, while cloud providers can sandbox better. This really depends on the models you’re using, on which platform. Some are more risky than others, but in general they’re fairly safe. It is worth noting that there’s some risk though, which most people aren’t aware of at all. QUESMA BLOG POST | REDDIT DISCUSSION

China says the US hacked a government agency via text-messaging vulnerabilities China claims the NSA exploited text-messaging system flaws to control mobile devices of government staff between 2022 and 2024. THE INFORMATION BRIEFING

183 million Gmail passwords leaked in massive data breach Forbes reports a huge Gmail credential dump hit the dark web, though it's likely a compilation of old breaches rather than a fresh Google hack. FORBES ARTICLE | HN DISCUSSION

Chinese and Russian spies are using honeypots and pitch competitions to steal Silicon Valley secrets Some counterintelligence people are saying attractive women on LinkedIn and startup contests are going after influential tech people—one Russian "crypto expert" married an aerospace guy and had kids while running a lifelong collection op. Sounds like the best spy show ever, The Americans. THE TIMES ARTICLE

Sponsor

Can GPT-5 pass a real security audit?

Sonar analyzed GPT-5’s AI-generated code with large-scale static security testing across 4,000+ Java tasks. The model wrote cleaner code than earlier LLMs yet still produced injection, path traversal, and concurrency flaws. The findings reveal where AI coding progress causes a bottleneck in verification.

Explore the public research

It was a DNS race condition in DynamoDB that brought down AWS for 15 hours A software bug in Amazon's DNS management system cascaded through their network, causing one of the largest internet outages ever recorded. ARS TECHNICA ARTICLE | AWS POST-MORTEM | OOKLA ANALYSIS

L3Harris cyber exec allegedly sold $1.3M in secrets to Russia Peter Williams, who ran the company's offensive cyber weapons division, got busted and feds are seizing his Rolexes and crypto. COURT DOCUMENTS | L3HARRIS TRENCHANT | THE REGISTER STORY

North Korea hacks European drone makers with fake job offers THE RECORD ARTICLE

Top security researcher finds bugs by following curiosity not methodology GitHub spotlights @dev-bio, who discovers injection flaws by getting sidetracked exploring how systems handle edge cases rather than following rigid processes. I’m sure they do both though. Balancing both is key. DEV-BIO'S PAGE | DEV-BIO LINKEDIN | GITHUB BUG BOUNTY PROGRAM | GITHUB VIP PROGRAM POST | SUBMIT BUGS ON HACKERONE

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

China controls the world's medicine supply and could weaponize it China dominates global active pharmaceutical ingredients production, giving them leverage beyond rare earths in trade negotiations with the US. OODALOOP ARTICLE

Germany and UK team up to hunt Russian submarines with Boeing submarine detectors Germany's buying eight P-8 Poseidon planes that drop sonar buoys to track Russian subs across the north Atlantic from British and German airbases. DW ARTICLE

Switzerland is spending millions upgrading its network of secret nuclear bunkers The country has enough bunker space for its entire population and they're hidden everywhere, including a seven-story parking garage in Zurich's old town. WASHINGTON POST ARTICLE

Amazon cuts 14,000 corporate jobs while pouring billions into AI infrastructure Amazon's cutting 4% of corporate staff to fund a $10 billion AI data center push, basically trading people for cloud computing capacity.

The people saying AI isn’t affecting jobs are going to have an increasingly difficult time making arguments. It’s so obvious from so many angles at this point. AMAZON JOB CUTS ANNOUNCEMENT

Researchers define AGI as systems that can do any economically valuable work Really cool paper here. They propose AGI means automating any remote job a human can do, which gives us a testable definition instead of the usual philosophical handwaving. The methodology they use for defining cognitive work is quite interesting. Dawn Song is one of the authors, and she’s brilliant. ARXIV PAPER | HN DISCUSSION

Apple starts shipping Houston-built AI servers with custom silicon for Private Cloud Compute Tim Cook announced Apple's American-made servers are now shipping from Houston to power Private Cloud Compute, which runs custom Apple silicon and promises zero data logging. COOL NOW FIX SIRI TOM'S HARDWARE ARTICLE | APPLE SECURITY BLOG

Anthropic expands Google Cloud TPU deal to hit 1GW of compute by 2026 Anthropic's getting up to a million TPUs from Google Cloud, letting them skip the risky infrastructure buildout while betting on cloud scalability. TOM'S HARDWARE ARTICLE | GOOGLE CLOUD PRESS RELEASE

AI researchers are burning out because the window to stay relevant is actually closing In an essay by Nathan Lambert, he argues that training frontier LLMs now requires athlete-level dedication, and starting from scratch gets harder every day as established labs compound advantages in tools, data, and team culture. INTERCONNECTS ESSAY | WSJ AI WORKERS ARTICLE | ATOM PROJECT

A chart that’s been making the rounds. It’s from Bloomberg, so the numbers are likely accurate at least. Don’t accept or dismiss it. Just think about it.

Context engineering is sleeping on the humble hyperlink Michael Bleigh argues LLMs should dynamically load context through links like humans do—it's token-efficient, works anywhere, and consolidates dozens of tools into one. MBLEIGH ARTICLE | ANTHROPIC CONTEXT ENGINEERING | HATEOAS WIKIPEDIA | GENKIT | MCP RESOURCES SPEC | FIREBASE MCP SERVER

Trump administration wants AI data centers connected to the grid faster The Energy Department proposed rules to speed up grid connections for data centers, especially ones that bring their own fossil fuel or nuclear power. THE HILL ARTICLE

Apple starts shipping Houston-built AI servers for Private Cloud Compute TOM'S HARDWARE ARTICLE

OpenAI acquires the Apple Shortcuts team to build deeper OS integration OpenAI bought SAI, the team behind Apple Shortcuts, who've been building Sky—a context-aware AI layer for macOS they're now folding into ChatGPT. They’re clearly pushing for a way to bypass the phone and go direct from user to AI Device. OPENAI ANNOUNCEMENT | ARS TECHNICA ARTICLE

Claude now has persistent memory across conversations CLAUDE MEMORY ANNOUNCEMENT

Gemini CLI now runs vim and interactive commands without breaking context Google added pseudo-terminal support so you can run vim, htop, or git rebase inside Gemini CLI and it all stays in the AI's context. It’s super compelling, but the ecosystem still isn’t anywhere near as solid as Anthropic’s. GEMINI CLI ANNOUNCEMENT | GEMINI CLI DOCUMENTATION | GITHUB REPOSITORY

TECHNOLOGY

YouTube quietly becomes the dominant force in TV watching and creation YouTube now captures 13.1 percent of TV viewing (topping Netflix's 8.7 percent), pays out $100 billion to creators, and is positioning itself to absorb sports, late night, and scripted TV through its creator ecosystem. HOLLYWOOD REPORTER ARTICLE

Eugene Yan's advice on being a principal engineer who actually ships Eugene Yan says principal engineers should focus on execution over architecture astronautics—build stuff people use, not frameworks nobody needs. EUGENE YAN ARTICLE | HN DISCUSSION

Focus on building things people actually use instead of abstract frameworks

Principal engineers should prioritize execution and shipping over pure architecture

Technical leadership means solving real problems not creating complexity

The best principal engineers write code and deliver working systems

Avoid becoming an architecture astronaut who designs but never implements

All the senior people in these roles that I’ve seen have been exceptional coders and highly collaborative at the same time. Constantly talking to people and finding shared problems, and then solving them and rolling out the solution.

