Presence shouldn't require burnout. Identity shouldn't require your face.
The commoditization of presence & identity is happening. When identity becomes infrastructure, everyone gets a voice.
Here's why that matters 👇
https://t.co/mFoHBQGiKO
Want to try GLM 5.2 in production but worried how it might change your product?
Don’t worry, we got you:
1. Install Inference Gateway (https://t.co/4bm9zThXUH)
2. Keep sending traffic to your current provider
3. Gateway automatically starts sorting through your live data using an RLM to generate evals for your app. This takes ~24 hours.
4. Gateway starts mirroring live traffic to GLM 5.2 to run evals. Traffic is only mirrored - you’re still using your old provider in prod.
5. Once evals look healthy, you get a Slack notification letting you know it’s safe to switch.
6. Switch model identifier in your code to “glm-5.2”
Congrats, you just saved 90% on your monthly token bill, and you own your LLM stack end to end.
Introducing Cursor for iOS.
Build from anywhere by launching always-on cloud agents. Or remotely control agents running on your computer from the app.
Composer 2.5 is 75% off in the app now through July 5.
This is a new paradigm for interacting with Claude that is significantly more "inline" with all the other human activity org-wide. Once you do all of the under the hood engineering work to make this "just work" (e.g. across tools, integrations, compute environments, memory, security, etc.), Claude basically joins the team in a seamless way - you can talk to it as you would talk to a person and it can help with a very large variety of workloads.
Imo this is the 3rd major redesign of LLM UIUX. The first paradigm was that the LLM is a website you go to, the second was that it is an app you download to your computer. This third one is that it is a self-contained, persistent, asynchronous entity with org-wide tools and context, working alongside teams of humans. It really takes a while to wrap your head around it, but it works and it is awesome.
✨ I think I've been coding almost solely on my VPS with Claude Code for almost a year now
All I can say it's just fantastic:
- no need to keep laptop open ever
- no laptop battery drain
- can switch to phone or any other device you like whenever you want to continue (like when you're outside)
- it just keeps going all night while you sleep (esp with /goal)
- you can start hacky projects from scratch and go live in seconds because you're already on the server which is great to ship things and get it used by people fast (not stuck on your local laptop webserver)
- it just feels like living in the future
I used to code on my laptop, test locally, then push to GitHub, then it auto pulled and deploy to production, that'd take me ~1 minute to get a new feature out
But then when I bought a new Mac Book Pro a few years ago I was too lazy to install a local Nginx environment, so I just started pushing to prod and everything went fine, and I sped up deploying to about 3 seconds from laptop to server, which people called me crazy for too
But now with Claude Code on my VPS in the last year, it just live edits on my production server, which sounds like it should go wrong but it just doesn't, it's very careful and only twice in 12 months messed up which meant my site didn't load for 10 seconds which is OK
If I wasn't working solo, like at a big company, I' think I'd recommend the same workflow but with a staging server, so it wouldn't touch production, for safety and regulatory reasons etc. but for me it's fine
I agree with @theo completely, it's clear to me this is where it's going, also seeing @karpathy with Claude moving to the cloud (via Slack etc), I think AI "agents" and AI coding will operate on servers / from the cloud first
P.S. I have 3-2-1 backups, multiple on-site and off-site backups which you should also even if you wouldn't code with AI, safety first!
Introducing the OpenRouter MCP, live model intelligence right inside your agent
Your agent builds and ships, but when it comes to choosing the right model for the right job, it guesses from 6 month old training data
Watch it pick, price, and test the right model:
Hermes agent just left the terminal.
𝗛𝗲𝗿𝗺𝗲𝘀 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 dropped yesterday. native app for macOS, Windows, and Linux.
for months Hermes was the agent that learned your projects, wrote its own skills, and built a model of who you are. all of it buried in terminal logs.
now it has a window.
the important part is that it's not a wrapper. it runs the same agent core, the same sessions, memory, and skills as the CLI.
you can start a task in the terminal and finish it in the app without anything resetting. the state is shared across every interface, not copied between them.
what the GUI actually adds:
→ streaming chat that shows live tool calls and inline reasoning instead of a spinner
→ a preview rail that renders pages, code, and images right beside the conversation
→ an artifacts panel that collects every file the agent has ever produced
→ remote gateway mode, so you can point the app at a VPS and run the heavy work elsewhere
→ skills, cron, profiles, and gateways managed point-and-click instead of through YAML
→ voice mode, drag-drop files, and inline image generation
remote gateway mode is the one worth slowing down on. the agent runs 24/7 on a $5 server while you control it from your laptop like a local app.
other agent UIs are chatboxes with a logo. this one shows the autonomy instead of hiding it, so you watch the skills load, the tools fire, and the artifacts pile up as it works.
it was teased in Jensen's GTC keynote. MIT licensed, local-first, no telemetry.
if you already run Hermes, download it and everything is already there. your chats, memory, and skills carry straight over.
i wrote a full masterclass on Hermes Agent that walks through the SOUL. md identity layer, the three-tier memory system, the self-evolving skills loop, and how to run three specialized agents 24/7.
desktop is the interface that finally does all of it justice.
the article is quoted below.
