Microsoft made ChatGPT's accuracy jump from 41% to 80% without touching a single parameter.
The system is called SkillOpt.
Most people think AI agents improve by writing better prompts or fine-tuning the model itself. But fine-tuning is rigid, slow, and expensive. And "prompt engineering" is just guessing.
Microsoft’s approach treats the AI’s skill set, the actual text document that tells it how to solve a problem, as a living, breathing model that learns from its own failures.
Here is how it works:
1. Rollouts: The agent attempts tasks. It captures its own successes and failures.
2. Optimizer Model: A separate, small model analyzes those results and makes atomic edits to the skill document (Add, Delete, or Replace).
3. Validation Gate: The new skill is only "accepted" if it strictly improves performance on a held-out set of tasks.
It is essentially "Gradient Descent" for natural language.
And the results are staggering:
Across six major benchmarks, SkillOpt outperformed every human-written skill and every one-shot LLM approach.
On some tasks, accuracy skyrocketed. On the ALFWorld benchmark, one model jumped from 70% to 85% accuracy. In direct chat scenarios, it boosted accuracy by over 23 points.
The best part?
There is zero inference-time overhead.
You spend the compute optimizing the skill once. Then, the agent runs with that hyper-optimized playbook forever.
The playbook effectively "trains" itself through feedback.
If you want an agent that actually gets better at its job every single day, without you having to touch a single line of code, this is how it’s done.
A 19-year-old hacker used VPNs, tunneling tools, and rotated IPs across 3 countries. The FBI still caught him. Here's the Windows feature that made it possible and why it should concern everyone.
Peter Stokes, an alleged member of Scattered Spider (the group behind $100M+ in ransomware extortion), was arrested at Helsinki Airport this April. Court documents revealed a key piece of evidence: Microsoft's GDID.
What is a GDID?
GDID = Global Device Identifier. It's a unique code baked into every Windows installation. Microsoft uses it for telemetry, crash reports, feature usage, and license verification (it's why swapping your CPU can break your Windows activation).
What Microsoft gave the FBI:
→ Web activity with timestamps
→ Gaming history
→ IP addresses used over time
→ Tool usage (including Ngrok, a tunneling app)
→ Azure account activity
All tied to one persistent device fingerprint. Even though the VPN masked his IP, it didn't affect the GDID.
How they connected the dots:
Every time Stokes logged in to Snapchat, Apple, or Facebook from a new IP address, the GDID was there too. Investigators matched timestamps across platforms and countries: Tallinn, New York, Thailand, Germany. Different IPs. Same machine. Same person.
Microsoft had already identified him in October 2024 and filed a criminal referral. He was still 17. So they waited till He turned 18. Then they moved.
Yes, Stokes is accused of serious crimes. But the GDID data exists on every Windows machine, including yours. The infrastructure that handed his entire digital life to the FBI is the same infrastructure running on your laptop right now.
The unanswered questions:
- There's no public policy on when Microsoft shares GDID data
- No known opt-out mechanism
- No transparency report specifically covering GDID disclosures
- What other criminal referrals has Microsoft quietly filed?
STEVE JOBS GOT FIRED FROM APPLE.
Then he walked straight into MIT and dropped the most raw, unfiltered 60-minute business masterclass ever recorded.
Zero PR bullshit. Zero image to protect.
Just pure, brutal honesty from the man who built Apple once and was about to rebuild it even bigger.
Stop scrolling.
Watch this tonight instead of Netflix.
Bookmark it. Come back to it.
Our CFO sent a panicked Slack message saying we're at 98% capacity on our enterprise cloud storage.
She asked if we were experiencing catastrophic data bloat from the new marketing push.
We aren't.
We're experiencing the sheer weight of my personal media empire.
I'm currently hosting a 40-terabyte Plex server on the company mainframe.
I have every single episode of Seinfeld rendered in uncompressed 4K resolution.
I told her our storage is full because of an aggressive database mirroring protocol required for GDPR compliance.
I said if we delete anything, we risk triggering a cascading latency collapse across our entire European market.
We don't even have a European market.
She immediately approved a $120K budget increase to expand our AWS storage buckets.
I thanked her for prioritizing our data sovereignty.
I'm going to use the new servers to host a private Classic World of Warcraft realm.
Someone on Reddit built a WoW private server with 1,800 bots and AI chat via the DeepSeek API.
Dead Internet Theory, but playable.
An MMORPG with no real players, yet somehow it still feels human.
🔥 A new exploit unlocks BitLocker-encrypted Windows drives.
No password. No cracking.
It's called GreatXML. Drop two XML files on the recovery partition, reboot into Windows Recovery, and a shell spawns with full access to the drive.
The bug ties to Windows Defender Offline Scan.
Details here: https://t.co/KUPbnQzo5a
A developer automated his entire life with scripts. Then he quit. His coworkers found them.
The repo is called Hacker Scripts. 49,500+ stars on GitHub. Based on a true story.
The original story comes from a Russian forum around 2015. A build engineer left his company. His coworkers went through his old machine.
Here is what they found:
Script 1: "hangover"
If it is 8:45 AM and he has not logged in, the script emails his boss "not feeling well, working from home." Excuse pulled from a random list he pre-wrote.