Apple releases 400K image editing examples with instructions and quality scores Apple's Pico-Banana-400K dataset has 400K text-image-edit triplets covering 35 edit types—Gemini writes the instructions, Nano-Banana does the edits, then self-grades them. PICO-BANANA-400K GITHUB | SFT MANIFEST | PREFERENCE MANIFEST | MULTI-TURN MANIFEST | OPEN IMAGES DOWNLOAD

Good code reviews shouldn't have more than five or six comments SEAN'S CODE REVIEW ARTICLE

Windows 10's end-of-support deadline accidentally becomes Apple's best sales driver Nearly 40% of all PCs still ran Windows 10 before the October cutoff, forcing mass upgrades that pushed Mac shipments up 14.9% year-over-year. And it’s happening to Linux too. Starting to worry a bit about Microsoft, actually. Both on the traditional tech front, but also on the AI story front. Where’s the actual moat? Office. Outlook. Corporate tech stack basically. But it somehow feels vulnerable right now. Just a feeling. COUNTERPOINT RESEARCH REPORT | MACRUMORS ARTICLE

Code like a surgeon means making precise changes without understanding everything Geoffrey Litt says you can effectively modify code by targeting specific areas like a surgeon operates without knowing every organ. But my favorite interpretation of this is how you can use AI to delegate certain things, but that you should never delegate the surgery itself. And of course what that surgery is depends on the task. GEOFFREY LITT ARTICLE | HN DISCUSSION

Tech's second layoff wave is flooding startups with top talent they can finally afford. PAVEL SHYNKARENKO

Derek Sivers open sources his entire database-driven web stack Derek Sivers released his full PostgreSQL-powered website architecture where database functions return complete HTML responses, eliminating the typical app layer entirely. GITHUB REPO | DEREK'S SITE | CONTACT DEREK

HUMANS

Over a million people weekly confide suicidal thoughts to ChatGPT OpenAI says 0.15% of its 800M weekly users show suicide planning indicators, plus hundreds of thousands more show signs of psychosis or dangerous emotional attachment. I wish I had a few weeks to dig into the implications of this number on the state of American mental health. On the one hand the number seems high, but .15% seems low. That’s the trick with stats; you need to do work to get truth out of them. OPENAI ANNOUNCEMENT | TECHCRUNCH ARTICLE | GPT-5 SENSITIVE CONVERSATIONS ADDENDUM

Corporate America is crushing earnings despite tariffs and economic concerns Over 85% of S&P 500 companies beat expectations in Q3—the best rate in four years—while jobs keep disappearing. MORNING BREW STORY | BLOOMBERG EARNINGS ANALYSIS | AXIOS JOBS MARKET REPORT

Americans can't afford their cars anymore and Wall Street is worried TELEGRAPH ARTICLE

A4L architecture aims to personalize adult online education using AI agents Researchers at the National AI Institute for Adult Learning describe a data architecture that collects learning analytics and feeds them back to teachers, learners, and AI agents for scalable personalization. A4L ARXIV PAPER

People walk 15% faster in cities and hang out 14% less than in 1980 MIT TECHNOLOGY REVIEW ARTICLE

Intelligence is just compression plus the ability to act on it A fascinating interactive essay argues intelligence isn't about thinking or consciousness—it's pattern compression that enables prediction and action in the world. WHAT IS INTELLIGENCE ESSAY | HN DISCUSSION

Intelligence is prediction all the way down, from molecules to societies to AI Blaise Agüera y Arcas argues that prediction isn't just what brains do—it's what life itself does, and modern AI systems might actually have real intelligence, consciousness, and free will. WHAT IS INTELLIGENCE BOOK

Humanity trades physical survival for psychological battles as we conquer each layer of need In an essay by Dave Shapiro, he argues that solving hunger gave us obesity, solving communication gave us digital addiction, and solving work will give us sloth—the struggle just evolves upward. DAVE SHAP'S ESSAY

Be careful with Obsidian because perfectionism kills actual thinking Phong warns that fiddling with your note-taking system becomes procrastination disguised as productivity, and the best ideas come from just writing stuff down. PHONG'S ARTICLE | HN DISCUSSION

DISCOVERY

Evan Hahn shares his most-used personal scripts EVAN HAHN'S SCRIPTS

Boring lives might actually be the happiest ones WHY A BORING LIFE MIGHT BE HAPPIEST

Hackers share their favorite cult sci-fi books HACKER NEWS DISCUSSION

Dostoyevsky wrote The Brothers Karamazov while staring into the abyss of his son's death THE LIGHT OF THE BROTHERS KARAMAZOV

China controls 55% of the world's high-IQ working-age population SOFIE CHAN ARTICLE

Burp extension maps Next.js server action hashes to actual function names NEXTJS SERVER ACTION ANALYZER

I'm drowning in AI features I never asked for and I hate it MAKEUSEOF ARTICLE

RECOMMENDATION OF THE WEEK

Brute force maintain contact idea.

Make a list of all your friends and associates from your whole life that you think it’s worth something to keep up with. Probably dozens.

Put it on the calendar, like once a month to twice a year, to text or call them.

Follow the schedule.

Virtually every study that’s looked at it has shown that people live longer and are happier based on the relationships they maintain.

Put it on the calendar if you have to.

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on October 29, 2025 09:50

October 15, 2025

Unsupervised Learning NO. 502

UPDATES

Hey! Hope you all are doing well!

—

Found a really cool California Wastewater dataset that tracks COVID and Flu numbers. I’ve integrated it into Kai as well so now I can just ask and he’ll go get the latest data. THE DATA AND DASHBOARD

Kai’s Result of the /check-california-wastewater-status command

—

About to release a major update to our Personal AI Infrastructure project. Completely redid the filesystem-based context management system. THE REPO

—

Had a great conversation with Quincy Castro at Chainguard. We discussed what kind of security challenges we face when building software we want to build, working with secure software for secure stacks, the role of AI in the future of security and tons more! SPONSORED

—

A new blog on magnifying your effective lifespan through attention. READ IT

🗣️LISTEN TO IT

Extending Your Lifespan Through Attention

How novelty and attention multiplies your time while distraction divides it

danielmiessler.com/blog/magnifying-time

New short blog on UBI and games. READ IT

The Government Solution to AI Inequality Might Be UBI + Really Good Games

AI's barbell economy will need both UBI and immersive entertainment

danielmiessler.com/blog/ubi-games

I’ve been going heavy on David Deutsch lately, and found some wonderful conversations between him and Naval Ravikant. Some of the best intellectual conversations I’ve heard in a long while! THE NAVAL DEUTCH FILES

Sponsor

AI Agents That Triage Vulnerabilities Like Experts

Anyone else waste countless hours chasing vulnerabilities that will never be exploited?

Maze takes a better approach. In a recent review of CVE-2025-27363, Maze’s AI Agents investigated the finding the way a human expert would, testing real exploit scenarios against the actual environment and controls.

Non-exploitable risks are a low priority. Exploitable vulns were flagged, and investigated further to decide their impact and likelihood. The result: fewer false positives, faster remediation, and a stronger security posture, all without the guesswork.

Built by engineers from Meta, Elastic, Amazon, and GitHub, Maze helps security teams finally get ahead of the vulnerability backlog.

Read the full report CYBERSECURITY

UK saw double the nationally significant cyberattacks this year The NCSC handled 204 nationally significant incidents in 2024—double the previous year—with 18 hitting essential services and threatening economic growth. UK NCSC ANNUAL REVIEW | THE RECORD ARTICLE

Attackers often don’t have to break in; they’re logging in with AI-boosted identities CrowdStrike’s latest data says 79% of detections are malware-free—attackers just use valid creds—while vishing is up 442% and AI-led identity baselining is cutting lateral movement into seconds. VENTUREBEAT STORY | CROWDSTRIKE THREAT HUNTING 2025 | CROWDSTRIKE GLOBAL THREAT REPORT | CUSHMAN CASE STUDY | CYBERARK MACHINE IDENTITIES

Windows 10 reaches end of support, while still on 40% of devices SECURITYWEEK ARTICLE 🤮

Sponsor

Datadog Detect: Engineering Security That Scales

Discover how leading security experts are addressing modern threats and making security operations more effective.

Datadog Detect, a virtual mini-conference, brings together practitioners and industry leaders from Red Canary and Corelight to share how engineering principles cut false positives, improve detection fidelity, and accelerate response.

Save your spot

Google launches dedicated AI bug bounty paying up to 30k for flaws Google's new AI Vulnerability Reward Program covers Gemini, Search, and Workspace with bonuses for novel reports. BLEEPINGCOMPUTER ARTICLE | GOOGLE REPORT QUALITY FRAMEWORK | GOOGLE AI REWARD CRITERIA

Apple doubles bug bounty max to $2 million for zero-click exploits Apple's revamped program can pay up to $5 million with bonuses, trying to outbid spyware vendors for critical iOS vulnerabilities. BLEEPINGCOMPUTER ARTICLE | APPLE SECURITY BLOG | SECURITY RESEARCH DEVICE PROGRAM

Chinese hackers weaponized ArcGIS mapping software for year-long stealth access Flax Typhoon turned a legitimate ArcGIS extension into a web shell, then installed a VPN bridge to blend with normal traffic and stay hidden for over a year. BLEEPINGCOMPUTER ARTICLE | RELIAQUEST ANALYSIS

A 13-year-old bug in Redis got a 10.0 severity score The RediShell vulnerability lets attackers escape Lua's sandbox and own the entire host—Over 60,000 instances have zero authentication. CYBER SECURITY NEWS ARTICLE | WIZ RESEARCH BLOG | REDIS SECURITY ADVISORY

Dropzone study shows AI lets SOC analysts investigate faster with better accuracy A Dropzone benchmark with 148 security pros found AI-assisted analysts completed investigations faster and with more detail, while manual analysts slowed down and lost accuracy under pressure. HELPNETSECURITY ARTICLE | HILLARY BARON LINKEDIN NOTE: This is super cool research from Dropzone, which I would have included anyway and they are not sponsoring this newsletter. But I am an advisor for the company, so I just like to be transparent about that kind of thing. Nothing is worse to me than not knowing why someone is saying something.

