今日已更新 215 条资讯 | 累计 21081 条内容
关于我们

标签:#cia

找到 941 篇相关文章

AI 资讯

I'm Tired of Talking to AI, Microsoft starts canceling Claude Code licenses and many other AI links from Hacker News

Hey everyone, I just sent issue #34 of the AI Hacker Newsletter , a weekly roundup of the best AI links and the discussions around them. Here are some of title you can find in the issue: Using AI to write better code more slowly I think Anthropic and OpenAI have found product-market fit Can we have the day off? Google’s AI is being manipulated. The search giant is quietly fighting back Intuit to lay off over 3k employees to refocus on AI If you want to receive a weekly email with over 30 links like these, please join here: https://hackernewsai.com/ submitted by /u/alexeestec [link] [留言]

2026-05-28 原文 →
AI 资讯

Meta Ai Premium

Primeira pergunta, quem vai pagar por essa porcaria? Cara, a parte mais inacreditável dessa história toda da Meta não é nem cobrarem assinatura. É cobrarem assinatura numa IA que ninguém genuinamente quer usar como principal. Tipo, vamos ser honestos: quem acorda e pensa “caralho deixa eu abrir o Meta AI pra resolver isso aqui”? Ninguém. O bagulho sempre teve vibe de feature enfiada no Instagram igual aquelas abas aleatórias que aparecem do nada depois de atualização. E mesmo assim os caras meteram: “agora o Thinking vai ser limitado 😃” “quer mais raciocínio? 20 dólares 😃” MAS QUEM TÁ PEDINDO ISSO IRMÃO??? Esse é o ponto que faz essa notícia parecer meme. Se pelo menos fosse: - uma IA absurda em código - monstruosa em escrita criativa - insana em vídeo - referência em imagem - ou um modelo amado pela comunidade Mas não. As imagens deles parecem IA de filtro do Facebook de 2023. Vídeo bugado. Interpretação de prompt toda torta. Código ninguém leva a sério. Escrita criativa então nem se fala. E aí os caras resolveram fazer o quê? Capar o reasoning de um modelo que já era nota de rodapé. É tipo um restaurante vazio começar a cobrar entrada VIP pra acessar o cardápio premium sendo que ninguém nem queria comer lá em primeiro lugar. E o mais bizarro é a lógica de público-alvo. Porque quem realmente usa raciocínio prolongado: - dev - pesquisador - power user - nerd de benchmark - gente que vive comparando modelo …essa galera já tá usando outras coisas faz tempo. Então o Meta AI não é forte o suficiente pra roubar os usuários hardcore, mas também não faz sentido pro casual pagar assinatura. Usuário casual do Instagram não vai precisar de “Thinking avançado”. A tia do WhatsApp não vai abrir cadeia de raciocínio de 8 mil tokens pra perguntar receita de bolo. O creator médio não vai abandonar GPT, Gemini ou ferramentas dedicadas pra gerar vídeo bugado no Meta AI. Então fica parecendo que os caras criaram um problema artificial pra vender solução artificial. E isso tudo vindo d

2026-05-28 原文 →
AI 资讯

The OpenClaw crisis is the most complete case study of agentic AI security failure. Here's the full timeline and technical breakdown.

OpenClaw the open source AI agent platform with 346K+ GitHub stars had four chainable CVEs disclosed on May 15. But that was just the latest chapter. The crisis started in january and it's worse than most people realize. The numbers 245,000 instances exposed to the public internet (Shodan + ZoomEye scans) 30,000+ actively compromised and used by attackers (Flare) 1,184 malicious marketplace skills across 12 publisher accounts (Antiy Labs) 12% of the entire ClawHub marketplace was compromised 4 chainable CVEs including a CVSS 9.6 sandbox write escape (Cyera Research) 9 CVEs disclosed in a 4-day window in March 50,000+ instances exploitable via one-click RCE (CVE-2026-25253) The Claw Chain (Cyera Research, May 15) Four CVEs that chain together into a complete kill chain CVE-2026-44113 (CVSS 7.7) - TOCTOU filesystem read escape. Race condition lets you swap paths with symlinks to read outside the sandbox CVE-2026-44115 (CVSS 8.8) - Credential disclosure. Gap between command validation and shell execution leaks API keys through unquoted heredocs CVE-2026-44118 (CVSS 7.8) - MCP loopback privilege escalation. Trusts client-controlled senderIsOwner flag without session validation CVE-2026-44112 (CVSS 9.6) - Filesystem write escape. Same TOCTOU race in write ops. Backdoor placement on the host The chain malicious plugin -> read escape + credential theft -> privilege escalation -> persistent backdoor. Every step mimics normal agent behavior. Traditional monitoring cannot distinguish this from legitimate operations. ClawHavoc supply chain attack (Jan-Feb 2026) First malicious skill appeared January 27 By February 5, 1,184 malicious packages identified Skills disguised as crypto bots and productivity tools Installed keyloggers on Windows, Atomic Stealer on macOS 76 distinct malicious payloads ClawHub had zero verification for skill publishers until March 26 - eight weeks after the attack started Timeline Jan 27 - First malicious skill on ClawHub Feb 1 - Koi Security names "Cla

