Flux
Fighting Tool Sprawl: The Case for AI Tool Registries
IA

Fighting Tool Sprawl: The Case for AI Tool Registries

As enterprise AI agent adoption scales, the absence of centralized, organization-level tool infrastructure is producing compounding costs. When adoption is built around optimizing for deployment speed, enterprises expose themselves to a combination of risks: duplicated engineering effort, security exposure, and operational opacity. Every enterprise needs its own shared tool registry, one that reflects its specific […]

O'Reilly Radar — AI/ML
Adaptive Parallel Reasoning: The Next Paradigm in Efficient Inference Scaling
IA

Adaptive Parallel Reasoning: The Next Paradigm in Efficient Inference Scaling

.apr-fig { text-align: center; margin: 1.35em 0; line-height: 1.4; } .apr-fig--wide img { display: inline-block; width: 100%; max-width: 100%; height: auto; vertical-align: middle; } .apr-fig--wide-0-8 { max-width: 80%; margin-left: auto; margin-right: auto; } .apr-fig--tall img { display: inline-block; max-height: 300px; width: auto; max-width: 100%; height: auto; object-fit: contain; vertical-align: middle; } .apr-fig--tall-1-2x img { display: inline-block; max-height: 360px; width: auto;…

BAIR Blog
Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape
Cybersécurité Programmation

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

Socket is releasing free Certified Patches for a critical sandbox escape vulnerability in vm2, a JavaScript sandboxing library used to run untrusted code inside Node.js applications. The vulnerability, tracked as GHSA-ffh4-j6h5-pg66 and CVE-2026-26956, allows attacker-controlled JavaScript executed through VM.run() to escape the sandbox, access the host Node.js process object, and execute arbitrary operating system commands. The current GitHub advisory identifies vm2 3.10.4 as affected and…

Socket
Big Words
IA Programmation

Big Words

Tool: Big Words I'm using my vibe coded macOS presentations tool to put together a talk, and I wanted to add a slide with some text on it. The tool only accepts URLs, so I put together a quick page that accepts query string arguments and turns them into a simple slide. Here's an example: https://tools.simonwillison.net/big-words?text=simonwillison.net&gradient=1&size=9.5 Double click or double tap the page to access a form for modifying the different options. Tags: vibe-coding, tools

Simon Willison's Weblog
Behind the Scenes Hardening Firefox with Claude Mythos Preview
IA Programmation

Behind the Scenes Hardening Firefox with Claude Mythos Preview

Behind the Scenes Hardening Firefox with Claude Mythos Preview Fascinating, in-depth details on how Mozilla used their access to the Claude Mythos preview to locate and then fix hundreds of vulnerabilities in Firefox: Suddenly, the bugs are very good Just a few months ago, AI-generated security bug reports to open source projects were mostly known for being unwanted slop. Dealing with reports that look plausibly correct but are wrong imposes an asymmetric cost on project maintainers: it’s cheap…

Simon Willison's Weblog
Notes on the xAI/Anthropic data center deal
IA Programmation

Notes on the xAI/Anthropic data center deal

There weren't a lot of big new announcements from Anthropic at yesterday's Code w/ Claude event, but the biggest by far was the deal they've struck with SpaceX/xAI to use "all of the capacity of their Colossus data center". As I mentioned in my live blog of the keynote, that's the one with the particularly bad environmental record. The gas turbines installed to power the facility initially ran without Clean Air Act permits or pollution control devices, which they got away with by classifying…

Simon Willison's Weblog
The Best Risk Mitigation Strategy in Data? A Single Source of Truth
IA

The Best Risk Mitigation Strategy in Data? A Single Source of Truth

Every data leader has a version of this story. A regulatory audit surfaces a metric that doesn’t match across systems. A board member catches conflicting revenue numbers in two reports presented back-to-back. An AI tool generates a recommendation based on data that hasn’t been governed since the analyst who built it left the company two […]

O'Reilly Radar — AI/ML