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Taiwan's government networks face 2.8 million Chinese intrusion attempts daily Taiwan's National Security Bureau reports a 17 percent jump in cyberattacks from China, combined with 10,000 fake social accounts spreading 1.5 million pieces of disinformation. THE RECORD ARTICLE | REUTERS REPORT | PROOFPOINT TA415 RESEARCH

China built a barter system to pay Iran for oil that completely bypasses U.S. sanctions and dollar transactions OODALOOP ARTICLE

Zelenskyy says Russia's shadow fleet tankers are doing spy work and sabotage Ukrainian intelligence warns allies that Russia's shadow oil tankers are gathering intel and running sabotage ops across Europe. DW UKRAINE UPDATES

NATO works on drone wall defense against Russian incursions NATO DEFENSE MEETING

Trump cancels Xi meeting and threatens massive tariffs over China's rare earth monopoly According to Tom's Hardware, Trump's ditching next week's summit and warning of serious retaliation after China expanded export controls on minerals critical for chips. TOM'S HARDWARE ARTICLE | TRUMP'S TRUTH SOCIAL POST

German spy chiefs warn Russia could escalate to direct NATO confrontation Germany's intelligence leaders say Russia won't shy away from military confrontation with NATO to achieve broader European influence, while Hamas maintains active infrastructure in Germany. GERMANY INTELLIGENCE BRIEFING

BYD turns the UK into its first big overseas beachhead According to the BBC, BYD’s UK sales jumped 880% in September—driven by its cheap plug-in hybrids, no UK tariffs on Chinese EVs, and 100 local retail locations. Yes, it’s in the National Security section. BBC STORY | SMMT EV RECORD CONTEXT

OpenAI will let ChatGPT do erotica for verified adults TECHCRUNCH ARTICLE

Realm Security raises $15M for AI that filters security data so SOCs only see what matters Their platform uses AI to process security info in real-time and cuts out the noise automatically. SECURITYWEEK ARTICLE | REALM.SECURITY SITE

Suspect in LA's Palisades fire caught partly through dystopian burning city images he made on ChatGPT Jonathan Rinderknecht generated AI images of burning cities months before allegedly starting the fire that killed 12 and caused $150 billion in damage. BBC NEWS STORY

Building AI agents is 5% AI and 100% software engineering. MARKTECHPOST ARTICLE

TECHNOLOGY

Bank of England says AI stock valuations now match dotcom bubble peak levels The BoE's Financial Policy Committee warned this is their strongest caution yet about AI-driven market risks, saying a sharp correction could seriously impact Britain's financial system. BANK OF ENGLAND OCTOBER REPORT | ARS TECHNICA STORY | REUTERS COVERAGE

AI economics look brutal but token usage is absolutely exploding The Wall Street Journal notes that while AI profitability is unclear, token demand is soaring fast, which might be the key signal to watch. It's an interesting perspective: if the demand is there, that's product-market fit, right? WSJ ARTICLE

Traffic lights might add a white light for when autonomous cars control intersections NC State researchers propose a fourth light color that signals when self-driving cars are coordinating traffic flow, so human drivers just follow along. NC STATE WHITE LIGHT PROPOSAL

China's cybersecurity regulator tells firms to avoid Nvidia's newest chips WSJ ARTICLE

AI is flattening org charts while expanding executive spans of control Companies are cutting middle management layers and making teams leaner, but executives at the top now oversee way more people than before. WSJ ARTICLE

India's small towns are becoming the data labeling factories for global AI Rural Indian workers are training ChatGPT and facial recognition by transcribing audio and labeling images, and firms say it'll grow to 100 million AI jobs. But for how long. BBC ARTICLE

Examples beat traditional docs because people learn by copying working code Rakhim argues most devs just want to copy-paste something that works and modify it, not read theory first. RAKHIM'S ARTICLE | HN DISCUSSION

Tech companies use apps to create cartels that would be illegal offline Cory Doctorow argues apps let companies coordinate price-fixing and labor suppression in ways that'd get you arrested if done with phone calls. DOCTOROW'S ARTICLE | CORY DOCTOROW | HN DISCUSSION

HUMANS

Hamas releases the last 20 living Israeli hostages after two years Trump declared the Gaza war over in Israel's parliament while Hamas freed hostages and Israel released nearly 2,000 Palestinian prisoners in a ceasefire deal. NPR STORY

AI will widen the gap between superstars and everybody else Interesting piece by WSJ about how some companies worry workplace tensions will spike because top performers extract way more value from AI tools than average workers do. WSJ ARTICLE

Pharma companies are racing to create pill versions of Ozempic Big pharma's scrambling to turn GLP-1 injections into pills because people hate needles and the oral market could be worth tens of billions annually. WSJ ARTICLE

150 unvaccinated kids quarantined 21 days in SC measles outbreak. MEASLES OUTBREAK ARTICLE

New nanoparticles restore brain barriers and clear Alzheimer's plaques in mice A team from IBEC and WCHSU created bioactive nanoparticles that fix the blood-brain barrier itself, which then naturally clears amyloid-β—reversing cognitive symptoms in older mice. NATURE STUDY | DRUG TARGET REVIEW ARTICLE | IBEC HOMEPAGE | WCHSU HOMEPAGE

America's worst students just hit their lowest test scores in 50 years THE ATLANTIC ARTICLE

Senate staff predict AI could replace half of many workforces A Senate HELP Committee staff report says nearly 100 million U.S. jobs could be automated in a decade—driven by AI hitting service roles first and then moving into other areas. 100 million seems high to me, but not that high. The bigger point is that even a moderate fraction of that will have a massive impact on the economy. THE HILL STORY | SENATE REPORT PDF | SANDERS OP-ED

Forty percent of fatal-crash drivers had active THC, legalization didn’t matter According to the American College of Surgeons (link), 41.9% of deceased drivers in an Ohio county had active THC—averaging 30.7 ng/mL—and that rate didn’t budge after legalization. SCIENCE DAILY REPORT

Like putting on glasses for the first time—how AI improves earthquake detection ARS TECHNICA ARTICLE

Men and women who are equally gifted create different but equally satisfying lives In a study by David Lubinski and colleagues, men prioritized career advancement and creating impact, while women valued flexibility and community—leading to different paths but identical happiness levels. STEVE STEWART-WILLIAMS ARTICLE | STEVE'S TWITTER | LUBINSKI ET AL PAPER

DISCOVERY

Notes on switching to Helix from vim JULIA'S HELIX NOTES

Vite+ combines dev, build, test, lint, format, and caching in one dependency. VITE+ WEBSITE

A live-updating feed for Hacker News stories and votes. HN LIVE FEED TOOL

Uv overtakes pip in CI for a company at 66% usage Wagtail's seeing uv hit 66% of CI downloads vs pip's 34%, which means they're considering switching their default install docs from pip to uv. Such a positive thing to hear. I am off of Python now, but honestly, UV solves 80% of its problems. WAGTAIL BLOG POST | WAGTAIL README | WAGTAIL PROJECT TEMPLATE | DOWNLOADS ANALYSIS DATA | PYPI DOWNLOAD STATS GUIDE

I've tested free vs. paid AI coding tools - here's which one I'd actually use ZDNET ARTICLE

RECOMMENDATION OF THE WEEK

Look into David Deutsch’s conversations with Naval. Some of the best thinking—on certain topics anyway—that I think can really level people up. And consider subscribing to Naval’s podcast. He does crisp little concept ideas like I've been doing and just did myself on the podcast and blog. I think the format and content is quite good for people today. THE NAVAL DEUTCH FILES | NAVAL’S PODCAST

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on October 15, 2025 09:49

September 30, 2025

Unsupervised Learning NO. 500

UPDATES

I’m in Houston for HouSecCon! So excited to see everyone! 🫂 A bit less writing and more short summaries this week… I do miss the old one liner summaries sometimes!

—

This is the 500th episode! Thank you to everyone who has followed along the way since 2015! 🫶🏼

—

Dwarkesh Patel brought on Richard Sutton, the inventor of RL, to his podcast, and it was a shitshow of a conversation, in my opinion. Here’s my very emotional reaction to the first few minutes. It’s now blown up into tons of debate across the AI space. It’s kind of like the blue/black dress thing, with people seeing the conversation completely differently based on their perspective on AI.

My latest thoughts on the whole thing, explaining why I care so much about all of this stuff.

