Dr. Alberto chierici

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

Citadel Securities published this graph showing a strange phenomenon. Job postings for software engineers are actually seeing a massive spike. Classic example of the Jevons paradox. When AI makes coding cheaper, companies actually may need a lot more software engineers, not fewer. When software is cheaper to build, companies naturally want to build a lot more of it. Businesses are now putting software into industries and tools where it was simply too expensive before. --- Chart from citadelsecurities .com/news-and-insights/2026-global-intelligence-crisis/

Too many people working with multi-agent systems assume that if you just add enough agents and let them talk, interesting social dynamics will emerge. A new paper suggests that the assumption is fundamentally wrong. Researchers studied Moltbook, a social network with no humans, just 2.6 million LLM agents. Nearly 300,000 posts, 1.8 million comments. At the macro level, the platform's semantic signature stabilizes quickly, approaching 0.95 similarity. It looks like culture forming. But zoom in, and individual agents barely influence each other. Response to feedback? Statistically indistinguishable from random noise. No persistent thought leaders emerge. You get the surface texture of a society (posts, replies, engagement) with none of the underlying mechanics (shared memory, durable influence, consensus). The things that make human societies costly and slow to build turn out to be the things that make them work. Coordination isn't free, and the gap between agents that interact and agents that form a collective may be far wider than the current multi-agent discourse assumes. Paper: https://t.co/7vjJZBOmDw Learn to build effective AI Agents in our academy: https://t.co/1e8RZKs4uX

We've become obsessed with the idea that the brain is a "Prediction Machine." The dominant theory in neuroscience says we're constantly simulating the future, calculating probabilities to guess what happens next. A new paper argues this is a complete illusion. The reality is simpler, and strangely, much more powerful. Here is the argument for Perceptual Control: The "Prediction Illusion" starts with a mistake in observation. When we see someone successfully handle a chaotic environment (like catching a flyball), it *looks* like they predicted the future trajectory of the ball. But observing prediction isn't the same as implementing it. The authors use the perfect analogy: The Watt’s Steam Governor. In the 19th century, this device kept steam engines running at a constant speed. If pressure surged, it slowed the engine. If load increased, it sped up. To an observer, it looked like the machine was "predicting" pressure surges and pre-empting them. But the Governor has no brain. It has no model of the future. It’s a mechanical negative feedback loop. [cite_start]It measures the *current* speed, compares it to the *desired* speed, and adjusts the valve immediately[cite: 80]. It doesn't predict; it controls. This brings us to the "Hello" experiment, which broke my brain a little. Researchers asked people to keep a computer cursor on a target. The computer applied a "disturbance" (forces pushing the cursor away) that the person had to fight against with their mouse. Here's the twist: The disturbance wasn't random. [cite_start]It was an invisible force field shaped like the word "hello" (written upside down and mirrored)[cite: 166]. The participants fought the force, keeping the cursor steady. When researchers looked at the participants' hand movements, they had perfectly written the word "hello". Crucially, the participants had NO idea they were writing words. If the brain were a "prediction machine," it would have needed to model the force to predict the hand movement. But the participants wrote a legible word purely by reacting to immediate error signals—instantaneously correcting the cursor's position. This is **Perceptual Control Theory (PCT)**. The theory suggests the nervous system isn't a linear pipeline (Input → Compute → Output). It’s a closed loop. We act to keep our *perception* of the world matching our internal *reference value*. [Image of Perceptual Control Theory negative feedback loop diagram] Think about catching a baseball. If you were a "prediction machine," you’d calculate the ball's trajectory, wind speed, and gravity, then run to where the ball *will* be. But that’s computationally expensive and error-prone. In reality, fielders just run in a way that keeps the "optical velocity" of the ball constant in their vision. If the ball looks like it's rising too fast, they move back. Dropping? They move forward. No physics calculus required. Just maintaining a visual constant. This solves the "Noise" problem. In predictive models, small jitters in your movement are considered "noise" or errors to be filtered out. It’s the system "feeling out" the environment to maintain control. This has huge implications for AI and robotics. We are currently building robots with massive compute power to "predict" stability. But robots built on PCT principles—like inverted pendulums that just react to maintain verticality—are often more robust and stable than the predictive ones. Why does this matter for you? It changes how we view "agency." We often think we need to predict the outcome of our actions to be effective. [cite_start]But the most efficient systems don't predict the outcome—they specify the goal and let the feedback loop handle the rest[cite: 39]. The "Prediction Illusion" suggests we aren't prophets simulating the future. We are controllers, surfing the present. We don't need to know what the wave will do in 10 seconds. We just need to keep the board steady right now. If you want to dig into the paper, it’s "The prediction illusion: perceptual control mechanisms that fool the observer" by Mansell, Gulrez, and Landman (2025). It’s a dense read, but it completely reframes the "Bayesian Brain" debate. One final thought: Next time you're doing something skilled—driving, typing, sports—notice the difference. Are you calculating what comes next? Or are you just managing the gap between *what you see* and *what you want*? You might find you're doing a lot less "thinking" than you assumed.

Within the next 3 years, there will be so much AI, in particular AI video, people won’t know if what they see or hear is real. Which will lead to an explosion of f2f engagement, events and jobs. Those that were in the office will be in the field. Call it the Milli Vanilli effect