Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2026/06/friday-squid-blogging-victims-of-unregulated-squid-fishing.html
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets.
Another news article.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Post Syndicated from Shashiraj Jeripotula original https://aws.amazon.com/blogs/devops/supercharge-your-cloud-operations-with-the-kiro-power-for-aws-devops-agent/
When an alarm fires at 2 AM, the first thing most engineers do is grep logs, check recent deployments, and trace code paths. However, the context they need — metrics, traces, topology, configurations — lives in a separate browser tabs and applications. What if your IDE could bring that cloud intelligence directly to your code, understand the full picture, and help you fix the issue end-to-end? Introducing, The Kiro power for AWS DevOps Agent removes that context switching by connecting your IDE directly to the AWS DevOps Agent, so you can investigate incidents, identify root causes, and generate fixes, all from the same place you write code.
This post is for developers and operators who develop applications using Kiro and want to troubleshoot production issues faster without leaving their editor. We’ll walk through how the power works, what it can do, and a step-by-step example of resolving a real incident.
The Kiro power for AWS DevOps Agent connects Kiro, the AI-powered IDE from Amazon, to the AWS DevOps Agent. It brings the production intelligence and release management in AWS DevOps Agent directly into your development environment — where you already plan, architect, debug, and ship code.
With this power installed, you can review your changes for production risks, investigate production incidents, optimize costs, review architecture, map service topology, and generate remediation code — all through natural language conversation, enhanced with the local context of your workspace.
Operating modern cloud applications means navigating a maze of interconnected services. A single user-facing error might require tracing through Amazon Elastic Container Service (Amazon ECS) tasks, Application Load Balancers, AWS Lambda functions, Amazon DynamoDB tables, and dozens of Amazon CloudWatch metric dimensions. Operators face persistent challenges:
AI coding agents have changed how fast code gets written, but the code review, testing, and pipeline processes that move code to production were designed for human pace and haven’t kept up. Teams face two persistent challenges:
Faster code generation without corresponding delivery automation simply moves the bottleneck downstream. The Kiro power for AWS DevOps Agent addresses this by bringing release management intelligence into the IDE so you can review changes for production risks and run exploratory release testing of your web and API applications. Any issues can be immediately mitigated before you even push your code changes.
A Kiro power is a curated package that gives Kiro specialized capabilities in a specific domain, in this case, AWS operations. When installed, the power provides Kiro with tool connections to your AWS environment, domain-specific knowledge (best practices, error recovery patterns), and instructions for routing your requests to the right workflow. Critically, the power combines your local workspace context (code, git history, configuration files) with cloud-side intelligence (metrics, topology, deployment history) — so Kiro understands both what your code does and how your infrastructure behaves. For a deeper look at the powers framework, see Getting started with Kiro powers
Each power typically includes:
The Kiro power for AWS DevOps Agent packages the full capabilities of AWS DevOps Agent into a single install for Kiro. Once enabled, Kiro gains the ability to converse with a specialized AI agent that has deep knowledge of your AWS infrastructure, your operational history, and AWS best practices.
You can do the following with this power:
The power provides two complementary workflows that Kiro selects automatically based on your request:
The following diagram shows how Kiro combines local workspace context with the DevOps Agent’s cloud intelligence:
Figure 1: Kiro combines local workspace context with the DevOps Agent’s cloud intelligence through the AWS DevOps Agent MCP Server.
Before using the power, ensure you have:
The power works with any agent space that has active data sources. The more data sources connected, the richer the investigations and recommendations.
Setting up the power takes only a few steps. You can install it directly or follow these steps:
Figure 2: Kiro powers panel showing the Kiro power for AWS DevOps Agent
After installation, you should see the Kiro power for AWS DevOps Agent listed in the powers section of the Kiro panel. Navigate to mcp.json file and change these values accordingly, and save the config file.
In the MCP Servers panel, you will see DevOps Agent MCP connected and also displays list of tools. The power activates automatically when you mention relevant keywords like incident, cost optimization, architecture review, or topology in your conversation.
Figure 3: MCP Servers panel showing the AWS DevOps Agent MCP and connected tools
Let’s walk through a realistic scenario. Your team receives a CloudWatch alarm: an Amazon ECS service is returning HTTP 503 errors and task restarts have spiked.
In Kiro, you type:
“My ECS service checkout-api is throwing 503 errors. The alarm fired 10 minutes ago. Here’s the error from my logs: Connection pool exhausted, max connections 50 reached.”
Because Kiro has access to your workspace, it automatically includes relevant context — your task definition, your connection pool configuration from application.yml, and your recent git commits.
Kiro routes this to the investigation workflow. You see real-time progress as findings stream in:
The DevOps Agent returns a detailed analysis:
Root cause: The database connection limit (50) is shared across all ECS tasks. When the auto-scaling policy added tasks at 08:47 UTC, each task attempted to open 50 connections, exceeding the Amazon RDS max_connections parameter (100).
