John Otu 🇳🇬

Founder opportunity 🚨 Applications now open for Startup Foundry. - 6-week virtual program, zero to fundable - $100k in perks - Silicon Valley operators, mentors, and speakers - Founder Showcase - Lifetime access to the alumni network - US founders and founders from anywhere are welcome Applications are reviewed on a rolling basis. Deadline July 7, 2026. Tag a founder who should see this. Apply here : https://t.co/lhAiugVdcY

A while back, we had a fierce battle of wills between two people on this app. That battle has since faded but we can probably say whose principles proved more valuable in the end. This post is intentionally vague. OGs will understand. The lesson sha is that the proof of the pudding is in the eating. Before you swallow people's principles on this app, first check that they are indeed living those principles and secondly observe how their life turns out. People like to posture here but will never tell you they don't practice what they preach, or that the outcomes from their practice weren't as rosy as they promised. They'll allow you to spoil your life because misery loves company and keeping up appearance is more important than the truth.

Let me explain what’s happening. In late March 2026, Anthropic publicly hinted that one of their internal frontier models, called Claude Mythos, showed advanced offensive cybersecurity capabilities, including autonomous vulnerability discovery and exploit generation. Because of this, they stated that rollout would be tightly controlled under staged access and safety evaluations. Over the past two weeks, we’ve seen a significant increase in platform hacks, from Web3 platforms to government infrastructure to legacy platforms. And here’s the reason: Hacks have been happening before, they’re not new, and automation and repeated attacks are not new either. But you know what’s new? Intelligent automation. Automation that doesn’t just work with a checklist and repeated patterns, but can actually create a sandbox and try multiple attack strategies in an isolated environment repeatedly, then identify where the vulnerability is and use all the knowledge on the internet to figure out how to exploit it. Automated attacks used to follow a blueprint, but now it’s different. There’s no fixed blueprint. You can infuse AI into a hacking process multiple times and get different results. And these tools have a mind of their own. Over the next few months, we will be seeing a lot of news like this. It doesn’t mean these platforms are not safe, it just means AI is moving faster than anyone can adapt, and now we all have to 10x our processes. We live in a new world. On vercel’s issue? They’ve announced that only a few users were affected and released a process to support all users and better increase their hosted platforms.

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/7PY6gGtzgI that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (https://t.co/BLVnic9fJC). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

Genuinely a better question than most people realize. Apollo 11 left a 2-foot wide panel of mirrors on the lunar surface in 1969. No power source, no wiring, no maintenance. Scientists have been shooting lasers at it from New Mexico ever since. The beam travels 239,000 miles, bounces off the mirrors, and returns in 2.5 seconds. That round trip is how we know the moon is drifting away from Earth at 3.8 centimeters per year. So yes, in a literal sense, they were checking if it would still be there. The seismometers are the part that gets wild. Apollo 12 deliberately crashed its lunar module into the surface at 6,048 km/h. Scientists expected a brief shudder. The moon vibrated for over 55 minutes. On Earth, seismic waves from an equivalent impact die in seconds. Nobody had predicted this. So NASA did it again. Apollo 13 dropped its S-IVB rocket stage from orbit. Hit with the force of 11.5 tons of TNT. The vibrations lasted nearly three and a half hours. The reason is water, or the lack of it. Earth's interior is damp. Moisture in rock acts like a sponge, absorbing seismic energy. The moon is bone dry, cool, and rigid. Shockwaves have nothing to absorb them. They just bounce back and forth through solid stone until the rock itself stops vibrating. Scientists described it as the moon ringing like a bell. The seismometers ran for almost 8 years and detected over 13,000 seismic events. Turns out the moon has four types of quakes: deep ones caused by Earth's gravitational pull, shallow ones from the crust shrinking as the interior cools, thermal ones when sunrise thaws the frozen surface, and impacts from meteorites. In 2023, Caltech reanalyzed old Apollo 17 data and found a fifth type: the lunar lander itself creaking and popping every morning as the sun heated it. Every five to six minutes, for five to seven hours straight. They went up to prove the moon was once part of Earth, measure how fast it's leaving, and figure out what's happening inside a world with no atmosphere, no water, and no tectonic plates. "Checking if it was still there" is honestly closer to the truth than most people's actual answer.

I just realized that Perplexity is built on Browser Use open-source library. Last April, Perplexity users kept reporting that it was randomly searching for “capital of France” and answering “Paris” for unrelated prompts. That exact prompt, “What is the capital of France?”, is hardcoded in Browser Use. We used it as a sanity check in _verify_llm_connection: every time an Agent() was instantiated, it sent that prompt to the LLM. You can disable that but they forgot. Honestly, if they'd just told us, I'd have happily shown them how to integrate it properly. Feels like with Manus. Commit in browser_use: browser_use/agent/service.py lines 1272–1296 at commit 3f4c918a