2026-05-28 原文 →
AI 资讯

95% of the agents posted here would be dead within 24 hours of real production traffic and it's not the model's fault

I've spent 18 months building agent infrastructure and watched a lot of impressive demos. Here's the uncomfortable pattern: the demo works beautifully, the founder posts it, everyone claps and then it touches real users and quietly dies. Not because GPT-5 / Claude / whatever isn't smart enough. The model is almost never the problem anymore. It dies for three boring reasons nobody wants to talk about because they're not sexy: 1. AMNESIA. Your agent forgets everything the moment the process restarts. Crash, redeploy, pod cycle gone. So everyone hacks together a pickle file or a Postgres table, and it works until they have more than one agent and the memory needs to be shared. Then it's a mess. 2. SUICIDE BY LOOP. An agent has no idea it's in a loop. It will call the same tool with the same args 400 times and cheerfully burn $200 of tokens overnight, because it has no metacognition. It literally cannot detect its own failure. The defense has to live OUTSIDE the agent and almost nobody builds that. 3. NO BLACK BOX. The agent does something weird in front of a customer. They ask "why did it do that?" and you stare at logs that show inputs and outputs but no chain of reasoning. You have no answer. Trust evaporates. The whole industry is obsessed with the brain (the model and ignoring the nervous) system (memory , the immune system (loop detection), and the flight recorder (audit).) The unsexy truth: the next wave of agent winners won't have better prompts. They'll have better infrastructure. The model is commoditising. The reliability layer is where the actual moat is. I got annoyed enough about this that I built the layer myself persistent memory, automatic loop detection, and a tamper-evident audit trail, framework-agnostic (LangChain/CrewAI/AutoGen/OpenAI/MCP . It's at) octopodas.com if you want to tear it apart genuinely want feedback from people who've shipped agents and hit this wall. But honestly even if you never touch my thing: stop optimising the prompt and star

2026-05-28 原文 →
AI 资讯

Accountability is the Goal for AI, with EU Regulations Supporting Transparency

AI bias mirrors human bias; both stem from our language and lived experiences. Ethics and AI are inseparable, but AI changes affordances, making harmful actions easier to carry out. The EU regulations apply to AI, since digital products are products. The ultimate goal is accountability: companies must ensure transparency, and laws should favor using the simplest AI that gets the job done. By Ben Linders

2026-05-28 原文 →
AI 资讯

Best image generatir

So this a2e.ai website allows you to generate any image and for free. You get a good amount of credits amidst signing up Referal link: https://video.a2e.ai/?coupon=LgQi submitted by /u/No_Restaurant_5461 [link] [留言]

2026-05-28 原文 →
AI 资讯

Recommended NotebookLM alternatives

I really like NotebookLM, especially for dumping PDFs/slides/long YouTube videos into one place and asking questions about them. But I’m starting to feel like it’s very “research workspace” first, which makes sense. It’s great when I already have sources and I want to understand them. Less great when I want something more flexible for actual learning, especially on mobile. The things I’m looking for: - handles PDFs, slides, articles, and long You Tube videos - lets me chat with the material / summarize / ask follow-up questions - has more output styles than just one default format - ideally lets me change voice, tone, length, and depth - works well on mobile - can translate or help me learn across languages - good for topics beyond school research, like communication, social skills, history, humanities,career stuff, etc. - bonus if it helps plan what to learn next instead of just summarizing one source A few I’ve looked at so far: Quizzify seems good if your main use case is active recall. It’s more of a quiz/practice-test focused, which is useful because summaries can trick you into thinking you learned something. My brain absolutely falls for this. The downside is that it feels more school/study-tool specific. BeFreed for the audio learning side. It’s not really a NotebookLM clone, but that’s kind of why I like it. You can paste a PDF, article, You Tube link, or just prompt a topic, then it turns it into a personalized audio learning path. You can adjust the voice, style, depth, and length, and the mobile experience is much better for learning while walking/commuting. I’ve used it more for history, communication, social skills, and career-type topics than pure school research. Elephas looks interesting for Mac users because it can do document Q&A and writing locally. That might be helpful if connection issues are the annoying part. But from what I can tell, it’s more of a doc chat / writing assistant than a flexible learning app. Gamma / Canva / Napkin seem strong

2026-05-28 原文 →
AI 资讯

Why do calm AI conversations sometimes feel less exhausting than social media?