Recommendation and Mitigation: Reduce the per-task connection pool to max_connections / max_tasks (100 / 5 = 20 per task), or increase the RDS instance class to support more connections.
You ask Kiro to implement the recommendation. Because it has access to your application.yml and your AWS CloudFormation template, it generates a targeted fix:
The fix is applied directly in your workspace, ready for review and commit.
If your team manages multiple applications, each with its own DevOps Agent agent space, you can switch between them naturally. Kiro lists available agent spaces and routes your question to the right one.
The Kiro power for AWS DevOps Agent brings the full operational intelligence of AWS DevOps Agent into the IDE where you already work. By combining your local workspace context with cloud-side analysis, it closes the loop from detection to remediation without context switching.
Whether you are triaging a production incident, optimizing costs across services, or onboarding a new team member who needs to understand your infrastructure, the power provides contextual answers grounded in your actual AWS environment.
Install the Kiro power for AWS DevOps Agent today and experience AI-powered cloud operations in your IDE. To learn more, visit the Interfacing with AWS DevOps Agent and the Kiro powers documentation.
 |
Tipu Qureshi Tipu Qureshi is a Senior Principal Technologist in AWS Agentic AI, focusing on operational excellence and incident response automation. He works with AWS customers to design resilient, observable cloud applications and autonomous operational systems. |
 |
Shashiraj Jeripotula (Raj) Shashiraj Jeripotula (Raj) is a San Francisco-based Principal Partner Solutions Architect at AWS. He works with ISV and AWS partners to build deep integrations across observability, AI, and agentic development tooling — helping developers leverage AI agents, Model Context Protocol (MCP), and shift-left observability to build responsible, production-ready AI systems on AWS. |
Post Syndicated from Curious Droid original https://www.youtube.com/watch?v=U4t59a3y-Ww
Post Syndicated from LastWeekTonight original https://www.youtube.com/shorts/uT6aNppDqqc
Post Syndicated from jzb original https://lwn.net/Articles/1078708/
Systemd
v261 has been released with a long list of changes including a new
cloud “Instance Metadata Service” (IMDS) subsystem, “boot secret”
functionality for use on systems that lack a physical TPM, as well as
support for the kernel’s Live Update Orchestration (LUO) / Kexec
Handover (KHO) systems when they are present and enabled. See the
release notes for the full list of changes.
Post Syndicated from Alan David Foster original https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-19-06-2026
This week’s release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_self module coerces the local machine account to authenticate via OpenEncryptedFileRaw (WebDAV), relays that NTLM authentication to a Domain Controller’s LDAP service, then uses the resulting LDAP session to write Shadow Credentials and obtain a Kerberos service ticket as Administrator via S4U2Proxy, enabling PsExec back to itself for SYSTEM access.
On the enhancement side, the new MCP server plugin lets AI tools assist operators directly within a running msfconsole instance, and module check codes now return richer detail for users.
Authors: Sagilayani https://github.com/sagilayani and h00die-gr3y [email protected]
Type: Exploit
Pull request: #21547 contributed by h00die-gr3y
Path: linux/http/paperclipai_unauth_rce_cve_2026_41679
AttackerKB reference: CVE-2026-41679
Description: Adds an exploit module for CVE-2026-41679 which exploits Paperclip. An unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. The entire chain is six API calls.
Author: bootstrapbool [email protected]
Type: Exploit
Pull request: #21371 contributed by bootstrapbool
Path: multi/http/xerte_unauthenticated_mediaupload
AttackerKB reference: CVE-2026-41459
Description: Exploits authentication failure (CVE-2026-34413), extension blacklist (CVE-2026-34415), and path traversal (CVE-2026-34414) vulnerabilities in Xerte Online Toolkits versions 3.15 and earlier.
Author: h00die
Type: Exploit
Pull request: #21465 contributed by h00die
Path: multi/persistence/vscode_extension
Description: Adds a new persistence module that achieves persistence by installing a malicious extension into a user’s VS Code extensions directory. The next time the target opens VS Code, the extension executes and delivers a shell back to the attacker.
Author: jheysel-r7
Type: Exploit
Pull request: #21430 contributed by jheysel-r7
Path: windows/local/ntlm_relay_2_self
Description: Adds a module that exploits the NTLMRelay2Self attack. It requires a low-privilege user session on a Windows host.
Authors: 0xdeadbeefnetwork and bhaskarbhar
Type: Post
Pull request: #21472 contributed by bhaskarbhar
Path: linux/gather/cve_2026_46333_chage
AttackerKB reference: CVE-2026-46333
Description: Adds a post module that leverages CVE-2026-46333, a vulnerability in the Linux kernel whereby a race condition exists when tearing down a process. A local attacker can exploit this to obtain file handles they would not otherwise have access to. In the exploit, this is leveraged to leak the contents of the /etc/shadow file.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
Post Syndicated from daroc original https://lwn.net/Articles/1076210/
BPF programs can be used to extend many aspects the Linux kernel, but
BPF programs must run to completion in the same context that they began.