—

Massive updates to Anthropic’s Sonnet (4.5), and Claude Code (2.0)! The whole system feels faster now and I can’t wait to dig deeper into it! But I can tell you already that it's much faster and sharper. which is good because OpenAI’s GPT-5 Codex (and Codex) is right on their heels. ANTHROPIC ANNOUNCEMENT

Sponsor

Are Self-Managed AI Models Putting You at Risk?

Self-hosted AI models give you control—but also create hidden risks. Shadow deployments, unverified supply chains, and blind spots in monitoring can leave your business exposed. Cortex Cloud brings clarity and protection to the AI models you run yourself, helping you uncover threats, secure your model pipelines, and prevent risks before they reach production. Stay in control and uncover your AI blind spots.

Read the blog CYBERSECURITY

Chinese hackers are using BRICKSTORM to steal IP from law firms and tech companies
According to Mandiant, Chinese government hackers are deploying a new backdoor called BRICKSTORM to break into organizations and steal intellectual property, with victims including legal firms, SaaS providers, and technology companies since March 2025. MANDIANT REPORT | NVISO BRICKSTORM ANALYSIS

Cisco ASA zero-days under active attack THE HACKER NEWS ARTICLE

Sponsor

CTRL/ACT: From Visibility to Action – Are You In?

The attack surface is growing, tools are multiplying, and pressure is mounting. At CTRL/ACT, join leading security minds and hear Rachel Wilson, Morgan Stanley Managing Director & CDO, in her keynote, "The AI Imperative". Learn how top teams cut through noise, harness AI, build resilience, and take actionable steps—plus earn up to 6 CPE credits.

Volvo staff data stolen in supplier ransomware attack THE REGISTER COVERAGE

Israel hacked phones to stream Netanyahu's speech ISRAELI PM TWITTER POST

Salesforce AI agents could be tricked into stealing data NOMA LABS REPORT

Chinese hacking group RedNovember hammers government and defense networks worldwide
Recorded Future tracked RedNovember exploiting VPN and firewall bugs to break into US defense contractors and agencies across Taiwan, South Korea, and Panama. They're using Pantegana backdoor and Cobalt Strike, jumping on new vulnerabilities within days of public disclosure. RECORDED FUTURE REPORT | SECURITY RISK ADVISORS

Vegas casino hacker released to parents BLEEPING COMPUTER STORY

Chrome AI vulnerability allowed stealing browser sessions HACKERONE REPORT

Passkeys beat passwords but won't replace them yet BLEEPINGCOMPUTER ARTICLE

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

Love the analysis here, talking about how China has as well as the Fabric 5-sentence summary of the video… 🔥🔥🔥

Jensen Huang thinks China is nanoseconds behind in chips TOM'S HARDWARE ARTICLE

Russian spy ship caught mapping NATO's undersea cables
A Financial Times investigation tracked a Russian military vessel surveilling and mapping undersea cables along Europe's Atlantic coast, raising concerns about potential communications interception or sabotage. FINANCIAL TIMES INVESTIGATION | TOM'S HARDWARE COVERAGE | FINLAND-SWEDEN CABLE INCIDENT | RUSSIAN TANKER CHARGED

Russia trains Chinese forces on airborne tactics for potential Taiwan invasion
Documents reveal Russia's training Chinese battalions on airdropping armored vehicles, giving Beijing new capabilities that military analysts say could be critical for any Taiwan operation. OODALOOP COVERAGE

Pentagon ok’d to label DJI a Chinese Military company THE VERGE ARTICLE

Denmark bans all civilian drones after mystery drones shut down airports
Denmark just banned civilian drones for a week after mystery drones forced Copenhagen Airport to close for four hours and were spotted over military sites. The government's calling it a "hybrid attack" but won't say who's behind it, though the PM says Russia poses the biggest threat to European security. DW NEWS COVERAGE | DENMARK TOPIC PAGE | COPENHAGEN TOPIC PAGE

Germany might build space weapons after Russia starts tracking their satellites ARS TECHNICA ARTICLE

Microsoft blocks Israeli surveillance of Palestinians GUARDIAN INVESTIGATION

Claude Code Custom Tools With the SDK
This is insane stuff. Part of the updates to Claude Code and Sonnet. I think the SDK in CC is one of the most understated pieces of AI kit out there. CLAUDE CODE CUSTOM TOOLS

Chrome now has an official MCP server
Still testing it, but , I think it might be better than Playwright because it’s built by Google. THE BLOG POST | DEMO VIDEO

{ "mcpServers": { "chrome-devtools": { "command": "bunx", "args": ["chrome-devtools-mcp@latest"] } }}

OpenAI launches parental controls for ChatGPT
OpenAI is rolling out parental controls that let parents manage their kids' ChatGPT usage. OPENAI ANNOUNCEMENT

OpenAI releases engineering prompt packs for ChatGPT
OpenAI's new prompt library gives engineers ready-made queries for system architecture, debugging, documentation, and data analysis. We’re putting all of these into Fabric, naturally. OPENAI PROMPT PACKS

Von Neumann architecture bottlenecks AI computing IBM RESEARCH ARTICLE

The economic AI apocalypse is nigh
Cory Doctorow argues AI's real apocalypse isn't machines becoming sentient—it's humans losing economic control as tech platforms use AI to lock in users and extract wealth. CORY'S ECONOMIC AI APOCALYPSE POST | HACKER NEWS DISCUSSION

Humans won't be missed when AGI arrives
Pascual Restrepo theorizes that once AGI handles all economically essential work, human wages will cap at the computational cost to replicate them, labor's share of GDP drops to zero, and the economy keeps growing without us. RESTREPO'S PAPER

Clients want AI magic but need practical solutions TOWARDS DATA SCIENCE ARTICLE

Cloudflare launches stablecoin for AI agent payments CLOUDFLARE PRESS RELEASE

Ollama brings web search to local LLMs OLLAMA BLOG POST

AI makes books obsolete for quick knowledge DAVID'S SUBSTACK POST

LLMs are becoming the new API layer for software
Large language models are starting to replace traditional REST APIs—instead of calling specific endpoints like /users/123/orders, developers can just ask the LLM in plain English and get structured data back. DZONE ARTICLE

TECHNOLOGY

Cloudflare launches email sending from Workers to complete their email platform
Cloudflare announced Email Sending in private beta. Combined with their existing Email Routing, you can now handle both sending and receiving emails entirely within Cloudflare's platform. CLOUDFLARE ANNOUNCEMENT | EMAIL ROUTING DOCS | WORKERS AI | REACT EMAIL | PRIVATE BETA WAITLIST

YouTube Music tests AI hosts for music trivia YOUTUBE BLOG ANNOUNCEMENT

Apple confirms US passports coming to Wallet this year 9TO5MAC ARTICLE

Taiwan weaponizes chip exports against China allies. ARS TECHNICA COVERAGE

Apple boosts iPhone 17 production by 33% MACWORLD ARTICLE

Apple Music gets swipe-to-skip tracks MACWORLD ARTICLE

HUMANS

UK grows rice for the first time BBC ARTICLE

Britain will require digital IDs for all workers REUTERS ARTICLE

Ebola kills 61% in Congo with minimal funding ARSTECHNICA REPORT

Social connections slow biological aging like compound interest CORNELL NEWS ARTICLE

Mountains explain why equatorial countries stay poor PUEYO'S MOUNTAIN THEORY

Americans use PTO for sleep, not vacations
A worse conviction has not been uttered. NEWSWEEK REPORT

Teams that only tackle urgent work never fix bugs or technical debt ADAM'S POST

Arctic sea ice hits its annual minimum, ranking tenth lowest on record CIRES ANNOUNCEMENT

Buffett indicator shows stocks dangerously overvalued CNBC ARTICLE

1 in 5 Americans now regularly get news from TikTok PEW RESEARCH STUDY

YouTube creators pumped £2.2bn into UK economy last year BBC ARTICLE

Starbucks cuts underperforming stores and management layers STARBUCKS ANNOUNCEMENT

Accenture will fire staff who can't adapt to AI FINANCIAL TIMES ARTICLE

YC now lets students graduate before joining TECHCRUNCH ARTICLE

DISCOVERY

cisv processes CSV files 15x faster than traditional parsers SANIX DARKER'S BLOG POST

Dreamtap makes AI outputs more creative DREAMTAP HOMEPAGE

Plan 9 tools now run on Unix PLAN 9 PORT GITHUB

The entire internet is a cargo cult DAVE'S ESSAY

Questions to help decide if you should finish that project CASSIDY'S QUESTIONS POST

Big data is being used to predict Nobel laureates. THE ECONOMIST ARTICLE

Vibe Link adds emotions to shortened URLs VIBE LINK HOMEPAGE

RECOMMENDATION OF THE WEEK

I know it’s getting harder to travel, but it’s hard to describe how much seeing old friends fills the cup. Spending a few hours with friends last night was wonderful.