Just want to make this clear:
We didn't make Hermes Agent to be a "starts with nothing, you work it all out" agent. This is not the minimalist, start from nothing, agent.
We want Hermes to work out of the box for most people. So you aren't spending weeks just getting the agent to work, or have the capabilities you need.
This means that yes, there are more built in things then something like nanoclaw or pi, which start with nothing, and you just have to figure it out.
That is an intentional design decision.
You can from the modest baseline that has capabilities that are likely broader than you need, but not egregious, take it from there if you want to tinker with it.
Run `hermes skills config` or `hermes tools` to disable whatever you want.
We even have a way to upload your whole "Agent" as a github repo, so you can install hermes fresh with your exact setup again later or share them.
We have a massive interface for extensions so you can tinker with it to infinity.
But if you don't want to become an agent engineer - with Hermes, you don't have to.
ANTHROPIC'S 31 SMALL BUSINESS SKILLS GOT 382,000 DOWNLOADS ON DAY ONE AND SOMEONE JUST MAPPED EVERY SINGLE ONE INTO A 10 MINUTE SETUP.
It covers financial operations, sales, HR, marketing, and reporting with a full connector guide and real output examples.
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.
https://t.co/FOaWnF1yQy
We are entering a new era of on-device automation. ✨
Watch Gemma 4 E4B navigate and drive an iOS simulator directly using Argent. Local models can handle complex interactions and software navigation autonomously.
We replaced Privy with our own free open source option
https://t.co/5O6OZMslMk
The privy team have been very nice and supportive but ultimately their product cannot be integrated into open source projects without making every developer sign up, and it’s crazy expensive
Ethereum's roadmap got real in the last 12mo: PQ, scaling, latency, privacy, AA, minimization, hardness. A lot hinges on p2p networking.
A few weeks ago I decided to leave the EF to keep advancing this layer from the outside. Last week was my last day; the end of a memorable chapter in the arena with some of the most principled, humble, and talented people in this space. The Protocol cluster is in great hands with @corcoranwill, @kevaundray, and @fredrik0x.
The work continues, no time to skip a slot. Core Devs got pilled on ethp2p at interop, and so should you. 👇
geçen hafta claude ile 6 saat dijital ayak izimi sildim.
sonuç: 47 data broker listingi kaldırıldı. 12 ölü hesap silindi. 3 arama sonucu bastırıldı.
nasıl yaptım, adım adım. thread.
Cursor is making a platform play. Right now they're an IDE. By releasing the SDK, they're turning their agent runtime into programmable infrastructure that runs headlessly in CI/CD pipelines, internal tools, and even third-party products. Every agent spun up through the SDK burns tokens on Cursor's billing. That means revenue scales with compute, not seats, and without a human in the loop, volume can go way higher. Smart move!
‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP.
The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years.
Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box.
The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root.
Result: the next time anyone runs that program, it lets the attacker in as root.
What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk.
Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants.
The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today.
This vulnerability affects the following:
🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root
🔴 Kubernetes and container clusters: one compromised pod escapes to the host
🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner
🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root
Timeline:
🔴 March 23, 2026: reported to the Linux kernel security team
🔴 April 1: patch committed to mainline (commit a664bf3d603d)
🔴 April 22: CVE assigned
🔴 April 29: public disclosure
Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...
MEXC sitting on $260m in USDC/USDe debt on aave v3 at 1.01 health factor. $110k daily interest accrual. health factor decays ~0.04% every 24 hours with no action. that's 6-8 days until forced liquidation if ETH doesn't move up and they don't add collateral. $260m in ETH/wBTC collateral hitting the market in a cascading liquidation is the next black swan everyone can see coming on-chain in real time. the kelp exploit was round one
🚨 BREAKING: Never pay for clipping tools again!
Someone built fully AI powered tool that just destroyed the $49/month clipping industry
> Clip any YouTube or local videos
> No watermarks, no limits, self-hosted
> Can even plug in Claude or any AI model
100% free & open source.
chaos labs is paid $2.4m/year as aave's risk manager and never once checked that rsETH was running a 1/1 DVN config on layerzero before approving it at 75% LTV. that single oversight enabled $236m in bad debt. they just lost the compound contract to gauntlet. 68% of aave governance is calling for their review or replacement. aave v4 launches april 30 with a new collateral framework that will likely make $4-6b in current bridged assets ineligible unless protocols prove 3/5 DVN minimum. that's a forced deleveraging event 11 days out. the risk managers had zero skin in the game, zero financial liability, zero incentive to dig deeper than a peckshield audit and a chainlink oracle check. bridge security wasn't even on the checklist. you need to go read the getAppConfig() on every bridged token you're lending against right now because clearly nobody else did