Kumar Kartikeya Dwivedi is working on changing that by
allowing BPF programs to be expressed as coroutines. He spoke about his work at
the 2026
Linux Storage, Filesystem, Memory-Management and BPF Summit. While
still experimental, the change promises to make long-running BPF tasks
significantly easier to write.
Post Syndicated from The Atlantic original https://www.youtube.com/watch?v=SPQNPJ0CEPo
Post Syndicated from BeardedTinker original https://www.youtube.com/watch?v=27a0ysIcHag
Post Syndicated from jzb original https://lwn.net/Articles/1077619/
The Arch User Repository (AUR) has
been subjected to a sustained attack recently. The attacker, or attackers, have
spun up a series of new accounts then used them to adopt orphaned
packages and push malicious updates that would install malware on users’ systems.
It is unclear how many users were compromised in the attack, but the maintainers
were playing Whac-A-Mole for several days to respond to each newly compromised
package. The project has turned
off the AUR’s new-user registration, for now, but it is unclear what its
long-term response will be or if the AUR can be secured without major changes to
its existing collaboration model.
Post Syndicated from Jean-Sébastien Dominique original https://aws.amazon.com/blogs/big-data/introducing-private-networking-for-amazon-mq-for-rabbitmq/
With Private Networking for Amazon MQ for RabbitMQ, your brokers can establish outbound connections to private resources in your VPC without exposing those resources publicly. This post explains how the feature works and walks you through setting it up.
Amazon MQ for RabbitMQ brokers could previously only reach external destinations over the public internet. If you used a private Lightweight Directory Access Protocol (LDAP) server for broker authentication, you had to expose that server publicly. If you wanted to federate messages between private brokers, you needed workarounds like Network Load Balancers with IP allowlisting, as described in Implementing Federation on Amazon MQ for RabbitMQ Private Brokers. Private Networking removes those constraints.
You can connect your broker to private identity providers, other Amazon MQ for RabbitMQ brokers, or self-hosted RabbitMQ brokers running in private subnets. Combined with cross-Region networking services like AWS Transit Gateway, you can extend these connections across AWS Regions and accounts, with traffic staying on the AWS private network.
Private Networking connects your broker to private destinations using three AWS services: Amazon VPC Lattice, AWS Resource Access Manager (AWS RAM), and AWS PrivateLink.
You create a VPC Lattice resource gateway in a VPC that can reach your private destination. You then create a VPC Lattice resource configuration that defines the destination, such as an IP address or Domain Name System (DNS) name. You add the resource configuration to a RAM resource share and associate the resource share with your broker through the UpdateBroker API operation. After rebooting the broker, the network path is active and your broker can reach the private destination.
The broker does not need to be private. A publicly accessible broker works the same way.
Private Networking supports three use cases.
If you use an LDAP server or other identity provider for RabbitMQ authentication, you no longer need to expose it publicly. Create a resource configuration pointing to your identity provider, associate it with your broker, and use the DNS name returned by the DescribeSharedResources API operation in place of the public endpoint. Follow the existing guidance for setting up an identity provider, substituting the private DNS name.
You can use Shovel or Federation to connect your Amazon MQ for RabbitMQ broker to a self-hosted RabbitMQ broker running in a private subnet. Create a resource configuration pointing to the self-hosted broker and use the DNS name from the DescribeSharedResources API operation in your Shovel or Federation configuration.
This pattern is useful for hybrid cloud architectures where you run RabbitMQ on Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), or on-premises infrastructure and want to exchange messages with Amazon MQ without exposing either side publicly.
You can federate or shovel messages between two Amazon MQ for RabbitMQ brokers using Private Networking. Create a resource configuration pointing to the destination broker’s endpoint and specify that same endpoint as the custom domain name on the resource configuration. This helps to verify that the DNS name resolves correctly and Transport Layer Security (TLS) peer verification succeeds.
This extends to brokers in different AWS Regions and different AWS accounts. By combining Private Networking with cross-Region networking services like AWS Transit Gateway or VPC peering, you can build a fully private federation or shovel path between brokers, with no public endpoints required.
Each resource configuration can include a custom domain name. If you add a verified domain, that domain resolves to the private destination. If you do not add a verified domain, Amazon MQ provides a DNS name for the broker’s private connection. Retrieve this DNS name with the DescribeSharedResources API operation.
If you specify an unverified domain on a resource configuration, it is ignored. The broker’s private connection receives a private DNS name instead, which you can retrieve with the DescribeSharedResources API operation.
For more details on custom domain names and domain verification with VPC Lattice, see Custom domain names for VPC Lattice resources.
RabbitMQ 4 enforces TLS certificate peer verification by default for Shovel and Federation connections. RabbitMQ 3 does not enforce this by default. When using Private Networking, the DNS name that Amazon MQ assigns to the private connection will not match the TLS certificate of the destination, which causes peer verification to fail.
