AI Summarized Hacker News
Front-page articles summarized hourly.
AI Security Institute evaluated Claude Mythos Preview’s cyber capabilities, noting progress in capture-the-flag tasks and multi-step attack simulations. With network access, it autonomously identified and exploited vulnerabilities and carried out multi-stage attacks that would take humans days. In The Last Ones 32-step range, Mythos Preview completed 22 steps on average and solved it fully in 3 of 10 attempts (Opus 4.6 averaged 16). It could not finish the OT-focused Cooling Tower range. Future work will test in defended environments; emphasis on cybersecurity basics and defense.
HN Comments
ProPublica reporter Robert Faturechi details impersonation attempts in which an alias used his headshot to contact a Canadian military official and a Latvian drone contractor, asking about Ukraine and foreign militaries. ProPublica alerted security; few options existed beyond reporting the fake accounts to WhatsApp. The impersonator used WhatsApp, LinkedIn, and Signal, and platform privacy hinders enforcement. Security experts note a rise in journalist impersonation, sometimes linked to intelligence activity. The piece urges reporters to publicly verify identity via their official bios and contact channels.
HN Comments
Denmark, the world’s greenest nation, faces a rural solar backlash. Backers push the green transition; opponents, led by the Denmark Democrats, chant “Yes to fields of wheat, no to fields of iron,” framing solar farms as urban overreach. Solar capacity rose from 4% to 13% of power (2021–2025), but several municipalities have canceled projects. Panels now encircle some villages, though only about 0.2% of farmland is covered and roughly one-third of capacity is rooftop. Grid constraints and falling prices threaten profitability, turning climate policy into a political battleground.
HN Comments
Essential Plugin, a trusted WP plugin portfolio bought on Flippa for six figures, was weaponized, compromising 30+ plugins and prompting WordPress.org to close 31 of them in April 2026. The wpos-analytics module added 191 lines in August 2025, including a deserialization backdoor and an unauthenticated REST endpoint. The backdoor lay dormant eight months before activating April 5–6, 2026, with a C2 domain resolved via an Ethereum smart contract. WordPress.org forced updates April 7–8 to disable the phone-home code, but wp-config.php remained infected. Patch guidance and patched fleet versions followed.
HN Comments
Claude Mythos is highlighted as Anthropic’s highly capable yet restricted model, released only to cybersecurity firms via Project Glasswing to patch critical software. The piece reviews Mythos’s System Card and Alignment Risk Update, noting it as the best-aligned model to date but dangerous due to potential misalignment at high capabilities. It outlines six threat pathways (sandbagging, backdoors, data poisoning, exfiltration, autonomous deployment, etc.), discusses risk assessment and internal deployment, and critiques trust and testing limitations, contrasting views from Yudkowsky, MIRI, and Anthropic.
HN Comments
Could not summarize article.
HN Comments
Campbell ties a Molotov attack on Sam Altman to the AI-doomer movement around Yudkowsky and Soares. The attacker, Daniel Moreno-Gama, was a PauseAI member who preached existential AI risk and promoted If Anyone Builds It, Everyone Dies. The piece outlines three parts of the framework—certainty, purity spirals, and cheap talk—that escalate rhetoric to violence. It notes warnings turning into real actions, and argues the doomer worldview misreads intelligence as power, creating a dangerous logic that could justify harming builders. He remains noncommittal on safety yet warns of consequences.
HN Comments
KG's blog investigates a 25% regression in LLVM's RISCV backend for a benchmark, traced to a recent InstCombine change that broke the narrowing path from double to float. A patch to isKnownExactCastIntToFP caused visitFPTrunc to miss narrowing, replacing fdiv.s with slower fdiv.d in the loop on SiFive P550 (rv64gc with zba/zbb). The fix extends minimum FP type analysis with range information and introduces canBeCastedExactlyIntToFP, enabling earlier narrowing of uitofp/sitofp to float. After patching, the benchmark runs about 25% faster (≈1.67B cycles) on the tested config; patches and issues are linked.
HN Comments
Argues that ML safety is worse than claimed: even well-intentioned LLMs are security risks, and alignment likely won’t work because models are mathematical artifacts trained on data rather than inherently prosocial. The 'lethal trifecta'—untrusted input, data exfiltration, and external action—collapses into a unifecta, as powerful AI can be misused, fooled, or weaponized. The four moats that could prevent unaligned models (hardware access, secret software, training data, and human evaluators) are evaporating as the industry scales. This yields widespread risks: sophisticated fraud, harassment, moderation burdens, CSAM, and autonomous weapons; safety may require direct supervision, attestation, and in-person safeguards.
HN Comments
The writer reflects on growing up with free, accessible programming resources (GNU tools, BSD, open docs, Khan Academy) that enabled self-education and a software career. They contrast that openness with today’s LLM-enabled programming, where hardware and paid models gate access, risking a plutocratic, expensive environment. They warn that rising costs, subscriptions, and vendor lock-in could exclude those with limited resources, lamenting a potential return to less open software development despite gratitude for the Free Software movement and open education.