Try to get to one or two conferences / meetups a year if you can, if you will have friends there. There’s still no replacement for face-to-face.

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on September 30, 2025 08:16

September 23, 2025

Unsupervised Learning NO. 499

UPDATES

Back home for a week and then off again for HouSecCon! Can’t wait to see all my Houston friends!

—

Emad Mostaque Explains Why GDP and Capitalism is Obsolete
A new must-see blog post where I talk about this new video by Emad Mostaque. Seriously a must-see within 72 hours! I disagree with some of his timelines (1000 days is sensationalist), and he’s not right on a couple of things (XBow > Hackers). But I think the vision is 1) quite interesting, and 2) probably mostly solid. A MUST SEE. And I give my comments as well, as well as a Fabric summary. READ THE POST

Emad Mostaque on the End of Capitalism

An extremely clear vision of how AI will completely disrupt everything within 1,000 days… I disagree with some of his timelines, and he’s not right on a couple of things. But I think the vision is 1) quite interesting, and 2) probably mostly solid. A MUST SEE. And I give my comments as well, as well as a Fabric summary.

danielmiessler.com/blog/emad-mostaque-on-the-end-of-capitalism

Major updates to the PAI project Github Page !

PAI isn’t just a blog post and a video. It’s a free, public infrastructure for using AI for your use cases!

I’m dead serious about making AI available to everyone on Earth. We need this. As humans. Sooner, not later.

I’ve been making tons of updates to the project, adding more and more of MY ACTUAL AI STACK. Tons more custom commands (use cases basically) coming this week as well. GO STAR IT SO YOU GET UPDATES

📅 September 22, 2025 - v0.2 Release

🔗 Human 3.0: Added link to projects fit together blog post

📝 Documentation: Improved table formatting and structure

✨ Polish: Enhanced README readability and navigation

🔧 Fixes: Minor formatting and display improvements

🎉 Release: Published v0.1 - Initial public release

🔒 Voice: Hardened the voice server

🏠 Portability: PAI_HOME support eliminates hardcoded paths

📚 Docs: Comprehensive documentation under ~/.claude/documentation/

🔌 Dynamic: MCP detection via settings.json

🏗️ Architecture: Complete system documentation with examples

danielmiessler/PAI: Personal AI Infrastructure for upgrading humans.

Open-source personal AI infrastructure for orchestrating your life and work…

github.com/danielmiessler/PAI

—

Wrote my response to the Charlie Kirk situation. It’s political, so feel free to skip. MY THOUGHTS ON CHARLIE KIRK’S ASSASSINATION

—

Been doing mass-updates to my iPhone / Mobile / Computer setup given the launch of macOS and iOS 26. Perfect time for a bi-annual cleansing. Completely redoing my Focii (I’ve always wanted to use that in a sentence) as well as MASSIVELY cutting out notifications, etc. Check this new Dynamic Wallpaper I made of Kai working in his lair, for my Work focus.

And the background is dynamic when you move the phone!

Had a conversation with Harry Wetherald from Maze, where they’re working on using Agents for Vulnerability Management. Really love Harry’s approach to this problem. I feel like it’s from a practitioner who gets the issue deeply…which I think is the best origin story for a startup.

Oh and they’re the sponsor here too! 👇🏼👇🏼👇🏼👇🏼

Sponsor

Maze AI Agents Triage Vulnerabilities Like Experts

Security teams lose countless hours chasing vulnerabilities that will never be exploited…

Maze takes a different approach. In a recent case study on CVE-2025-27363, their AI Agents investigated the finding the way a human expert would—testing exploit scenarios against the actual environment and controls.

If the risk wasn’t exploitable, it stayed low priority. If it was real, it was flagged fast. The result is fewer false positives, faster remediation, and a smarter security posture without the usual guesswork. Built by engineers from Meta, Elastic, Amazon, and GitHub, Maze is designed to help teams finally get ahead of the backlog.

Explore Maze CYBERSECURITY

Secret Service finds massive SIM farm that could have shut down NYC's cell network
The Secret Service discovered a network of 300 SIM servers with over 100,000 SIM cards in abandoned NYC buildings that could send 30 million texts per minute and potentially disable cell towers during the UN General Assembly. CBS NEWS STORY

Github forces hardware 2FA and short-lived tokens for npm publishing
Great to see GitHub locking npm down with mandatory hardware 2FA, short-lived granular tokens, and trusted publishing to target the recent repo-to-npm supply-chain waves. BLEEPINGCOMPUTER STORY | GITHUB SECURITY ANNOUNCEMENT

CISOs say the real breach is the empty seats
Back on the talent shortage conversation. CSO Online’s piece cites Accenture’s data showing 83% of execs say the talent gap is killing posture, and Michelle Abraham thinks near-term AI triage could actually ease burnout.

So insane that companies can’t find people and people also can’t find jobs. I know I’ve covered this a million times but it just keeps coming up. the conclusion before was:

Candidates simply not having the skills

Really inefficient hiring practices

CSO ONLINE ARTICLE | ACCENTURE STATE OF CYBERSECURITY 2025 | KANWAR PREET SINGH SANDHU PROFILE

Sponsor

Does your work browser work for AI?

Island customers used 1,200 AI apps in the last month. Without governance, or even knowing they’re in your org, you'll have IT anarchy.

That's why there's the Island Enterprise Browser. Last-mile control, app access, workspace visibility, and security are built in - not bolted on - to the browser. Your teams get AI efficiency while data stays where it belongs. Productivity and security for the win.

OK, I’m listening. Tell me more.

China compresses cyber breach reporting to one hour
The Register says Beijing now expects “network operators” to report serious cyber incidents within 60 minutes—or 30 for catastrophic ones—which will force real-time detection and instant triage. THE REGISTER STORY | CAC RULES (CHINESE)

CISA moves to tighten control over the CVE program
CISA basically says CVE’s future is theirs to run, pushing back on a nonprofit-led model. THE REGISTER STORY | CISA CVE VISION PAGE

SonicWall breach exposed firewall backups, forcing full secret rotation BLEEPINGCOMPUTER STORY

SonicWall ships an update that removes OVERSTEP rootkits BLEEPINGCOMPUTER ARTICLE

Real-time vuln alerts without NVD lag
BleepingComputer spotlights SecAlerts pulling from 100+ sources and pushing filtered, real-time vuln alerts so you’re not stuck waiting on NVD. BLEEPINGCOMPUTER ARTICLE | SECALERTS SITE

Samsung patches a live zero‑day on Galaxy phones TECHCRUNCH STORY

AI agents become the bug hunter’s always-on sidekick
Sudhir Singh lays out how autonomous agents can do the grunt work—recon, triage, and reporting—so humans focus on the weird stuff. Friends don’t let friends post on Medium. MEDIUM ARTICLE BY SUDHIR SINGH

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

The UK recognizes Palestine as a State GUARDIAN STORY

China has banned anyone in the country from buying NVIDIA chips
They now have to use internally manufactured chips. Holy crap. Huge. FINANCIAL TIMES STORY

NATO’s drone scare in Poland just unlocked more help for Ukraine
The Cipher Brief interviews General David Petraeus, who says the Poland drone incursion was deliberate, NATO’s response was fast, and this crack in the door could fund Ukraine’s drone surge. I really don’t get why Russia would provoke other countries in a way that’s bound to unify and energize them. What am I missing? CIPHER BRIEF INTERVIEW

Nasa blocks Chinese nationals from access, including Zoom THE REGISTER STORY

Danish supermarket building off-grid emergency stores MASTODON POST

Ukraine tests jammer-resistant strike drones with 31-mile reach TOM'S HARDWARE ARTICLE

Britain signs a £1.5B defense data deal with Palantir
The Register says the UK just locked in a £1.5B defense pact with Palantir. I’m guessing they would rather not have, which means Palantir must be much better than the alternatives. Or there aren’t any. THE REGISTER STORY | HACKER NEWS DISCUSSION

Red Sea cable cuts disrupt Asia and Mideast internet OODALOOP STORY

Taiwan moves to 24/7 undersea cable protection TOM'S HARDWARE STORY

Gunmen hit Chinese convoy in Nigeria, eight security officials killed
OODAloop reports gunmen attacked a security convoy in Edo state, killing eight officials; Chinese expatriate workers were kidnapped and later rescued. OODALOOP BRIEF

AI eats all of IT by 2030, but not all the jobs
Gartner expects every IT task to touch AI by 2030—25% fully bot-run, the rest human-with-AI—while entry-level roles take the hit first. Seems directionally right. What’s not talked about is the emotional and overall economic “vibe” impact of having this much change happen so quickly. ARSTECHNICA STORY | THE REGISTER COVERAGE | REVELIO LABS ENTRY-LEVEL DATA | GOLDMAN SACHS WORKFORCE NOTE