The recommended approach is to specify the destination broker’s endpoint (for example, b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.mq.us-east-1.on.aws) as the custom domain name on the resource configuration. This exception only applies to Amazon MQ for RabbitMQ broker endpoints. You cannot use an unverified domain for self-hosted brokers. Specifying the Amazon MQ endpoint causes the DNS name to match the destination’s TLS certificate, and peer verification succeeds. This approach works regardless of your RabbitMQ version and avoids the issue entirely.
To get started with Private Networking for Amazon MQ for RabbitMQ, follow these steps.
Before you begin, verify you have the following:
After you have the prerequisites, follow these steps:
Figure 1: VPC Lattice resource configuration showing the custom domain name field and resource definition populated with the Amazon MQ broker endpoint.
Figure 2: RAM resource share configuration with the Allow external principals option selected.update-broker command with the AWS CLI. You must pass the entire list of resource share ARNs you want on the broker. This is a put operation, not an add or remove operation.
The associated RAM resource share appears as shown in the following figure.
Figure 3: Network settings view with associated RAM resource shares.
Select the resource share in the Associated RAM resource shares section. The network status of each shared resource is displayed in the Shared resources section, as shown in the following figure.
Figure 4: RAM resource share selection showing the network status of each shared resource.
update-broker and reboot the broker for the new resource configurations to take effect.Private Networking uses VPC Lattice and PrivateLink resources that incur ongoing charges. If you no longer need the private connection:
update-broker with the resource share removed from the list (or an empty list to remove all), then reboot the broker.delete-broker command.Removing a VPC Lattice resource configuration from a RAM resource share while the broker is actively using it revokes access immediately, with no reboot required. Removing a principal from a RAM resource share has the same effect: brokers associated through that principal lose access to the resources in the share immediately. These are intentional security behaviors managed by RAM and VPC Lattice.
Adding new resource configurations to an existing resource share does not take effect automatically. You must call update-broker and reboot the broker for the new resource configurations to take effect. This is by design. It helps verify that changes to a resource share only reach the broker when someone with broker management permissions explicitly triggers the update, providing clear security separation between share management and broker management.
Private Networking is available for Amazon MQ for RabbitMQ brokers in all the AWS Regions where Amazon VPC Lattice is available. Amazon MQ for ActiveMQ brokers do not support this feature.
Private Networking uses Amazon VPC Lattice and AWS PrivateLink. Data processing and data transfer charges apply to traffic sent through the private connection. There is an Amazon MQ pricing of $0.01 per GB of data processed through the resource endpoint. For details, see the Amazon MQ pricing page, VPC Lattice pricing page and AWS PrivateLink pricing page.
In this post, we explained how Private Networking for Amazon MQ for RabbitMQ works and walked through the setup process. Whether you’re securing a private identity provider, federating messages between brokers, or connecting to self-hosted RabbitMQ, your broker can now reach private destinations without exposing them publicly.
To learn more, see the Amazon MQ Private Networking documentation.
If you have questions or feedback, leave a comment on this post.
Post Syndicated from jzb original https://lwn.net/Articles/1078662/
Security updates have been issued by AlmaLinux (dracut), Debian (chromium, firefox-esr, and thunderbird), Fedora (chromium, firefox, nss, ocserv, ongres-scram, ongres-stringprep, perl-Archive-Tar, perl-GD, perl-HTTP-Daemon, perl-Net-Statsd, restic, singularity-ce, util-linux, and vorbis-tools), Mageia (gstreamer1.0-*, libupnp, luajit, opensc, and ruby-rack), SUSE (curl, dnsmasq, ffmpeg-4, frr, google-osconfig-agent, java-1_8_0-ibm, kernel, krb5, kubernetes-old, ldns, liburiparser1, openvswitch, rootlesskit, strongswan, traefik, and trivy), and Ubuntu (ldns, libheif, libnet-cidr-lite-perl, lxd, tomcat11, and vim).
Post Syndicated from Sid Chatterjee original https://blog.cloudflare.com/temporary-accounts/
Everyone’s writing code with AI agents today. But the moment an agent needs to deploy something — and needs to sign up and create an account — it slams face-first into a wall built for humans: a browser-based OAuth flow, a dashboard to click through, an API token to copy-paste, a multi-factor authentication prompt to satisfy. For an interactive copilot sitting next to a developer, that’s annoying. For a background agent, it’s a hard stop.
Today we’re rolling out Temporary Cloudflare Accounts for Agents.
Agents can now deploy websites, APIs, and agents right away, without first needing to sign up for an account.
Any agent can now run wrangler deploy –temporary and deploy a Worker to Cloudflare. This temporary deployment stays live for 60 minutes, during which time you can claim the temporary account, making it permanently your own. If you don’t, it expires on its own.
Our goal? Let your agent code and ship.
Frictionless temporary accounts matter more than it might first seem:
Background AI sessions have no human in the loop, and are becoming the norm. Any auth step that needs a browser, a copy-paste, or “click here in 60 seconds” means an agent gets stuck and may choose to deploy elsewhere.
Trial-and-error is the agent’s superpower. Agents need a tight write → deploy → verify loop. They need cheap, throwaway deployment targets, so they can curl their own output and decide whether they got it right.