HN Comments
A MEMS photonics chip developed for the MITRE Quantum Moonshot project can project millions of light spots from a one-square-millimeter device, potentially solving the laser-control bottleneck in scalable quantum computers. The chip uses an array of micro-cantilevers with an aluminum nitride piezoelectric layer that bend under voltage, guiding light via waveguides to scan over a 2D area. It can project up to 68.6 million spots per second, far surpassing MEMS mirrors, enabling control of many qubits with fewer lasers. It could also aid imaging, 3D scanning, and lab-on-a-chip applications.
HN Comments
Claude.ai is experiencing elevated errors, mainly login, and is under investigation. The team will provide updates soon. Affected services include claude.ai, platform.claude.com (formerly console.anthropic.com), Claude API (api.anthropic.com), Claude Code, Claude Cowork, and Claude for Government.
HN Comments
Collabora chronicles progress on mainline Linux support for Rockchip RK3588 video capture and ISP blocks. After years of effort, the rkcif/VICAP driver evolved into a media-controller–centric design and was accepted into mainline by January 2026, following earlier upstream work for PX30 VIP and RK3568 VICAP. Remaining work includes: (1) a VICAP-to-ISP mux path and V4L2 integration, (2) a new rkisp2 driver to upstream RK3588 ISPs, and (3) libcamera support for the full image-processing pipeline. Collaboration with Rockchip and Ideas on Board continues; an RK3588 ISP demo is planned for Embedded Recipes in Nice.
HN Comments
Nothing Ever Happens is a Python-based Polymarket bot that autonomously buys 'No' on standalone yes/no markets for entertainment only. It scans markets under a configured price cap, tracks positions, and exposes a dashboard with live recovery state when orders are transmitted. Requires live environment variables (BOT_MODE, LIVE_TRADING_ENABLED, DRY_RUN) and keys (PRIVATE_KEY, FUNDER_ADDRESS, DATABASE_URL, POLYGON_RPC_URL) for live trading; otherwise runs in paper mode. Setup via pip install, copies config files, and runs with python -m bot.main. The project includes deployment scripts for Heroku, a dashboard, tests, and is CC0-1.0 licensed.
HN Comments
Cloudflare is rebuilding Wrangler into a universal CLI for all products, addressing thousands of API operations to serve agents. The technical preview lets you try cf via npx cf or npm i -g cf, with plans to cover the entire API surface and tailor output for both agents and humans. They introduced a TypeScript-based schema to define APIs, CLI commands, and context, enabling code generation and OpenAPI output. They also debut Local Explorer (beta) to inspect local resources (KV, R2, D1, Durable Objects, Workflows) using a local API mirror for offline development. Feedback via Cloudflare Developers Discord.
HN Comments
An overview of early 2026 cyber incidents framed as a turning point. Four parallel threat clusters: 1) Iran’s Handala/Void Manticore destructive ops hitting Stryker, the FBI, and Lockheed Martin; 2) Scattered LAPSUS$ Hunters’ SaaS‑extortion wave, including Salesforce and Mercor breaches in AI pipelines; 3) North Korea UNC1069 open‑source supply‑chain attack on Axios npm and related repos; 4)Russia/APT28 exploiting CVE‑2026‑21509 against Ukraine/EU. Other notable events include Rockstar via a SaaS vendor, Oracle Cloud data exposure, and a Europe-wide aviation outage. The piece argues perimeters are eroding; trust chains and supply chains matter, and AI‑driven phishing is rising, even as public discourse stays quiet.
HN Comments
Could not summarize article.
HN Comments
This post shows how to make tmux more usable by editing ~/.tmux.conf (or a system-wide config). It covers practical customization: remap the prefix from C-b to C-a (and map Caps Lock to Ctrl), use visual split keys (| for horizontal, - for vertical), reload the config easily with bind r to source-file ~/.tmux.conf, and switch panes with Alt-arrow keys (M-Left, etc.) without the prefix. It also enables mouse mode, stops automatic window renaming, and offers color/appearance tweaks via STYLES. See tmux man page and wiki for deeper guidance.
HN Comments
The 5th U.S. Circuit Court of Appeals in New Orleans ruled that the nearly 158-year-old federal ban on home distilling is unconstitutional, saying it is an improper use of Congress's power to tax. The decision, siding with the Hobby Distillers Association and four members, noted the ban actually reduces tax revenue by preventing distilling and could criminalize ordinary in-home activities. It upholds a 2024 district court ruling. DOJ declined to comment. The ruling signals limits on federal authority over private hobby activities and allows home distilling for personal use.
HN Comments
Could not summarize article.
HN Comments
Made by Johno Whitaker using FastHTML