frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

What makes an AI coding tool worth paying for?

https://vibecodingagency.com/gpu-cloud/
1•vibeagency•1m ago•1 comments

Grok Faces a Trust Crisis After Developers Flag a Major Privacy Concern

https://www.inc.com/julie-lee/elon-musks-grok-faces-a-trust-crisis-after-developers-flag-a-major-...
1•baranul•2m ago•0 comments

Mozilla Syncstorage-Rs (Self-Hosted Firefox Sync)

https://mozilla-services.github.io/syncstorage-rs/
1•hosteur•2m ago•0 comments

Should a smartwatch track the user's emotions?

1•accofrisk•2m ago•1 comments

Always Go with a Monorepo

https://kore-nordmann.de/blog/always_go_with_a_monorepo.html
1•ingve•3m ago•0 comments

Rebuilding Our Notification Platform for Timely Notifications

https://www.patreon.com/engineering/posts/how-we-scaled-162544709
1•birdculture•6m ago•0 comments

Why Are Japanese Retail Traders Shorting the US Dollar?

https://www.disruptionbanking.com/2026/07/15/why-are-japanese-retail-traders-shorting-the-us-dollar/
1•emsidisii•10m ago•0 comments

Web Design Museum

https://www.webdesignmuseum.org/
1•fortuitous-frog•11m ago•0 comments

Code was our medium for thought

https://wattenberger.com/thoughts/code-is-a-medium-for-thought/
2•goranmoomin•12m ago•0 comments

Pebble July 2026 Update

https://repebble.com/blog/pebble-mega-update-july-2026
1•smig0•12m ago•0 comments

An Unprecedented Data Center Boom Means New Challenges for Texas

https://www.texastribune.org/2026/06/08/texas-regulation-data-centers-electricity-power-water/
2•turtleyacht•16m ago•0 comments

Semantic Primes (2018)

http://machinamenta.blogspot.com/2018/01/semantic-primes.html
1•txoria•16m ago•0 comments

Show HN: PixFinder – Free offline AI+OCR Image Search

https://pixfinder.app/
1•alexkh•16m ago•0 comments

AI eating software: IBM crash

https://www.bargo.ai/research/ibm-ai-capex-cannibalization
1•Kavon2992•19m ago•0 comments

SpaceXAI's Unpermitted Data Center Power Project Impacts Black Communities

https://gizmodo.com/spacexais-unpermitted-data-center-power-project-impacts-black-communities-ana...
2•baranul•22m ago•0 comments

Blog about hiring was written 23 years ago (Still valid)

http://www.aaronsw.com/weblog/hiring
2•rushil_b_patel•23m ago•0 comments

Decibri – unified audio layer for AI agents and Voice AI applications

https://decibri.com
2•vyrotek•29m ago•0 comments

Magic Cap OS

https://en.wikipedia.org/wiki/Magic_Cap
2•doener•30m ago•0 comments

Clean Up Kernel (2020)

https://lkml.org/lkml/2020/5/29/1038
2•downbad_•31m ago•0 comments

Show HN: VulnCast – open-source e-paper dashboard for live CVE/exploit Intel

https://github.com/vulnersCom/VulnCast
2•isox•36m ago•0 comments

We need to talk about the Bun Rust rewrite [video]

https://www.youtube.com/watch?v=kAjNWanR3n8
2•baranul•38m ago•0 comments

At last, a good reason to buy an AI PC: Reining in runaway token bills

https://www.theregister.com/personal-tech/2026/07/15/at-last-a-good-reason-to-buy-an-ai-pc-reinin...
3•raybb•38m ago•0 comments

PDF Batch Translator

https://github.com/markmatsu/pdf-batch-translator
2•markmatsushima•38m ago•0 comments

Show HN: A free tool that turns any AI topic into an interactive, cited lesson

https://prathibhax.com/
1•anandp1989•39m ago•0 comments

IBM loses quarter of its value as tech giant's shares plunge and profits falter

https://www.theguardian.com/technology/2026/jul/14/ibm-shares-profit-drop-value
2•ndsipa_pomu•39m ago•1 comments

Australia to establish government AI office, curb data centres' water use

https://www.reuters.com/world/asia-pacific/australia-establish-government-ai-office-coordinate-re...
2•1vuio0pswjnm7•41m ago•0 comments

Ask HN: Insightful research or longreads on core teams in IT?

1•sam_lowry_•43m ago•0 comments

Buffett severs donations to Gates Foundation following Epstein revelations

https://www.abc.net.au/news/2026-07-15/warren-buffett-stops-donations-to-gates-foundation/106915922
1•1vuio0pswjnm7•43m ago•0 comments

Fitting a Game onto a Floppy Disk: '1.44MB Game Development Contest' Announced

https://www.invenglobal.com/articles/23705/fitting-a-game-onto-a-single-floppy-disk-144mb-game-de...
2•rguiscard•44m ago•0 comments

Show HN: Spill It A local voice dictation app

https://tryspillit.com
1•mohavinash•44m ago•0 comments
Open in hackernews

I tricked Claude into leaking your deepest, darkest secrets

https://www.ayush.digital/blog/the-memory-heist
106•macleginn•1h ago

Comments

artisinal•44m ago
Doesn’t surprise me.