Agent platforms are building their own ways for deploying code to “just work” without extra steps or credentials. People are starting to expect that this process just works, without the need to sign up for other services that they’ve not used before or heard of.
Temporary accounts are built around Wrangler, our Developer Platform command-line interface (CLI) tool that lets developers bootstrap new projects, manage their configurations and resources, and deploy and update them.
Wrangler usage is widely documented online and agents know how to use it very well. But if you hadn’t yet signed in and granted Wrangler permission to your Cloudflare account, when the agent tried to deploy, it would get stuck at the sign-up and authentication step. And you might rightly ask: How do agents and LLMs know that this new –temporary flag in Wrangler exists, so that they actually use it without a human explicitly telling them to do so?
To solve this, we updated Wrangler to prompt the agent with a message that tells it about the –temporary flag:
When the agent discovers this, and then runs wrangler deploy again with the –temporary flag, Cloudflare provisions a temporary account for the agent to use, gives Wrangler an API token to work with, and provides a claim URL that the agent can give back to the human.
Make sure you’re using the latest Wrangler release, fire up your favorite coding agent, and write a prompt to deploy a “hello world” app in build mode:
Make a very simple hello world Cloudflare Worker in TypeScript and deploy it using wrangler, don't ask me questions, do the best you can
The agent will run wrangler, pick up the –temporary flag from the output messages, build your script, and deploy it instantly, no human in the loop required:
As you can see, the agent wrote the script, deployed it using the –temporary flag, curled the preview link it got from the output, and verified that the result matches the code.
This is great, but agentic coding is often not about one single deployment. A session can go through a cycle of multiple code changes. This is not a problem: the agent can iterate on the Worker script and redeploy the changes as many times as it wants (within the 60-minute claim window). Type this prompt:
Now change hello world to "hello cloudflare" and redeploy
Look at the agent changing the source code, reusing the previously created temporary account, redeploying a new version and rechecking the result:
At any point, you can claim the temporary account and make it yours permanently. When you click the claim link you will be taken to a page where you can either sign up for or sign in to Cloudflare, and then claim the temporary account that your Worker was deployed to. This includes claiming not just Workers, but resources like databases and other bindings, too.
If you do not claim these temporary accounts within 60 minutes, they will be automatically deleted.
This is just one way we’re eliminating the signup barrier for agents. We recently announced a partnership with Stripe and a new protocol we co-designed that lets agents provision Cloudflare on behalf of their users — creating an account, starting a subscription, registering a domain, and getting an API token to deploy code, with no copy-pasting tokens or entering credit card details. Last month, we collaborated with WorkOS on the launch of auth.md, which anyone can adopt, to let agents provision new accounts using well-established, existing OAuth standards.
There’s a ton going on in this space, and we’re excited to keep making it easier for agents to use Cloudflare, and for developers to make their own apps agent-ready. Temporary accounts are one more step toward frictionless agentic deployments — stay tuned for more.
Temporary accounts have some limitations, and their capabilities may change over time; check the developer documentation for more information and then go build something. Point your agent at Cloudflare, see how far it gets, and tell us what we can improve or what delights you — share what you’ve built on X or hop into the Cloudflare Community.
Post Syndicated from The Atlantic original https://www.youtube.com/shorts/eDaRjxOXl0M
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=1AJW1oZC7bc
Post Syndicated from The Atlantic original https://www.youtube.com/watch?v=kzWFfXpIRiE
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2026/06/anthropics-fable-and-the-state-of-ai.html
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone.
The government’s actions won’t help. The problem isn’t any one particular model; it’s the general trend of increasing AI capabilities. And any real solution requires the sort of collective action that just isn’t possible right now.
Fable is the constrained version of Mythos, the AI model Anthropic announced in April. Anthropic only released it to a few selected organizations, because the company claimed it was so good at finding and exploiting vulnerabilities in computer code that releasing it more generally would be dangerous.
It was an obviously self-serving announcement, and because few were able to verify Anthropic’s claims they were met with some skepticism. Those with access used Mythos to find and patch many vulnerabilities in their own software. But one UK group found the latest, already public, OpenAI model to be just as powerful.
Fable is just another incremental improvement in the years-long climb of AI capabilities. But just as important as the AI model is the “harness.” This is typically not AI. It’s ordinary computer code that interfaces with the user. It stitches together AI models, decides how and for what purposes they can be used, and gives them useful tools such as web search and the ability to run their own computer code.
When Mythos first entered limited release, there was widespread debate whether its power came from the model or the harness. With Mythos demonstrating that it was possible, the open-source community scrambled to build harnesses that could steer other AI models towards similar capabilities. Harness improvements don’t need massive data or data centers.
They largely succeeded. For example, a Prague company was able to replicate Anthropic’s few verifiable cybersecurity capabilities with a much smaller and cheaper model—and a more sophisticated harness. Last week, a group showed that multiple cheaper models harnessed in concert matches Fable’s performance.
