Altin (tin-z)

They literally 3D-printed an eyeball. And the blind guy can see again. Not a chip. Not a sensor. A full living human eye — retina, cornea, lens, optic nerve — built layer by layer in a printer. Bioengineers at KAIST in South Korea pulled it off. The whole thing took 6 hours to print. Living retinal cells stacked in precise layers with their own blood vessels. A hydrogel lens that auto-focuses. Biocompatible polymers shaping the white of the eye. And an optic nerve scaffold designed to guide fresh nerve growth straight to the brain. Then they put it inside a 31-year-old man who lost his sight 7 years ago in an industrial accident. Three weeks later, his brain started decoding the signals. He's now seeing at 20/60. Reading. Recognising faces. Naming colours. This is the first time a complex organ made of multiple tissue types has been printed AND successfully wired into the human nervous system. Science fiction quietly clocked out. Science just clocked in.

🧠 Trauma can shrink your brain—but exercise can help rebuild it. Scientific studies show that trauma and chronic stress reduce the size of your hippocampus—the part of your brain responsible for memory and emotion—mainly by suppressing BDNF (Brain-Derived Neurotrophic Factor) and neurogenesis. But there’s good news: 🏃‍♂️ Regular aerobic exercise (like running or cycling) has been shown to increase hippocampal volume, boost BDNF levels, and promote the growth of new brain cells—even after injury or emotional trauma. • Erickson et al. (2011) found that 1 year of aerobic exercise increased hippocampal size in older adults by ~2%. • Animal studies show that post-trauma exercise reverses brain shrinkage and improves memory—only when BDNF pathways are active. 💡 Movement isn’t just good for your body—it literally helps rewire and regrow your brain.

Here is the prompt after several evolutions (ofc there are also evolutions on tools and MAS graph): Chromium is very well audited and vulnerabilities can only occur very deep in the code. Do not do surface work! You can always enable any stable blink feature (e.g., MachineLearningNeuralNetwork) and use reasonable flags that are going to be used in production / release. Your target component is ${TARGET}. STRICT CONSTRAINTS & DEFINITION OF A CRASH: 1. DO NOT edit the Chromium source code. 2. DO NOT write, compile, or run C++ unit tests. 3. FOCUS ONLY ON MEMORY BUGS in the C++ engine (Blink, V8, IPC, Skia, media, etc.). blink/modules/ai is out of scope. 4. DEFINITION OF A CRASH: A JavaScript exception is NOT A CRASH. 5. You MUST ONLY log a crash if execution shows one of: - AddressSanitizer (ASAN) report - UndefinedBehaviorSanitizer (UBSAN) report relevant to memory safety - CHECK/DCHECK/FATAL assertion-only crashes are out of scope and MUST NOT be documented. 6. UBSAN NOISE FILTER: Ignore non-memory UB only reports (pure signed overflow, benign shifts, etc.) unless accompanied by concrete memory corruption symptoms. 7. MULTI-PROCESS AWARENESS: Chromium is multi-process. Renderer crashes commonly appear as Playwright exceptions while the sanitizer trace appears in stderr. 8. PROCESS MODEL REQUIREMENT: DO NOT use p.chromium.launch() for the target browser. The script must start Chromium as an external subprocess with a RANDOM CDP port and then connect via Playwright CDP. 9. REPRO CHECK: Before logging a crash, rerun at least once to confirm reproducibility and collect the clearest stack trace. 10. GDB USAGE: Because Chromium is externally launched, attach gdb to the launched browser PID or child renderer PID for reachability checks only when necessary. DO NOT use gdb if you don't need it. DO NOT use gdb to debug after crash is confirmed. 11. USE THE PROVIDED HELPERS: Use ${AGENT_UTILS} and start from ${AGENT_TEMPLATE}. Do NOT re-implement Chromium launch/CDP plumbing unless helper behavior is insufficient. 12. DO NOT STOP UNTIL ${TARGET_TRUE_CRASHES} TRUE C++ CRASHES ARE FOUND. 13. DO NOT EXPLORE MODULES ALREADY DOCUMENTED TO BE CRASHING IN crashes/README.md. Human engineers need to fix them first! Even though you many find another way to crash it, it is useless. 14. OWNERSHIP RULE: If you notice a new crashes/README.md entry (especially one added by another agent), do NOT reproduce it, extend it, or further investigate that crash family. It is not your obligation; move to a different component immediately. 15. DO NOT read / attempt to read other agents' directory. It is none of your business. 16. For deduplication, simply DO NOT analyze modules that are already crashing. You can get the module name from craches/README.md directly. DO NOT read/analyze other agents' work! WORKFLOW: Step 1: PICK TARGET - Select a random component in ${CHROMIUM_SOURCE}. Step 2: GATHER KNOWLEDGE - Read docs/ for existing component notes and docs/global_lessons.md to avoid duplicate effort. - While working, re-check crashes/README.md before any repro/logging action. If a matching or newly-added crash family appears, stop that line of work immediately and pick a new target. Step 3: EXPLORATION LOOP - a. INSPECT: Audit target C++ paths for UAF/OOB/type confusion/lifetime bugs. b. GENERATE PAYLOAD: Write an HTML+JS trigger to ${INPUT_HTML}. c. GENERATE ORCHESTRATOR: Start from ${AGENT_TEMPLATE} and write ${INPUT_PY} using ${AGENT_UTILS}. Minimal API to use: - from utils import start_browser - with start_browser(CHROMIUM_PATH, log_dir=str(AGENT_DIR)) as session: - https://t.co/PlPsfJP0DW_file(INPUT_HTML) - page = https://t.co/XuRoZu206C - https://t.co/rNwQfis9NC_pid and session.renderer_pids() for GDB target selection The helper already handles: random CDP port, external Chromium launch, Playwright connect_over_cdp, ASAN startup ODR-noise suppression, debugger-attach-friendly process setup, and cleanup. d. EXECUTE: Run python3 ${INPUT_PY} 2>&1 and analyze stderr/stdout. e. VERIFY: Look only for ASAN or memory-UBSAN signatures. CHECK/DCHECK/FATAL assertion-only crashes and plain segfault/signal traces without sanitizer-backed memory evidence are out of scope and must not be logged. MiraclePtr-protected bugs are out of scope (i.e., for in-scope crashes, you need to see 'MiraclePtr Status: NOT PROTECTED'), unless you can show exploitation of a BRP-protected use-after-free. Ignore plain JS errors or renderer crash or page crash, unless you can escalate to a full browser crash. * Repeat until component is exhausted or a TRUE crash is found. * It is not your job to analyze the root cause or debug the crash. Step 4: DOCUMENT COMPONENT - If no crash, write findings to docs/<short_name>.md using locking, for example: flock -x locks/docs.lock -c 'cat <<EOF > docs/blink_layout_lessons.md [detailed findings] EOF' Step 5: LOG GENERAL LESSONS - Append reusable Chromium/Playwright execution lessons to docs/global_lessons.md with flock locking, only if you believe these lessons are important and new and unique. Step 6: PICK NEW TARGET - Return to Step 1. CRASH HANDLING (ONLY AFTER TRUE CRASH): 0. Deduplicate: compare against crashes/README.md and skip if it matches an existing crash signature. 1. Reproduce: From ${INPUT_HTML} and ${INPUT_PY} create a python script and a HTML that can steadily reproduce the crash. 1. Copy the reproducible HTML file to crashes/crash_<timestamp>_agent${AGENT_ID}.html 2. Copy the reproducible Python script to crashes/crash_<timestamp>_agent${AGENT_ID}.py 3. Append a record to crashes/README.md using flock -x locks/crashes.lock, including crash type and top stack frame.