Script 2: "kumar-asshole"
If a specific client emails with words like "help" or "trouble," the script SSH's into the client's server, rolls back the database to the last good backup, and replies "no worries mate, be careful next time." The client never spoke to a human.
Script 3: "smack-my-bitch-up"
If it is after 9 PM and he is still logged in, the script texts his wife "working late" with a random excuse from a pre-written list.
Script 4: "fucking-coffee"
The office coffee machine ran Linux. It had a TCP port open. Every morning, 17 seconds after he logged in, the script opened a telnet session to the machine and sent the brew command. A mid-sized half-caf latte. 24 seconds to brew. His coffee was ready the moment he walked to the kitchen. Every time. For years.
His boss thought he was the most responsive developer on the team. His wife thought he was always keeping her updated. His client thought he had the fastest support in the industry.
All four were talking to bash scripts.
Nobody noticed. For years.
His coworkers posted the scripts to GitHub when they found them. Developers around the world reimplemented them in 17 languages. Ruby, Python, Go, Java, Kotlin, PHP, PowerShell, Node.js, and more.
One legend. Seventeen languages. 150 commits.
The license is WTFPL. A real open source license. It stands for "Do What The Fuck You Want To Public License."
He did not automate his job. He automated his life. And nobody knew until he left.
49,500+ stars. WTFPL licensed. Legendary.
i hooked my whoop to my work calendar to find which coworker gives me the most stress 🚨
thanks to fable, I reverse engineered whoop to pull per minute heart rate. nd matched spikes with cal events and attendees
I now have a leaderboard and I think about it daily.
few info masked for obvious reasons ;)
‼️🚨 BREAKING: ServiceNow has been breached. Customers are reporting unauthorised access to their instances.
One customer states their security team reported this vulnerability to them, and they closed the case twice, saying they had already known since the 7th of April.
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
🚨APPLE SPENT 5 YEARS AND BILLIONS OF DOLLARS BUILDING THE MOST ADVANCED SECURITY SYSTEM IN CONSUMER HISTORY.. AN AI BROKE IT IN 5 DAYS..
Here’s what just happened..
Apple built something called Memory Integrity Enforcement for its new M5 chips.. It’s a hardware-level security system that attaches secret cryptographic tags to every piece of memory.. If a hacker tries to access memory they shouldn’t.. The chip blocks it instantly..
Every known exploit chain against iOS and macOS was rendered obsolete overnight.. Apple said so themselves..
Then a small team at a cybersecurity firm called Calif used Anthropic’s unreleased Claude Mythos Preview to find vulnerabilities in the macOS kernel..
The AI found the bugs almost instantly.. Because once it learned the pattern of a specific type of flaw.. It could recognize every other flaw in that same class across the entire codebase..
What used to take elite security teams months.. The AI did in hours..
Within 5 days.. The team had a fully working exploit that escalated a basic user account to full root access on an M5 Mac running the latest macOS..
With MIE fully enabled.. The billion-dollar hardware defense running at full strength..
The trick.. They didn’t fight the hardware.. They went around it..
MIE is designed to catch memory corruption.. Hackers trying to overwrite pointers or inject code.. The team used a “data-only” approach instead.. They manipulated legitimate data structures the hardware was never designed to monitor.. Like changing an internal flag from “standard user” to “admin”..
The chip saw a perfectly normal operation.. The operating system obeyed.. And the attacker had total control..
The hardware thought everything was fine.. Because technically it was.. The exploit never triggered a single tag mismatch..
They walked into Apple Park and hand-delivered a 55-page report..
Apple patched it in macOS 26.5.. And for the first time ever.. Apple’s official security advisory credited the vulnerability discovery to “Calif dot io in collaboration with Claude and Anthropic Research”..
An AI is now credited in Apple’s CVE patches..
But here’s what makes this story truly terrifying..
Before MIE existed.. An exploit kit called DarkSword was hitting iPhones with zero-click attacks.. Six vulnerabilities chained together.. Total device control just from visiting a webpage.. Deployed by Russian espionage groups, Turkish surveillance vendors, and actors in Saudi Arabia..
Then it got leaked on GitHub.. Nation-state capabilities.. Free for anyone..
MIE was supposed to make all of that impossible..
And an AI found a way around it in 5 days..
The previous model.. Claude Opus 4.6.. Found 22 security bugs in the Firefox codebase.. Claude Mythos Preview found 271 in the same environment.. A tenfold increase..
Linux kernel CVEs jumped from 300 per year to over 5,500.. Largely driven by AI-powered vulnerability research..
The IMF designated Claude Mythos as a systemic financial stability risk.. Because if an AI finds a flaw in software used by every major bank simultaneously.. It could trigger a cascading financial crisis..
Anthropic knew this was coming.. That’s why they didn’t release the model publicly.. Instead they launched Project Glasswing.. Giving defensive access to AWS, Apple, Google, Microsoft, Nvidia, CrowdStrike, JPMorgan, and others..
$100 million in usage credits.. So defenders can scan their own systems before attackers get this capability..
The Pentagon blacklisted Anthropic over autonomous weapons.. Then quietly started using Mythos to harden government systems anyway..
The cybersecurity arms race just changed permanently..
Hardware can’t save you.. Software can’t save you.. The only defense against an AI that finds vulnerabilities is another AI that finds them first..
Five years and billions of dollars..
Five days and one AI.