The broader community had only a few days with Fable, but that time we learned some about its capabilities. Its difference is less the new model’s raw analytical and problem solving capabilities, and more that the model doesn’t need that sophisticated harness.
Fable requires much less expertise and detailed prompting from the human user. You can give it a difficult goal and it will figure out novel and unexpected ways to satisfy it, finding loopholes in whatever constraints you or the system have imposed on it.
“Relentlessly proactive” is how AI researcher Simon Willison described it. Another descriptor might be “creative.” Experienced AI developers have had that combination of creativity and proactivity since last year, but Fable puts it within easy reach of everyone.
In the hands of someone with a legitimate problem that needs solving, that can be an incredibly useful capability. But in the hands of someone who wants to do harm, it can be equally dangerous. AIs don’t have a moral compass in the same way that people do. They are agents of the wants and desires of the people who prompt them.
That points to the real problem with relentlessly proactive AI. In language, wants and desires are always underspecified. If I ask you to get me some coffee, you would probably pour me a cup from the coffeepot, or buy one from a nearby coffee shop.
You couldn’t buy me a pound of raw beans, or a coffee plantation. You wouldn’t order a cup of coffee for delivery next month. You wouldn’t find a nearby person, rip a cup of coffee out of their hands, and bring it to me. I wouldn’t have to specify any of the million limitations to my request; you would just know.
Human stories are filled with warnings about underspecified desires. King Midas wished that everything he touch turn to gold, forgetting to add “but not my food, drink, and daughter.” And genies are notorious for granting your wish in a way you wish they hadn’t.
The deeper point is that it’s impossible to list all limitations and restrictions, and like a malicious genie, a creative AI will find the ones you forgot. Block a database you don’t want it to have access to, and it might figure out how to bypass your control. Ask it to book a flight, and it might hack the airline because the website says the flight is sold out. Ask it to save money on your cellphone plan, and it might cancel it altogether—or get someone else to pay for it. As far as we know now AI has not done any of this yet, but you get the idea.
Malicious intent is not required. To an AI model, constraints are just things to get around and not general truisms about the world. They are creative problem solvers and natural rule breakers. They “hack” in the sense that they find and exploit loopholes.
Human systems rely on so many norms that we scarcely recognize the existence of until they are broken. AIs naturally think outside the box, because they don’t have any real conception of what the box is or why it’s there in the first place.
There is no foolproof way to prevent people from using AI models to complete harmful tasks. There is no way to prevent the models from incidentally causing harm while completing benign tasks. AI models are no longer isolated from the real world. They browse the internet and answer emails.
They trade stocks and make purchases. They control physical systems. They are, in effect, robots that affect life and property. We have no technical mechanisms to verify the integrity of an AI system. This level of capability and creativity in the hands of us untrustworthy humans will have both great and terrible results.
The problem is not unique to Anthropic. Mythos/Fable might currently be the most capable rules hacker, but more sophisticated harnesses give other models similar capabilities. And we should assume that the other frontier models are no more than a few months behind, and that open-source models are less than a year behind. At best, any ban only serves to delay the problem for a short while.
That delay might be useful if we—as a society, as a planet—would use that time to come together and figure out what to do. This isn’t a US/China arms race problem; this a species-level problem that requires coordinated action at that scale. Unfortunately, we have no mechanism to do that. I first wrote about this problem five years ago, but it was all too futuristic.
Today, when its right in front of us, there is no world government that can impose constraints on the for-profit corporations currently controlling AI models and research. The US has no appetite to effectively and even-handedly regulate those corporations, even as they do catastrophic damage to the environment, democracy, and—in this case—society in general.
This all makes an AI public option all the more necessary, and urgent. Today’s AIs can be fast, smart and secure, but only two of the three are possible for any given system. These safety tradeoffs are tightly held secrets of companies racing to beat one another, and they tell us we have to trust them. Instead, the choices and their consequences need to be brought out into the sunlight.
We should be funding open-source harnesses that balance capability and safety—that achieve useful goals without so much power—and open-source AI models whose provenance and biases are public and well understood. We have opened the AI Pandora’s box. Now we have to make the best of it.
This essay originally appeared in The Guardian.
Post Syndicated from Емилия Милчева original https://www.toest.bg/peevski-olekva-ne-suvsem-ne-suvsem/
Поглед от дрон върху българската политика показва, че на повърхността като коркова тапа плува и не потъва Делян Пеевски. Свързаните с него мрежи не му позволяват да потъне. Политиката също има свой Архимедов закон:
И санкционираният от САЩ и Великобритания за значима корупция олигарх е все така непотопяем. Той е лидер на парламентарно представена партия – ДПС, председател на парламентарна група, с него се среща външният министър на Турция Хакан Фидан, след като е разговарял с премиер, президент и министри. Независимо дали се харесва на Анкара, или не, но към момента Пеевски е водачът на партия, чиито избиратели са предимно български мюсюлмани, и в Турция отчитат този факт.
