@DarioAmodei So you want a walled garden of regulation on frontier Al, but deregulation to accelerate biomedical applications and research, which would likely accelerate some of the risks you're warning about? The boundaries you drew seem right-sized for your situation.
@XiaomiMiMo your Anthropic-compatible API returns input_tokens: 0 in message_start SSE events. Real counts only come in message_delta. This breaks Claude Code's context counter. Anthropic spec requires real input_tokens at message start. Quick fix in the streaming handler.
@hwwaanng Massive issues with MiniMax M3 right now. Compared to DeepSeek or Xiaomi, it burns 2x the tokens, thinking traces are full of self-doubt. It spends 3x the time to produce broken results. Too dysfunctional for an honest comparison. Tested on OpenCode and Claude Code harnesses.
@scaling01 Code is one use case. Google went wide: hardware, infra, omni-modalities and integration with 5 services that touch 3 billion users each... They could have priced it better, but Kimi/GLM are more of a concern for OpenAI and Anthropic than for Google.
@thdxr You would need a combination of strict lifecycle policy, solid governance and monitoring, strong isolation, and aggressive reduction of trust to minimize surface area. It isn't just an npm issue, CI was the root and agents are major persistence vectors. It's an opsec problem.
@icanvardar Npm isn't the root cause here, most package managers wouldn't be immune, some would have better isolation but binaries wouldn't help. CI failure was the root and agents are the persistence vector. It's an opsec problem.
@thdxr Npm proxies, hardened devcontainers, and sidecar secret tools. For upstream packages, pin exact versions and lockfiles, with short-lived tokens on work machines. Still only minimizing blast radius.
@nalinrajput23 For casual collaboration you can sync untracked .env files with Google Drive, Dropbox, or an encrypted S3 bucket. If your environments are containerized, use Docker secrets. For anything serious (production), go with proper tools like AWS Secrets Manager or HashiCorp Vault.
@GergelyOrosz Kidlin's Law: "if you write the problem down clearly, then the matter is half solved." In general the capability of any tool, no matter how sophisticated, will scale proportionally to it's user. AI multiplies experts who steer it well. Beginners get confident mistakes.