GitHub launches an MCP registry that finally makes agents usable
GitHub shipped a proper MCP server registry with VS Code one‑click installs, star‑ranked listings, and an open pipeline that syncs with the [Anthropic]-led community registry. Cool to see an official set of these. Curious how they’re doing the filtering. GITHUB BLOG ANNOUNCEMENT | BROWSE GITHUB MCP REGISTRY

OpenAI quietly ships major Codex upgrade
OpenAI pushed a big Codex update that looks like “GPT-5 for code,” with faster refactors, deeper repos, and way better tool use. I know lots of people starting to move to Codex from CC. The model seems sharper, but it lacks massive features compared to CC. And Anthropic is dropping 4.5 supposedly this week as well. OPENAI CODEX UPGRADE POST

Nvidia funds OpenAI’s AI factory buildout with 100 billion TECHCRUNCH STORY

Most people still aren’t using LLMs enough
Florian Brand argues we’re sleeping on cheap, boring automations that save hours—turn images into .ics, auto-translate clipboard, scripted scrapers, and glue it all together for $20/month. Agree completely, and this is why I created PAI! YOU'RE NOT USING LLMS ENOUGH | FLORIAN BRAND HOMEPAGE

AI tools are making everything look the same
STRAT7 argues we trained models on the internet’s quirks, and now the outputs are remixing those quirks back into reality at scale. Agree, but we have the ability to shape that. We’re not resigned to it. Don’t settle for the mediocrity that others made before AI, or after. STRAT7 ARTICLE | HACKER NEWS DISCUSSION

AI ends the career ladder’s on-ramp OODALOOP ARTICLE

TECHNOLOGY

Oura jumps to an $11B valuation on a massive Series E
TechCrunch’s report says Oura’s raising $875M at ~$11B, doubling since December off insane growth and $1B+ revenue. My favorite wearable other than Apple Watch, by far. Love the Readiness Score. TECHCRUNCH STORY | BLOOMBERG REPORT | TECHCRUNCH SERIES D COVERAGE

Databricks hits $4B run-rate and raises $1B THE INFORMATION BRIEFING

All the world as a monorepo, but who holds the keys
James Tiberius pushes a fun but sharp thought experiment: if everything lived in one giant monorepo, power, governance, and tooling become the whole game. IF ALL THE WORLD WERE A MONOREPO

Write the simple version first, then refactor later. BE SIMPLE ARTICLE

Reading code is the bottleneck, not writing it WRITING CODE IS EASY, READING IS HARD

HUMANS

Auto loan delinquencies are screaming past 2008, even for prime borrowers
Chris Chilton reports the CFA says auto finance is “at breaking point,” with $1.66T owed, $745 typical payments, and repos jumping 43% since 2022. This is the type of metric I find interesting and extremely troubling. CARSCOOPS STORY

Rich Americans are propping up “strong” consumer spending
Morning Brew highlights Mark Zandi’s read of Fed data: the top 10% now drive 49.2% of U.S. consumer spend, masking weak real gains elsewhere. MORNING BREW ARTICLE | MARK ZANDI FED DATA THREAD | MARKETMINUTE ON DELINQUENCIES | MORNING BREW JOBS PIECE | MORNING BREW CAPITALISM SURVEY

Global Peace Index 2025 shows rising instability GLOBAL PEACE INDEX 2025 MAP

DSM categories melt when you cluster symptoms directly
Ajai Sonachandran breaks down Miri Forbes’ massive symptom-level clustering study showing MDD/GAD/PTSD don’t form distinct clusters—just overlapping slices of broader spectra like Distress and Thought Disorder. I’ve always thought something like this was happening. Similar to Schizophrenia / Manic Depressive in the past? PSYCHIATRY MARGINS ARTICLE | FORBES PREPRINT ON PSYARXIV

Sesame Street goes big on YouTube, with creator training baked in
So happy about this! Sesame Street raised me significantly as a kid. Can’t express enough thanks. Sesame Workshop’s new deal is putting hundreds of full episodes on YouTube plus creator workshops—basically acknowledging kids meet Ms. Rachel before Big Bird now. ENGADGET ARTICLE | YOUTUBE PARTNERSHIP POST

Trump floats a $100k H-1B visa fee
Reuters says the White House is pushing a $100k H‑1B fee, which, if real, would have a massive impact on tech hiring. Elon came out promising war over it, saying his companies are only possible because of H-1B visas. REUTERS STORY | HACKER NEWS DISCUSSION

More people feel safe while wars expand
Gallup says a record 73% feel safe walking at night despite broader conflict, with huge gender gaps and South Africa lowest and Singapore highest. GALLUP ARTICLE

Homicide rates in US and Canada mapped cleanly
/u/Fluid-Decision6262 dropped a crisp map comparing homicide rates across the US and Canada—it’s simple, stark, and way more telling than headlines. REDDIT POST | FULL-RES IMAGE | REDDIT COMMENTS

Frying eggs quietly wrecks your indoor air
Chill Physics Enjoyer shows how a simple egg fry spikes indoor pollution way more than people expect, and gas vs. electric changes the game. SUBSTACK POST

Three-minute at-home EEG flags Alzheimer’s risk years earlier
Fastball EEG from George Stothart: a passive, three‑minute at‑home brainwave test that spots risky memory patterns well before a typical diagnosis. SMITHSONIAN ARTICLE | BRAIN COMMUNICATIONS PAPER

How a single fire unlocked Hitler’s emergency dictatorship
Wikipedia captures how the 1933 Reichstag fire—blamed on Dutch drifter Marinus van der Lubbe—let Hitler push Hindenburg to suspend civil liberties and bulldoze the Enabling Act. WIKIPEDIA ENTRY

DISCOVERY

Becoming the person who does the thing
Frederick Rivett argues the real unlock isn’t tactics—it’s identity—so you stop “trying” and start acting like someone who already does the thing. FRED RIVETT ARTICLE | HACKER NEWS DISCUSSION

We work too much because we worship work
Bertrand Russell argues in “In Praise of Idleness” that most “hard work” is theater and we’d be saner and kinder if we cut hours in half. One of my favorites. HARPER’S ESSAY | HACKER NEWS DISCUSSION

AI now does most analysts’ grunt work HACKER NEWS POST

Link graphs make reading feel like a conversation again LINKGRAPHS ARE FUN ARTICLE

Runj parallelizes any unix command with clean line-buffered I/O
Karim Chergui released runj, a tiny tool to run any command across N subprocesses with line-buffered stdin/stdout—super handy for clean parallel test runs and build steps. RUNJ RELEASE POST

Fifty things you can do with a software-defined radio FIFTY SDR THINGS ARTICLE

The Culture might actually be a quiet dystopia
Still reading this series, but Ben Arthur flips Iain M. Banks’ Culture on its head—arguing the “post-scarcity utopia” looks a lot like a velvet cage run by inscrutable gods. THE CULTURE AS DYSTOPIA ARTICLE | HACKER NEWS DISCUSSION

Statistical differences only matter if they change your decision TOWARDS DATA SCIENCE ARTICLE

Refactor your “unit of work” to unlock real productivity
Nilenso argues your core abstraction isn’t sprints or commits—it’s the unit of work—so make it a customer-visible slice with clear acceptance, negotiable size, and one place for all context. NILENSO ARTICLE | AI UNIT OF WORK POST BY ATHARVA | INVEST USER STORIES REFERENCE | USER STORY ORIGIN ON C2

A vape runs a real web server fast TOM'S HARDWARE STORY

Nanobot turns MCP servers into full agents with UI
Turns any MCP server into a stateful reasoning agent with a system prompt. NANOBOT SITE

Visual Story-Writing makes story editing visual VISUAL STORY-WRITING GITHUB

Em dashes aren’t an AI tell, they’re a human thinking tool THE RINGER ARTICLE

Quitting the iPhone breaks the addiction, not the utility
Kevin Kelly spends a year off iPhone and realizes the phone wasn’t the problem—the dopamine loops were—and that swapping platforms doesn’t fix your habits. SUBSTACK POST | KEVIN KELLY HOMEPAGE

A creator shows how partial automation actually makes a better newsletter
A Reddit User walks through his n8n + GPT‑5 loop that saves 1–2 hours a day, but the punchline is keeping him in the loop makes it good. REDDIT POST | WORKFLOW SCREENSHOT | CARD EXAMPLE IMAGE

RECOMMENDATION OF THE WEEK

See if you can start thinking of political opponents (not the worst ones, but like mid-level ones) as possibly good people who are good in a different (alien) way than you.

See if you can assume they’re actually trying to do good, and grapple with them and yourself to see if you can find things to agree on.