Срещата на Фидан с Пеевски ще повлияе и на избора на главен мюфтия, насрочен за 21 юни (неделя). Конкуренцията е между Ахмед Бахадър, известен като кандидата на Пеевски, и Ведат Ахмед, настоящ председател на Висшия мюсюлмански съвет. Спекулациите са, че ще спечели Бахадър и това е обвързвано и с помощта, която получава мюсюлманското вероизповедание от Турция. Ако е в полза на Бахадър, изборът ще подсили позициите на Пеевски.
А политическите страсти около неговата персона поутихват.
„Продължаваме промяната“ и „Демократична България“ не предлагат санитарен кордон около него. Управляващата „Прогресивна България“ и премиерът и неин лидер Румен Радев не споменават разграждането на олигархичния модел, в амнезия са и чии имена носеше въпросният модел. ГЕРБ бездруго не е поставяла под съмнение политическата легитимност на Пеевски, все пак заедно утвърждаваха модела, започнат от НДСВ и БСП.
Така кръгът се затваря. А плуването продължава.
То ще става все по-уверено след избора на нов Висш съдебен съвет, който пък ще избере нов председател на Върховния административен съд и нов главен прокурор. След заседанията на парламентарната Правна комисия вече е ясно как ще се филтрират кандидатите – няма да има разширени проверки на имуществото им, нито смесени съдебни състав да разглеждат дисциплинарните и кадрови въпроси. Няма да декларират собственост в недвижими имоти и участие в търговски дружества извън България, както и членства в тайни организации и неформални общества. Тоест без информация за имотите в чужбина и офшорните сметки и принадлежност към масонски ложи.
Контролираната подмяна, на която сме свидетели, не е съдебна реформа. Тя не налага системен ветинг и реподбор. Всички онези съдии и прокурори, обвързани с хората с прякори (Пепи Еврото, Красьо Черничкия, Мартин Нотариуса), ще продължат безнаказано да изпълняват поръчки и ще ги наричат „правосъдие“.
Пеевски харесва това.
Заради отцепване на местни структури от овладяното от Пеевски ДПС се появиха прогнози, че краят е близо – „напускат потъващия кораб“ и т.н. А и ДПС под ръководството на Пеевски постигна най-слабия си резултат досега – 230 693 гласа на последните избори, и получи 21 депутати.
Това е с близо 50 000 гласа по-малко от предишния вот, което се равнява приблизително на гласовете от Кърджалийски район (по традиция най-силният за ДПС).
Но ситуацията се променя.
След година в отбора на Пеевски Общинският съвет на ДПС в кърджалийската община Кирково подаде оставка.
Напускат и шестимата кметове на села в Нови пазар, 26-членното общинско ръководство на партията, в това число и общинските съветници, които се обявяват за независими. Готовност да последват примера на Кирково и Нови пазар има и в други райони. Засега обаче реални стъпки няма.
Дали става дума за вътрешна криза, ускорена от появата на нов политически субект като Радев и неговата формация, или за тенденция на политическо отслабване, е рано да се каже. До местните избори през 2027 г. остават 16 месеца.
За да се вкорени във властта, „Прогресивна България“ ще трябва да измести монополистите в местното управление – ГЕРБ и ДПС. Този процес неизбежно преминава през смяна на едни лагери с други – защото всеки кмет върви със своята бизнес клиентела, а зад него е и съответната партийна структура.
Отливът на няколко дребни структури все още не е лавина. Отприщването на лавина зависи от тежестта на Пеевски и дали ще се появи политическа воля да бъдат демонтирани механизмите, които превръщат влиянието му в траен фактор в политиката. Но и от това дали българските турци, които десетилетия наред свикнаха да мислят политическото през етноса, ще се влеят в другите партии, или ще предпочетат „своята“ си.
Така че на ход са Румен Радев и неговото мнозинство.
Отговорът на Пеевски срещу локалните бунтове идва с промяна в ръководството на партията и с пакет законодателни промени. За да не остави впечатление за колебание, Централният съвет на ДПС смени заместник-председателите Йордан Цонев и Станислав Анастасов, а Хамид Хамид и Байрам Байрам изпаднаха от Централното оперативно бюро (ЦОБ). Всеки от тях е знаково лице. Цонев e неизменно в парламента, където влезе през 1997 г. от ОДС, но продължи като верен на ДПС и Ахмед Доган, а с появата на Пеевски пренасочи лоялността си. Байрам и Хамид станаха известни с арогантното си поведение.
На мястото на изпадналите в ЦОБ влязоха Айтен Сабри и Атидже Алиева-Вели – лидерът започва да лансира повече жени при новата власт още от началото на 52-рия парламент, непосредствено след слабия резултат на изборите.
За лидерски партии като ДПС това е очаквана първа реакция при пробив. И Пеевски, и Борисов никога не са имали проблем да жертват най-близки съратници, ако им носят негативи и не контролират достатъчно структурите.
