Latest

Nicholas Carlini is a research scientist at Anthropic. He gave a talk at [un]prompted 2026 this week and said something that should concern every enterprise security team running Linux infrastructure. He used Claude Code to scan the Linux kernel source. Simple prompts. Loop over every file. Ask where the

Anthropic is now explicitly blocking Claude Code subscription plans from working with OpenClaw. If you have been running OpenClaw as a harness for Claude Code, your subscription access is no longer welcome there. This dropped on HN Friday and went straight to #1. 684 points. 563 comments and counting. The

The same researcher who used Claude to find the FreeBSD kernel RCE last week just published two more zero-days. Both are in tools installed by default on almost every system you are likely to be running right now. Vim has a remote code execution bug. The trigger is opening a

Qwen built something real in the open-source AI world. The smaller open-weight models, the community fine-tunes, the benchmarks that kept showing up on leaderboards — all of it earned Qwen genuine respect from developers who had no obligation to care about a Chinese AI lab. That reputation is now being tested.

The benchmark numbers from Google DeepMind's Gemma 4 release are hard to process in one read. Read them again. Then look at what Gemma 3 scored just a generation ago. Then go look at what GPT-4.5 posts on the same leaderboard. Gemma 4 31B sits at the

The Claude Code source leak is a security story. It is also a product story. And if you read the analysis that hit build.ms on April 1, it becomes something else entirely: a philosophy of software story. The author is a developer who openly uses vibe coding tooling. He

WordPress runs about 40 percent of the internet. It has been a remarkable run. It has also been a security nightmare for two decades. The fundamental problem has never been secret: WordPress plugins share a single namespace with the core application. A vulnerability in one plugin can compromise an entire