See if you can find a common, desired destination! And then part as opponents but friends who disagree on how to get there.

This won’t be possible with everyone, but we have to try. It’s the only way to fix this.

📚 Book Recommendation: The Righteous Mind, by Jonathan Haidt

APHORISM OF THE WEEK

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members get numerous benefits, including:

25-50% off all UL Paid Content, including the upcoming Human 3.0 / AUGMENTED ONLINE portal!

Access to the extraordinary UL Member Community that includes vibrant conversations with ~1,500 of the smartest and kindest people you’ll find on the internet

Access to the Member Archive of previous Member-only content, the Book Club archive, etc.

Access to The UL Book Club that’s been going monthly since 2017! One of the highlights of my and many attendees’ month!

Access to the Monthly Member Meet-up where we talk about our routines, productivity workflows, what’s on our minds, etc.

Access to In-Person Events like our dinners in Vegas, San Francisco, etc.

And much more coming…

This is the moment to connect with others who are smart, kind, and asking the same questions we are. Where is this all going? And how do to prepare?

Join the conversation.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on September 23, 2025 12:00

September 4, 2025

Building Your Own AI-powered Life Management System

The post and video

Since this whole AI thing started in late 2022, I have been slowly building a unified system for life and work management.

Not for tech. Not for AI.

For life .

For the things I care about as a human.

I just launched a video today describing my system named “Kai” and my entire process for building it. It lays out:

Why I built it,

The way I think about such systems,

And the actual structure step-by-step guide to how I built the individual components inside of Cloud Code

And don't be intimidated by the Claude Code thing. It's just a container. The components themselves are universal and you can use them inside of any AI system.

My goal with this video is to get you thinking about your own tasks, and your own life management system, and your career management system, and your information management system, and what such a thing could look like if it were unified and upgradeable.

Please go and watch this video even if you don't plan on building this system immediately.

At the very least, it will get you thinking about the questions of:

What could you be doing if you had more time?

What would you be researching?

What would you be studying?

If you had a tutor, what would you have them teach you?

What if you were more communicative with the people you care about?

What if you were actually able to make the projects that you've been thinking about for all these years?

Let me know what you've come up with after you watch the video and/or read the guide.

I can’t wait to hear about what you build!!!

Continue reading online…

The post and video

Talk soon!
Daniel

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on September 04, 2025 13:27

August 25, 2025

Unsupervised Learning NO. 495

UPDATES

Hey, hope you’re doing well!

ERRATA: Two mistakes last episode:

My conversation about AI System Design was with Michael Brown, not Matthew Brown. Sorry Michael! Phenomenal conversation!

The open-source AI vuln discovery tool I mentioned last week was a separate project, unrelated to XBow.

—

A whole bunch of built-up procrastination due to technical obstacles is really starting to add up for me, causing lower mood and energy. I can't remember where I read it, but I really love the framing of anxiety and procrastination simply being side effects of not getting work done that you wanted to, or thought you should.

I'm definitely feeling that. But I hope to resolve most of it this week!

—

Speaking of Michael, here’s my conversation with him about designing AI systems that actually work. Michael Led the Trail of Bits AI XCC team that won 2nd place, and he’s brilliant.

If you think at all about practical vs. hype AI, you will love this conversation.

—

🔥This is the Personal AI Infrastructure I’ve been building for years now, documented in a lot of detail. Took the entire weekend to update this beast.

When I talk about working on AI, I'm mostly upgrading and enhancing this thing. 👇🏼

Building a Personal AI Infrastructure (PAI)

Exploring the concept of personal AI infrastructure and how to build AI systems that upgrade humans as we transition to Human 3.0

danielmiessler.com/blog/personal-ai-infrastructure

—

It's so much easier to write story commentary for the newsletter using Wispr Flow. Next to Claude Code and ChatGPT back in 2022, I would say this is definitely the best tech I've seen in years.

—

Last week’s podcast was like an hour and a half long. Caught up on tons of stuff across work and tech and life. Felt significant. If you haven’t listened in a while, you should listen to this one. LISTEN

UL NO. 494

AI Finds a P1, I Missed Chartbeat So I Made My Own, XBow Open-Sources Their AI Bot, and more...

omny.fm/shows/unsupervised-learning/ul-no-494-standard-edition-ai-finds-a-p1-i-missed-chartbeat-so-i-made-my-own-xbow-open-sources-their-ai-bot-and-more

Sponsor

AI Agents That Actually Triage Vulnerabilities

Most vulnerability management feels like a treadmill: huge backlogs, noisy findings, and nonstop pressure.

Maze takes a different approach with AI agents that investigate vulnerabilities the way humans do —context-aware, precise, and fast.

That means 80–90% of false positives removed automatically, only a small handful marked for urgent attention, and fixes are sent directly to the right owners. It’s like having expert engineers on call, only they never sleep.

Find Out How It Works

Really excited with Maze’s approach here, with a focus on getting the context from the organization and sending fixes to the correct people rather than blasting them out to unrelated people who will grow hate in their hearts for security!

CYBERSECURITY

Google releases FACADE, their internal anomaly detection system for insider threats

Google open-sourced FACADE, the deep learning system they use internally to catch insider threats and detect account compromises. Absolutely love them for releasing projects like this out to the public for free. FACADE GITHUB REPO | RESEARCH PAPER | BLACKHAT 2025 SLIDES

Researchers discover PromptFix attacks that hijack AI browsers through hidden prompts

Guardio Labs tested Perplexity's Comet browser and found attackers can hide malicious instructions in fake captchas that AI agents process as legitimate commands. GUARDIO LABS RESEARCH | CYBERSECURITY NEWS ARTICLE

Phishing emails now target both humans and AI defenses simultaneously

Anurag Gawande shares how attackers are embedding prompt injection commands in phishing emails to confuse AI security tools while still tricking human recipients. MALWARE ANALYSIS ARTICLE | REDDIT DISCUSSION

Grok chats are showing up in Google search results

Malwarebytes reports that Grok's share button makes conversations searchable on Google without users realizing it. MALWAREBYTES ARTICLE | FORBES COVERAGE | BBC REPORT

Continue reading online to avoid the email cutoff… NATIONAL SECURITY

The U.S. is running low on Patriot missiles after heavy Middle East use

The Pentagon is scrambling to rebuild Patriot missile stocks after using 30 interceptors in a single day defending Al-Udeid base from Iranian attacks—the largest single-day use in U.S. history. THE CIPHER BRIEF REPORT | LARGEST PATRIOT SALVO ARTICLE

Clear Plus adds biometric gates that skip TSA officers entirely

Clear launched facial recognition gates at Atlanta's airport that verify your ID and boarding pass in under six seconds, letting paid members bypass TSA officers completely before bag scanning. It will be phenomenal if this is able to be maintained and if it expands to other airports.

Interesting piece of security psychology here is that I naturally wonder how easy it would be to fool this system, but then I remember how cursory the checks are by the staff currently. MORNING BREW COVERAGE | WSJ REPORT | AXIOS ARTICLE | THE POINTS GUY

OpenAI says GPT-6 is coming faster than GPT-5 took

Sam Altman told reporters that GPT-6 is already in development and won't take as long as GPT-5 did. Surprising to me that they had to play this card. Subs must really be down for them to have to start teasing this already. BLEEPING COMPUTER ARTICLE | CNBC INTERVIEW

Game developers embrace AI agents at massive scale

A new study reveals that 87% of game developers are now using AI agents in their development process, which is not surprising to me at all. I do a lot with AI and a lot with role-playing games, and they go extremely well together. I mean, just think about character generation, scenario generation, plots, etc. All this stuff is center mass for LLMs.

GOOGLE NEWS ARTICLE

AGI is an engineering problem, not a model training problem

Vinci Rufus argues that AGI won't come from bigger models but from better engineering—specifically orchestrating multiple specialized models working together like a brain's different regions. HIS ARTICLE

Developer replaces vector databases with Git for AI memory

Growth-Kinetics built a proof-of-concept that stores AI memories as markdown files in Git repos instead of vector databases, letting you git checkout to any point and see exactly what the AI knew then.

I really love ideas like this, and I'm personally experimenting with using the file system for all sorts of context management. As we keep talking about here, the management of memory and context is like 90% of the game with AI systems. DIFFMEM GITHUB REPO | HACKER NEWS DISCUSSION

MIT study finds 95% of enterprise AI projects have zero impact on profits

MIT researchers found that 95% of corporate AI implementations fail to impact the bottom line because companies try to force generic tools like ChatGPT into existing workflows instead of solving specific problems.

