Wrote up some thoughts on Anthropic's Project Glassing, where their latest Opus-beating model is available to partnered security research organizations only. Given the recent alarm bells raised by credible security voices I think this is a justified decision.
simonwillison.net/2026/Apr/7/p...
How „wildly wrong“ are we talking? And how does it relate against Standardization (done?) + Migration (incl. rollout in large enterprises) + Security Lifetime of Data (re. HNDL, esp. for regulated industries)? The rollout in large enterprises will be tedious.
Hearing about the urgency from serious cryptographers is worrying. A solid PQC migration will take years for normal enterprises. It’s a good idea to start now with mapping out potentially affected services, resolving maintainership, and ensuring budget & expertise is in place when needed.
“Using go fix to modernize Go code” by Alan Donovan — https://go.dev/blog/gofix
#golang
The screenshot shows Spectacle about to take a screenshot of a window containing text.
The screenshot shows Plasma's new on-screen keyboard.
The screenshot shows a user picking their keyboard while running the first-time wizard.
Plasma 6.6 is now live!
Spectacle can read texts from screenshots; we got our own on-screen keyboard; and we have a new first-time wizard that let's users configure their passwords, timezones, keyboard and networks, on preinstalled systems; among many, many more things.
kde.org/announcement...
I always assumed that #passwordmanagers were simple objects -- create a database, encrypt it, send it to the server, done. I could not have been more wrong!
At zkae.io, we take a look at all the hidden complexity in cloud password managers, and the #attacks that result from that. (ia.cr/2026/058)
I wonder if part of the dynamic is simply that AI lowers the barrier to entry on the attacker side. If more people can search for vulnerabilities at scale, we almost have to (semi-)automate the low-hanging fruit on defense just to keep our security level from deteriorating.
It does say they looked at 1Password.
Do you use a cloud-based password manager? So what's your threat model?
Vendors like Bitwarden, Dashlane, LastPass and 1Password offer you "Zero Knowledge Encryption", with statements like: "Not even the team at Bitwarden can read your data (even
if we wanted to)."
We decided to test this… 1/n
Curious to know how many times his avatar joined any of his meetings so far.
"Claude has done the job here, I haven't even bothered looking into the changes" - in this case, not sure if linking to it is currently the right thing to do.
A $100B funding round is nuts. This is after raising $40B last year.
$20B ARR sounds impressive until you realize they are losing money faster than they’re making it and need massive infusions of cash every few months to keep going.
Here we are again. Every photo, every message, every file you send will be automatically scanned—without your consent or suspicion. This is not about catching criminals. It is not based on scientific evidence. It will enable mass #surveillance of EU citizens. #chatcontrol
fightchatcontrol.eu
I wrote up some notes on Google Security's new OSS Rebuild project, which increases supply chain security for popular packages on PyPI, NPM and Crates through offering independent build attestations
simonwillison.net/2025/Jul/23/...
Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...
Wrote up some notes on that recent paper from METR "Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity" simonwillison.net/2025/Jul/12/...
Hello, I hope this message finds you well. As part of our ongoing efforts to comply with the EU Cyber Resilience Act (CRA), we are currently conducting a cybersecurity risk assessment of third-party software vendors whose products or components are integrated into our systems. To support this initiative, we kindly request your input on the following questions related to your software product "libcurl" with version 7.87.0. Please provide your responses directly in the table below and do reply to all added in this email,
It has officially begun. The CRA info request counter is no longer at zero.
Some notes on Grok 4: excellent benchmark scores, a mid-quality pelican and a launch that was overshadowed by this week's disastrous Grok 3 system prompt update simonwillison.net/2025/Jul/10/...
Cloudflare has launched Orange Me2eets, an open-source end-to-end encrypted video calling demo! Built on top of our OpenMLS implementation, this project showcases secure, private real-time communication.
buff.ly/eEdJdnf
#Cloudflare #E2EE #VideoCalling #OpenSource #OpenMLS
a graph of US tariffs and DHS excise taxes paid, monthly annualized, which rises from $100B to $300B
June treasury data came in today, and Americans paid a record $27B in tariffs & related DHS excise taxes this month—for an annualized pace of more than $300B/year
The graph of intense pain & suffering keeps getting worse
What a great way to put it: "When an agent struggles, so does a human."
Agreed. I think what I'm asking is if and how we will eventually be able to really enforce guardrails for these adventures on LLM-level. In a way that also makes it sufficiently safe to use at scale.
Good Monday morning tech nerds. One of my devs wrote *another* blog post about kerberos (I'm creating an army of crazy bloggers). This one you might consider bookmarking.
Another prompt injection paper review! This time it's "An Introduction to Google’s Approach to AI Agent Security" by Santiago Díaz, Christoph Kern, and Kara Olive
Some interesting ideas in here, particularly around Google's three core principles for agent security simonwillison.net/2025/Jun/15/...
I'm curious what "prepared statements" will eventually look like in LLM world. Having an agent check for injections in another agent's output feels more like the equivalent of sophistically checking the output of a "normal" SQL query, no? Will we need new LLM architectures to fully eliminate it?
"Design Patterns for Securing LLM Agents against Prompt Injections" is an excellent new paper that provides six design patterns to help protect LLM tool-using systems (call them "agents" if you like) against prompt injection attacks
Here are my notes on the paper simonwillison.net/2025/Jun/13/...
Trump updated the PQC EO:
www.whitehouse.gov/presidential...
