Thomas Hawk posted a photo:
First vibe coding, now vibe reviewing ... but the buzz is good as it finds worthy issues
Anthropic has introduced a more extensive – and expensive – way to review source code in hosted repositories, many of which already contain large swaths of AI-generated code.…
Aerial views of ice waves along the Baltic Sea coast in northern Germany, where fresh winter sea ice formed layered, polygon-like patterns shaped by wind and subtle movement beneath the surface. Soft evening light reveals delicate crack lines and shifting tones across the frozen shoreline.
An anonymous reader quotes a report from KrebsOnSecurity: AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
The new hotness in AI-based assistants -- OpenClaw (formerly known as ClawdBot and Moltbot) -- has seen rapid adoption since its release in November 2025. OpenClaw is an open-source autonomous AI agent designed to run locally on your computer and proactively take actions on your behalf without needing to be prompted. If that sounds like a risky proposition or a dare, consider that OpenClaw is most useful when it has complete access to your entire digital life, where it can then manage your inbox and calendar, execute programs and tools, browse the Internet for information, and integrate with chat apps like Discord, Signal, Teams or WhatsApp.
Other more established AI assistants like Anthropic's Claude and Microsoft's Copilot also can do these things, but OpenClaw isn't just a passive digital butler waiting for commands. Rather, it's designed to take the initiative on your behalf based on what it knows about your life and its understanding of what you want done. "The testimonials are remarkable," the AI security firm Snyk observed. "Developers building websites from their phones while putting babies to sleep; users running entire companies through a lobster-themed AI; engineers who've set up autonomous code loops that fix tests, capture errors through webhooks, and open pull requests, all while they're away from their desks." You can probably already see how this experimental technology could go sideways in a hurry. [...] Last month, Meta AI safety director Summer Yue said OpenClaw unexpectedly started mass-deleting messages in her email inbox, despite instructions to confirm those actions first. She wrote: "Nothing humbles you like telling your OpenClaw 'confirm before acting' and watching it speedrun deleting your inbox. I couldn't stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb."
Krebs also noted the many misconfigured OpenClaw installations users had set up, leaving their administrative dashboards publicly accessible online. According to pentester Jamieson O'Reilly, "a cursory search revealed hundreds of such servers exposed online." When those exposed interfaces are accessed, attackers can retrieve the agent's configuration and sensitive credentials. O'Reilly warned attackers could access "every credential the agent uses -- from API keys and bot tokens to OAuth secrets and signing keys."
"You can pull the full conversation history across every integrated platform, meaning months of private messages and file attachments, everything the agent has seen," O'Reilly added. And because you control the agent's perception layer, you can manipulate what the human sees. Filter out certain messages. Modify responses before they're displayed."
The new hotness in AI-based assistants -- OpenClaw (formerly known as ClawdBot and Moltbot) -- has seen rapid adoption since its release in November 2025. OpenClaw is an open-source autonomous AI agent designed to run locally on your computer and proactively take actions on your behalf without needing to be prompted. If that sounds like a risky proposition or a dare, consider that OpenClaw is most useful when it has complete access to your entire digital life, where it can then manage your inbox and calendar, execute programs and tools, browse the Internet for information, and integrate with chat apps like Discord, Signal, Teams or WhatsApp.
Other more established AI assistants like Anthropic's Claude and Microsoft's Copilot also can do these things, but OpenClaw isn't just a passive digital butler waiting for commands. Rather, it's designed to take the initiative on your behalf based on what it knows about your life and its understanding of what you want done. "The testimonials are remarkable," the AI security firm Snyk observed. "Developers building websites from their phones while putting babies to sleep; users running entire companies through a lobster-themed AI; engineers who've set up autonomous code loops that fix tests, capture errors through webhooks, and open pull requests, all while they're away from their desks." You can probably already see how this experimental technology could go sideways in a hurry. [...] Last month, Meta AI safety director Summer Yue said OpenClaw unexpectedly started mass-deleting messages in her email inbox, despite instructions to confirm those actions first. She wrote: "Nothing humbles you like telling your OpenClaw 'confirm before acting' and watching it speedrun deleting your inbox. I couldn't stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb."
Krebs also noted the many misconfigured OpenClaw installations users had set up, leaving their administrative dashboards publicly accessible online. According to pentester Jamieson O'Reilly, "a cursory search revealed hundreds of such servers exposed online." When those exposed interfaces are accessed, attackers can retrieve the agent's configuration and sensitive credentials. O'Reilly warned attackers could access "every credential the agent uses -- from API keys and bot tokens to OAuth secrets and signing keys."
"You can pull the full conversation history across every integrated platform, meaning months of private messages and file attachments, everything the agent has seen," O'Reilly added. And because you control the agent's perception layer, you can manipulate what the human sees. Filter out certain messages. Modify responses before they're displayed."
Read more of this story at Slashdot.
Uber is expanding a pilot program aimed at addressing concerns about the safety of its ride-hailing platform
Uber launched a feature on Monday to allow both female riders and drivers across the US to be matched with other women for trips, expanding a pilot program aimed at addressing concerns about the safety of its ride-hailing platform.
The new feature is being rolled out nationwide despite an ongoing class action lawsuit against the policy in California, filed by Uber drivers who argue that it is discriminatory against men. Rival ride-hailing company Lyft is also facing a discrimination lawsuit over a similar offering that it introduced nationwide in 2024.
Continue reading...The master of the everyman gifts us some hard-won parenting insights in this blissfully awkward show about a father and daughter relationship
Humankind, as TS Eliot’s bird said in Burnt Norton , cannot bear too much reality. That feels especially salient now, when we have more reality arriving in a day than we used to have to process in a year.
At the same time, unless you go the whole high-fantasy hog and offer 100% escapism via immersion in a completely alternative world, it is becoming trickier for your audiences to believe in you at all. Programmes set in the real world have to acknowledge the new way of it. Pure, frothy comedy just became that much harder to pull off – and it was never easy. But walking the line between too much reality and not enough is almost as difficult.
Continue reading...Given their inability to win a knockout tie in normal time, there can be little doubt of the physical impediment that West Ham’s continued prolonged endeavours in this season’s FA Cup must make to their efforts of remaining in the Premier League. But, with an eminently winnable home quarter-final against Leeds United now upcoming, the chance of a rare trip to Wembley is the type of happy distraction any relegation-threatened side can embrace.
For the third time in three FA Cup ties, the conventional 90 minutes were insufficient for Nuno Espírito Santo’s team to find a winner, with two goals apiece for Jarrod Bowen and Igor Thiago cancelling each other out.
Continue reading...