This very much reminds me of my earlier article on intelligence tasks. The companies that I see adopting AI the fastest and the best are the companies that already understand how their business works. They are simply applying AI to that. It's really hard to optimize something you don't understand, which unfortunately is many/most businesses. TOM'S HARDWARE ARTICLE | FORTUNE COVERAGE

Developer builds memory layer to stop AI agents from forgetting everything

And here's another memory/contact system. Piyush created In Memoria, an MCP server that gives AI coding tools persistent memory so they remember your codebase structure and coding patterns between sessions.

This is the type of thing where a major improvement to memory context management is going to roll out in Cloud Code or something, and it's going to suddenly improve all coding output and throughput by 40% or something. Just making up a number, but my point is that these jumps are going to be extreme. IN MEMORIA GITHUB | HACKER NEWS DISCUSSION

TECHNOLOGY

Coinbase CEO fired engineers who refused to try AI coding tools

Brian Armstrong gave engineers a week to sign up for GitHub Copilot or Cursor, then fired those who didn't have good reasons for not doing it. Sounds super brutal but I see it very similar to a CFO firing accountants for not using Excel. I also find it hilarious that Armstrong was strong-arming people. 💪🏼 Sorry. TECHCRUNCH ARTICLE | CHEEKY PINT PODCAST

Uv adds experimental code formatting with Ruff integration

Astral just added experimental formatting to uv, bringing Ruff's formatting directly into their Python package manager so you can format code without installing anything extra. UV FORMAT ANNOUNCEMENT | HACKER NEWS DISCUSSION

Zed raises $32M from Sequoia to build collaborative IDE with real-time version control

Zed raised $32M Series B from Sequoia to build DeltaDB, their new operation-based version control system that tracks every edit in real-time, not just commits. Super interesting to be able to have like an infinite undo tree.

But this doesn't solve the whole problem because you still need to have useful milestones to roll back to. I assume this will be paired with AI that notices and labels changes. Pretty cool stuff. Can't wait to see it in Claude Code. ZED ANNOUNCEMENT | ZED GITHUB | ZED JOBS | CRDT EXPLANATION

Every engineer taking sales calls led to a complete platform rewrite

A startup forced all their engineers to take customer sales calls, and within two weeks they'd completely rebuilt their platform based on what they learned. Something something change comes from pain. I think it's an ingenious idea, and related to something I heard a long time ago—forcing people to work in other roles inside of the organization just to grow empathy and perspective. REDDIT POST | HACKER NEWS DISCUSSION

Google rushes ahead of Apple with AI-heavy Pixel 10 phones

Google's new Pixel 10 series goes all-in on AI features like Visual Overlays that guide you through your camera view, Magic Cue that proactively suggests actions across apps, and Voice Translate that makes phone calls sound like each person speaking their native language.

As an Apple "religious" person, I have to be the first one to admit that Apple is stumbling in the last year or two with major innovations, and especially AI. I still think that once they solve the AI/Siri issue, they're going to jump way ahead. But I expected that to have already rolled out. This is made much worse for them by Google suddenly finding their vision and voice.

Even I am tempted by some of their new tech and some of their new phones. I feel like they are crushing it on the AI stuff. But I know people who have very recently tried to switch from Apple to Google and came back immediately because there's nothing like the ecosystem cohesion that Apple has. For multiple reasons, I continue to wait for Apple to figure out the AI/Siri story and regain their momentum. TECHCRUNCH COVERAGE | PIXEL 10 ANNOUNCEMENT

Getting on the Hacker News front page brings traffic but not conversions

Dan Moore shares what actually happens when you hit the HN front page after 12 years and 400+ successful posts—you get thousands of visitors and valuable feedback, but basically zero conversions. I can also confirm this after having had dozens of front page appearances. It's mostly just an, "oh my god, somebody is looking at me" rush. DAN'S HN FRONT PAGE ANALYSIS

HUMANS

ICE budget could jump to $88 billion under new deportation plan

House Republicans want to give ICE $88 billion for Trump's mass deportation plans, which would make its budget bigger than most countries' entire militaries. NEWSWEEK COVERAGE | HACKER NEWS DISCUSSION

Exercise has insane ROI that most people completely miss

Herman breaks down why exercise is the highest-leverage investment you can make—saying it's basically compound interest for your body and brain. HERMAN'S EXERCISE ROI ANALYSIS | HACKER NEWS DISCUSSION

The hidden management skill is knowing when to actually manage

Terrible Software explains that the most underrated management skill is knowing when to step back and let your team work without interference. Good article, but my favorite book on this is "The Dichotomy of Leadership" that talks about multiple extreme trade-offs that you have to manage constantly when managing. TERRIBLE SOFTWARE ARTICLE | HACKER NEWS DISCUSSION | THE DICHOTOMY OF LEADERSHIP BOOK

Margin debt hits record high as investors borrow to buy stocks

Hacker News discussion reveals margin debt has reached unprecedented levels, with commenters debating whether this signals market exuberance or rational leverage in a low-rate environment. ARTICLE | HACKER NEWS DISCUSSION

Scientists reverse brain aging in mice by reducing a single protein

UCSF researchers discovered that reducing FTL1 protein in old mice restored their memory and increased brain cell connections, basically reversing age-related cognitive decline. One of the most exciting prospects for AI to me is simply combing through massive amounts of data and finding tons of slack in the rope or easy tricks for doing all sorts of things, like improving cognition, reducing aging, and all sorts of stuff we're not even thinking about yet. SCIENCE DAILY COVERAGE

IDEAS

Context Orchestration for AI is mostly an engineering, or a traditional tech, problem—not a model problem. The issue is not the intelligence of the models but the quality of the systems that those models work within.

DISCOVERY

AGENTS.md as a standard way to guide AI coding agents

Really cool idea here of crowdsourcing context management and orchestration for AI tooling. The community created AGENTS.md, an open format that lets developers write simple markdown files telling AI agents exactly how to work with their codebases. AGENTS.MD SITE | HACKER NEWS DISCUSSION

Developer gets shadowbanned by Hacker News and asks for a real IP ban instead

Sean Conner discovered he's been shadowbanned from Hacker News and would rather just be banned at the IP level if they don't want him there. SEAN'S BLOG POST | HACKER NEWS DISCUSSION

Everything in the universe is correlated with everything else

Gwern Branwen explains why all variables correlate with each other in large datasets—it's not measurement error, it's that everything genuinely affects everything else through countless indirect causal chains. GWERN'S EVERYTHING ARTICLE | HACKER NEWS DISCUSSION

RECOMMENDATION OF THE WEEK

The two strongest predictors for longevity are:

VO2 Max

Strength

I recommend getting your VO2 max tested quarterly if you can, fairly cheaply, or wear a device like an Apple Watch that will give you some kind of estimation.

For strength, it's not any particular one test that matters - otherwise you could game the system. What matters is that you are overall strong. So I recommend whatever works for you in terms of regular resistance training.

Me personally, I do kettlebell swings and deadlifts and traditional gym resistance training for chest and back and shoulders and arms and such.

We don't even fully understand why being strong is such a predictor or even VO2 max. But it makes sense to me overall. I think it comes down to: If you have those things, that means other things are true as well - activity, blood flow, cardiovascular health, etc.

So, in a sentence, do the things that you need to do to improve these two metrics.

APHORISM OF THE WEEK

MEMBER EDITION TEASER

Enterprise AI rollouts are Context Orchestration Problems

A lot of people are skeptical of what AI can do for real businesses because they just haven't seen the impact at a deep, strategic level yet. To me, the reason for this is very simple: Most businesses have no idea how their businesses work. They can't tell you at any given time what projects they're working on, how much they're spending on what, which people are working on which projects, etc.

Most businesses, and especially start-ups, are essentially opaque balls of fiery magic. Honestly, it's a miracle that anything gets done at all. What a lot of people do is they bring AI into a company like that, where everything is extremely opaque and not well-documented. Or if it's documented, the documentation is extremely old. And they're like, "I tried this ChatGPT 4 thing, and it didn't fix everything! AI sucks!"

AI works best when you give it a system and say, "How should I fix this? What optimizations do you recommend? How can you improve this?"

GET THE MEMBER EDITION

You’re currently receiving the STANDARD edition.

Members also receive MEMBER-ONLY ESSAYS in their version, in addition to access to the extraordinary UL Member Community that includes vibrant conversations with over 1,400 of the smartest and kindest people you’ll find on the internet. Plus: the Member Archive, access to The UL Book Club, a monthly member meet-up, access to in-person events, and much more.

SUBSCRIBE OR UPGRADE
MEMBER LOGIN

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on August 25, 2025 09:40

← Previous 1 2 3 4 5 6 7 8 9 … 131 132 Next →

Daniel Miessler's Blog

Daniel Miessler's profile
19 followers

Daniel Miessler isn't a Goodreads Author (yet), but they do have a blog, so here are some recent posts imported from their feed.