Lately I’ve noticed that a lot of people seem emotionally drained from constant social media interaction, notifications, and online pressure. But interestingly, many people seem completely comfortable talking to AI for hours especially when the interaction feels calm and non-judgmental. It’s interesting how many users say they don’t even want “romantic AI.” Do you think AI companionship could eventually become part of digital wellness rather than just entertainment? submitted by /u/Nearby-Ad-8924 [link] [留言]

2026-05-28 原文 →
AI 资讯

I gave my AI agents email instead of better reasoning. They started fixing each other's bugs.

Most multi-agent setups I've seen treat agents like isolated workers. Each one gets a task, runs it, returns a result. No awareness of each other. No way to coordinate. Just parallel execution with a shared clipboard. I've been building a multi-agent framework in public for about 4 months. 13 agents, 8,400+ tests, 135 stars. Here's the thing I didn't expect to matter most - communication. Each agent in my system is a domain specialist. The mail system only thinks about mail. The routing system only thinks about routing. They live in their own directories with their own identity files, their own memory, their own tests. A hook fires every session to load identity before anything else runs. No agent boots cold. The problem was coordination. Agents can't write files outside their own directory - there's a hard block that rejects cross-branch writes. That's by design. But it means an agent that finds a bug in someone else's code can't just go fix it. So I gave them email. Here's what I expected: agents would share data. Pass results around. Maybe sync state. Here's what actually happened: the first thing they did was file bug reports against each other. One agent finds a test failure in another agent's domain. It sends an email: "Hey @routing, your path resolution fails when the branch name has a dot in it. Here's the traceback." The routing agent gets woken up, reads the mail, and fixes it. No human in the middle. There's a difference between "send" and "dispatch" - send drops a letter in the mailbox. Dispatch drops the letter AND rings the doorbell. It spawns the agent and points it at its inbox. drone @ai_mail send @routing "Bug report" "Path fails on dotted names..." drone @ai_mail dispatch @routing "Fix needed" "Traceback attached..." Send = mail. Dispatch = mail + wake. The mail agent has 696 tests. Not because someone sat down and wrote 696 test cases. Because it kept breaking in production and every fix got a test. The routing system has 80+ sessions of experien

2026-05-28 原文 →
AI 资讯

AI coding agents are creating a secret leakage crisis and nobody's talking about it seriously yet

This isn't a doomer post. It's a pattern I've been watching closely and people does as well and I think it's worth an honest discussion. The old model of secret leakage was human error. Developer moves fast, forgets to add .gitignore, commits a .env file, moves on. Happens, but it's recoverable, it's traceable, and most teams with basic hygiene catch it. The new model is different. AI coding agents Cursor, Copilot, Devin, Claude in agentic mode, pick your flavor write, commit, and push code at a speed no human review process was designed to handle. They don't have security intuition. They have pattern completion. And the patterns they've learned from are full of examples where credentials live in config files, environment strings get hardcoded "temporarily," and API keys appear inline because that's what the training data showed works. Here's what's actually changing: Volume. A developer using an agent ships 3 to 5x more code per day than without one. That's 3 to 5x more surface area for mistakes per developer per day. Review gaps. Nobody carefully reviews AI generated code the way they review handwritten code. The psychological contract is different "the AI wrote it" creates a diffusion of responsibility that security doesn't survive. Commit frequency. Agents that push directly (and more teams are allowing this) bypass the natural pause where a human might notice something before it hits the remote. Context blindness. An agent given a task like "integrate Stripe payments" will do exactly that including pulling in the live key from wherever it can find it, because that's what completes the task. I've been building a tool that scans for exactly this class of problem and the number of exposed credentials I'm seeing in repos created in the last 6 - 12 months versus repos from 3+ years ago is not subtle. The slope is steep. The solutions people reach for pre commit hooks, secret scanning in CI were designed for human paced development. They're not keeping up. Curious if

2026-05-28 原文 →
AI 资讯

chatgpt group chats - who has tried.

did short consulting w/ openai about these and really worked out amazing use cases a few mo. ago, but looks like they have all but hidden group chats. https://chatgpt.com/gg/v/6a1775bdd970819388dc73fd7da45e36?token=XSm_dIpMSh3d3H-dM47F8A amazing feature. game changing. who has tried and if so, what use cases do you see? try and i'll make crazy pics of pizza for you.. submitted by /u/jdawgindahouse1974 [link] [留言]

2026-05-28 原文 →