Заради видимото електорално олекване Пеевски се опитва да обедини ДПС. Депутатите му внасят пакет от промени в Закона за гражданската регистрация, в Закона за политическата и гражданската реабилитация на репресирани лица и в Изборния кодекс, които засягат теми с дълбок емоционален и исторически заряд за турската и мюсюлманската общност. Те изглеждат като опит да бъдат върнати разколебаните избиратели след най-слабия резултат в историята на ДПС.
Особено важни са предложенията за Закона за гражданската регистрация. Те предвиждат имената, насилствено наложени по време на т.нар. Възродителен процес, да бъдат окончателно заличени от регистрите на ЕСГРАОН и да бъде въведена изрична забрана държавни служители да изискват от гражданите данни за тези имена. Законопроектът предлага също механизъм за възстановяване на имената на починали български граждани, станали жертва на насилственото преименуване. В отделен законопроект ДПС настоява добавката към пенсията на репресираните да бъде преобразувана в самостоятелна пенсия за репресия, с което да се подчертае специалният статут на пострадалите от комунистическия режим.
Паралелно с това ДПС предлага отпадане на изискването за уседналост при местните избори и изборите за Европейски парламент, както и премахване на езиковите ограничения за граждани на ЕС, които не са български граждани. Това е най-важната промяна и тя не се обсъжда за първи път.
Ако бъде приета, означава, че за местни избори отпада изискването за 6 месеца адресна регистрация в дадено населено място, за да може да гласува там. Срещу отпадането на 6-месечния срок винаги са стояли възраженията, че е бариера срещу т.нар. изборен туризъм – практиката партии да регистрират (купуват) голям брой хора на един адрес точно преди вота, за да манипулират резултатите.
Но тази законодателна активност на Пеевски не е само възстановяване на историческа справедливост, а и целенасочен опит да бъдат мобилизирани нови и стари избиратели в момент, когато влиянието на ДПС започва да се пропуква.
Случващото се в ДПС подсказва възможната стратегия на Румен Радев и „Прогресивна България“ в смесените райони. Спекулациите, че в партийното строителство на новата формация участва и Цветан Цветанов, някогашният Втори в ГЕРБ, насочват именно към подобен сценарий.
Благодарение на него преди години ГЕРБ успя да направи пробив в населени места, доминирани от ДПС. Принципът беше прост: няма значение дали Иван, или Хасан е начело на листа, важното е местният лидер, активът и зависимостите около него да преминат към новия политически център. След тях – и избирателите. В българската политика електоратите може и да изглеждат относително устойчиви, но в някои региони местните мрежи са подвижни.
Два индикатора ще покажат дали отдръпването от ДПС на Пеевски е процес: ще напуснат ли областни лидери и къде ще бъдат привлечени разочарованите кадри.
Впрочем седмица преди заседанието на Централния съвет Пеевски отстрани Ерджан Ебатин като областен председател на ДПС във Варна заради скандала с мащабното незаконно строителство в местността Баба Алино. Под носа на местната и изпълнителната власт за три години там изникна селище с над 100 постройки, част от които вече и обитавани. Ебатин е дългогодишен директор на РИОСВ – Варна, запазил поста си при куп правителства и отстранен при кабинета на Румен Радев. Неговото име беше замесено в издаването на разрешителни документи за проекта, дело на украинеца Олег Невзоров.
В отговор Ебатин се врече във вярност на Пеевски с пост в социалните мрежи.
Да се знае – аз няма да предам човека, който ми подаде ръка преди няколко години и придаде смисъл на работата на организацията, на която посветих живота си. Този човек се казва Делян Пеевски – оставете ме да го познавам по-добре от всички, които се упражняват на негов гръб. Никой не е идеален, идеален е само Бог.
Коя е политическата алтернатива за тези доскорошни елити на ДПС, които със сигурност не искат да изгубят ползваните от тях привилегии? По традиция ДПС се „приобщава“ към властта и това проличава в подкрепата, която оказва на мнозинството на „Прогресивна България“ в парламента.
На изборите на 19 април формацията на Румен Радев спечели второто място в Кърджалийския избирателен район с 18 853 гласа (24,327%) и взе един мандат, както и „Възраждане“. Така два от петте мандата от района не отидоха в ДПС. Макар парламентарните и местните избори да са различни, този резултат е сигнал, че на Пеевски ще му е трудно да запази доминацията си в Кърджали и в останалите общини от областта.
За заместник областен управител на Кърджали кабинетът назначи Ерол Хадживейсал, който беше на седма позиция в листата на „Прогресивна България“ за парламентарния вот. Назначението трудно може да се мисли само като кадрово решение – то изглежда и като ранно позициониране на възможен кандидат за кмет на Кърджали или поне на ключова фигура в битката за властта в областта.
Засега Пеевски продължава да плува върху мрежите на влияние, които години наред го държат на повърхността. Но за първи път вниманието не е насочено към това колко власт печели, а дали започва да губи.
Пеевски олеква.
Недостатъчно, за да потъне.
Post Syndicated from Explosm.net original https://explosm.net/comics/confession
New Cyanide and Happiness Comic