Yesterday I learned that people run AI agents on their system with full admin rights. No containerisation or anything. Wild. Like we forgot 50 years of computer security overnight.

sixtyj•29m ago
We expect that Anthropic or OAI or Google don’t do evil. Oh wait…

The awakening will be unpleasant.

progval•27m ago
Most programmers and power users install large dependency trees with npm/pip/bundler/... on the same user account as their main browser on a regular basis. Even on Linux where it's easy to create new user accounts. This isn't much different.
pprotas•23m ago
Wait till you learn my password is 1234
krige•16m ago
Damn, it's the same as on my luggage!
hobo123•8m ago
My password is strong, but I can run arbitrary commands with sudo.
mkagenius•16m ago
Mostly people are lazy and assume that the big labs can't be releasing unsecure software or it's their responsibility.

dangerously skip permissions and yolo is kinda becoming the default as it gets more done.

akazantsev•9m ago
That's because sandboxing is quite hard. I use `cco`, but even then, the home folder is exposed. You are one prompt away from the agent sending the browser passwords with curl.

To prevent this, you need a fake home and a networking whitelist for the agent to access the provider (llama cpp, OpenAI, etc.)

There is no cross-platform solution that is easy to use for this. And no, a Linux box with Docker won't do. I develop a cross-platform native app and want the agent to compile and fix the platform-specific errors.

swipee•43m ago
Expected more from Anthropic by at least giving you a bounty, because this was a novel way of bypassing their safeguards…
sixtyj•18m ago
> Upon discovering this attack, I responsibly disclosed it to Anthropic via their HackerOne bug bounty program. They confirmed they had identified it internally but hadn't yet patched it. No bounty was awarded.

They recently mitigated the issue: Anthropic disabled web_fetch's ability to follow links on external pages, limiting navigation to web_search results and user-provided URLs.

lifthrasiir•39m ago
That's why I don't turn memory on. (Claude Code too though for a different reason.) After all the current memory system is too crude to be useful anyway.
romanovcode•29m ago
In my experience memory system is more annoying then helpful. It always brings up things that it memorized even tho they make very little sense as if I should be impressed that it knows some extra thing or two.

Could not take it any longer and switched it off.

sixtyj•27m ago
Exactly, because I've also found that I have to give instructions like “This is a completely different case—don't look in memory.”
bflesch•37m ago
Creative use of social engineering, well done.

> "no bounty was awarded"

Ridiculous. Anthropic engineers are not just stupid to allow such a vuln in the first place, but they also try to hide such vulns from their bosses because a bounty payout would need to be explained to the finance team.

kennywinker•27m ago
I don’t think it counts as social engineering if it’s exploiting an llm, we might need a new word. Prompt injection doesn’t cover it, because it’s not about a malicious prompt.

I’m thinking some play on highjacking. AIjacking? Agent-jacking? Claudejacking?

bflesch•21m ago
To me the exploit chain sounded like a social engineering script done via telephone. Triggers like "Please spell your name and employer letter by letter" and "Due to security reasons I need to validate your hometown" fit my understanding of social engineering quite well.

We can make it sound more advanced by creating a new name for it, but the concept seems to be super basic and the lack of bounty by Anthropic is baffling.

If they know about this type of vulnerability but have not fixed it, what does that say? To me it says they are unable to plug this hole on a conceptual level and once you circumvent the band-aid fixes the model will work as the attacker wishes.

They can't even sandbox the thing during explicit web requests to URLs stated on the initial query!

One has to remind themselves that the security team at Anthropic gets paid tens of millions of dollars, and they end up with this kind of security. On top of it, they can't spare $1337 for a bounty. It's a ridiculous shit show.

charcircuit•37m ago
It would be safer if these data extraction takes were done by a subagent without access to all the user's memories.
lifthrasiir•33m ago
I think it is already done via a subagent, otherwise the context window would be flooded with long responses. In this case the subagent should've reported that a (attacker-controlled) authorization is required anyway.
onion2k•36m ago
The main thing Claude knows about me is that I'm incredibly bad at my job and have to ask for help a lot. If you were to talk with my colleagues they'd tell you this is not a secret.
apejcic•31m ago
Use GLM-5.2 on ZDR inference provider like sference.com
jorisw•22m ago
What?
LeoPanthera•29m ago
I always have history disabled mostly because I don't want Claude judging me for re-asking questions based on information I learned during the first pass but now realize should have been in the initial query.
0000000000100•27m ago
Hello? What model is was used?? The fact that ‘Claude’ is used instead of any hard model really puts this article in serious doubt…
djsjajah•5m ago
Pretty curious about this comment. I looked at your other comments and it’s hard to understand how they were written by the same person as the other comments on the account. Do you maybe need to call an ambulance?
marksully•24m ago
> despite holding more information than most password managers

what?

solids•24m ago
Things like this are what shatters the illusion of AGI
tjoff•20m ago
Not really, humans are about as easy to trick.
voidUpdate•11m ago
Are humans general intelligence? https://en.wikipedia.org/wiki/Social_engineering_(security)
AndrewThrowaway•21m ago
What is even more funny that AI agent spent A LOT of tokens while participating in this attack.
sixtyj•15m ago
Claude is just one from tuple.

It would be interesting to investigate other agents such as Hermes, OpenCode etc that are said to learn from interaction with user.

memjay•18m ago
Wondering how big of a percentage have global memory across chats enabled. I always feel like those memories would sooner or later have negative impacts on output quality.

Nice write up of your findings. Enjoyed reading an article written by a real human.

amanharshx•16m ago
Its always the feature combinations that get can get to you. Individually i feel like they make sense, but together they can create some surprising vulnerabilities.
tibzejoker•13m ago
i would be scared of the answer i dont know why
fragmede•8m ago
No bounty? For shame, Anthropic.
po1nt•7m ago
I love how claude focuses on exfiltrating the data "I need cha for charlotte". This could be solvable with some kind of low powered safety agent that would check claude's reasoning for anything immoral/unsafe. We could call it common sense. It won't fix the problem completely but at a certain point it would be easier to trick human than a machine.