Flux
FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service

FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service

FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service Back in 2024 Cox Media Group were caught trying to sell advertisers packages based on "active listening", with this deck which claimed: Smart devices capture real-time intent data by listening to our conversations Advertisers can pair this voice-data with behavioral data to target in-market consumers I wrote about this in…

Simon Willison's Weblog
npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry

npm has invalidated every granular access token with write access that bypasses two-factor authentication. The platform-wide credential reset rolled out on May 19, announced from npm's long-dormant X account. The registry posted the notice following an attack that used a hijacked maintainer account to publish hundreds of malicious package versions across the @antv ecosystem. "To prevent supply chain attacks following the pattern of Mini Shai Hulud, we invalidated npm granular access tokens with…

Socket
Datasette Agent

Datasette Agent

We just announced the first release of Datasette Agent, a new extensible AI assistant for Datasette. I've been working on my LLM Python library for just over three years now, and Datasette Agent represents the moment that LLM and Datasette finally come together. I'm really excited about it! Datasette Agent provides a conversational interface for asking questions of the data you have stored in Datasette. Add the datasette-agent-charts plugin and it can generate charts of your data as well. The…

Simon Willison's Weblog
The Agentic P&L: Beyond the Empire of Headcount

The Agentic P&L: Beyond the Empire of Headcount

For over a century, both the prestige and budget of a corporate department have been measured by a single crude metric: headcount. If you manage 500 people, you’re a “distinguished leader.” If you manage five, you’re a footnote. This “empire of headcount” has governed everything from office square footage to C-suite influence. It’s the fundamental […]

O'Reilly Radar — AI/ML
datasette-agent 0.1a3

datasette-agent 0.1a3

Release: datasette-agent 0.1a3 "View SQL query" buttons for both visible tables and collapsed SQL result tool calls. Don't display empty reasoning chunks Improved handling of truncated responses - table still displays to the user even if the SQL results were truncated when showing the agent. See Datasette Agent, an extensible AI assistant for Datasette. Tags: datasette, datasette-agent

Simon Willison's Weblog
The Agent Stack Bet

The Agent Stack Bet

The following article originally appeared on the Elevate newsletter and is being reposted here with the author’s permission. Peek under the hood of most “production agents” shipping today and you won’t find intelligence. You’ll find custom plumbing, fragile session logic, shared service accounts, and a security model held together by hope. This can be so […]

O'Reilly Radar — AI/ML
Quoting SpaceX S-1

Quoting SpaceX S-1

We have the ability to use compute resources to support our proprietary AI applications (such as Grok 5, which is currently being trained at COLOSSUS II), while also providing access to select compute capacity to third-party customers. For example, in May 2026, we entered into Cloud Services Agreements with Anthropic PBC (“Anthropic”), an AI research and development public benefit corporation, with respect to access to compute capacity across COLOSSUS and COLOSSUS II. Pursuant to these…

Simon Willison's Weblog
Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit

Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit

Early on May 20th, 2026, the Socket Threat Research team detected signals of a package compromise leading to a sophisticated payload targeting a broad range of iOS devices with a watering-hole attack similar in style to the delivery of the Coruna exploit kit. After careful analysis, a plethora of similarities to that campaign emerged, indicating that a threat actor intended to use a package supply-chain compromise to deliver iOS browser exploits. Repository Takeover Leads to Package Compromise…

Socket