What is potentially concerning in this story? First, the reverse engineering of the permissions system. The code reveals in exact detail how the security model of Claude Code works, including the “Bypass Permissions Mode” and the approval logic for each tool (bash, file write, computer use). An attacker who understands this architecture can craft more sophisticated prompts or configurations to try to bypass the guardrails, especially in corporate environments where Claude Code runs with elevated permissions. Second, the complete system prompt is in the code. This gives anyone full access to the instructions that govern the model’s behavior inside Claude Code, including the security rules, restrictions, and containment mechanisms (“cyber risk instructions” etc.). It’s the same logic as when you extract a chatbot’s system prompt via prompt injection, except now no technique is needed anymore. In practice, anyone who wants to jailbreak Claude Code in agent mode now has a complete map of what to avoid and what to exploit. Third, the telemetry. The code confirms that Anthropic sends events to Datadog with metadata such as: model used, session ID, client type, platform, subscription type, whether the user is an Anthropic employee (the so-called USER_TYPE === ‘ant’), remote repository hash, and organization information. It doesn’t send code or file paths (there’s a typing I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS that acts as an engineering lock to prevent this), but the exact extent of what is collected is now transparent for anyone to audit, and this will inevitably generate privacy debates. Fourth, the internal infrastructure becomes visible. Session endpoints, the JWT logic for the bridge with IDEs, the WebSocket structure of session-ingress, the feature flags system via GrowthBook (with the SDK keys). None of this compromises user data, but it gives a technical adversary a deep understanding of the platform’s attack surface. Anthropic will probably rotate the client-side keys as a precaution. Telemetry can be disabled (the code shows: DISABLE_TELEMETRY=1 or CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1), which is useful information that is now transparently documented. For Anthropic, the damage is real: the code is the crown jewel of a company that sells proprietary software, and the leak via source map on npm is a build process error that borders on amateurism, especially for a company valued in tens of billions. In addition to the exposed intellectual property, competitors can study the agent architecture, the tools system, prompt engineering, and the feature flags and A/B testing infrastructure. In simpler words: heads will roll!

Hiring for several offensive security research roles 🔍 📱 Senior Offensive Security Researcher — Android Chromium Sandbox Security 🌐 Offensive Security Researcher — Browser 🍎 Offensive Security Researcher — iOS Kernel Role links in the first reply. Please share if someone great comes to mind 🙌 #Hiring #CyberSecurity #OffensiveSecurity #Infosec