Today's digest · Saturday, June 27

The 14 things in AI/dev today.

LiveNext issue at 7:00 CET

Stories

#1 / TODAY

Simon Willison·1 min·11h agoFREE+1 mirror

What happened after 2,000 people tried to hack my AI assistant

Fernando Irarrázaval ran a challenge on hackmyclaw.com where 2,000 people attempted to hack his OpenClaw AI assistant via email. After 6,000 attempts, $500 in token spend, and a Google account suspension, nobody leaked the secret. Simon Willison notes that frontier models are becoming harder to inject, but warns against deploying production systems where injection could cause irreversible damage.

Even 6,000 failed prompt injection attempts don't guarantee security; production systems need robust defenses.

prompt-injectionai-securityllmsopenclaw

simonwillison.net

What happened after 2,000 people tried to hack my AI assistant

GuixPkgs: every Guix package, as a Nix flake

#2 / TOP STORY

LobstersFREE

GuixPkgs: every Guix package, as a Nix flake

Farid Zakaria released GuixPkgs, a Nix flake that makes every GNU Guix package available in Nix. It uses guix-transfer to rewrite Guix derivations into Nix derivations, built via nix-daemon without requiring Guix on the consuming side. A Cachix binary cache is provided to avoid recompiling Guix's source bootstrap.

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

#3 / TOP STORY

The Hacker NewsFREE

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A new Linux exploit named 'pedit COW' enables root access by poisoning cached binaries. The attack leverages a race condition to modify cached executable content, allowing privilege escalation. The exploit affects systems using the Linux kernel's page cache, potentially giving attackers full control over compromised machines.

aigest · daily

Get this every morning.

One email. The signal. Built for builders.

Free · Unsubscribe in one click · No trackers

// Worth acting on2 stories

Polymarket customers lose $3 million in supply-chain attack

Supply-chain attacks can compromise user funds in decentralized platforms, highlighting critical security risks for developers.

polymarketsupply-chain-attacksecuritydefi

BleepingComputer12h ago1mFREE

AWS, Microsoft, and Google agree the session is the new unit of compute. They disagree on how to isolate it.

Developers building multi-agent systems need to understand session isolation approaches to ensure security and performance.

awsmicrosoftgoogleagents

The New Stack16h ago1mFREE

// Worth knowing9 stories

Show HN: Smart model routing directly in Claude, Codex and Cursor

Developers can reduce API costs without changing their existing AI tool workflows.

claudecodexcursormodel-routing

Hacker News13h ago1mFREE

The AI agent identity problem nobody’s talking about

Developers must address agent identity to prevent security gaps in autonomous AI workflows.

ai-agentsidentityauthenticationsecurity

The New Stack17h ago1mFREE

Retrofit, don’t rebuild: Agentic overlays for transforming legacy enterprise services

Enterprises can modernize legacy systems without costly rebuilds by adding AI agent overlays.

awslegacyagentsmodernization

AWS ML Blog36h ago1mFREE

Your engineering org needs an AI slop registry

Without a registry, AI-generated code quality issues can accumulate, increasing technical debt and maintenance burden.

ai-governancecode-qualitytechnical-debt

The New Stack16h ago1mFREE

Inspect Volcano workloads faster with Headlamp

Developers can now inspect Volcano batch workloads faster using a dedicated Headlamp plugin.

kubernetesheadlampvolcanobatch-scheduling

Kubernetes34h ago1mFREE

I Built 9 AI Agents to Run a Gym. Here's the Architecture.

Shows a practical multi-agent architecture for automating small business operations.

ai-agentsarchitectureautomationgym

DEV Community3h ago1mFREE

Build interactive PDF text extraction from Amazon S3

Enables developers to build searchable PDF archives without manual data extraction.

awspdftext-extractions3

AWS ML Blog15h ago1mFREE

Your First GRC Agent: A Red Teamer's Walkthrough

Red teamers can automate compliance tasks, freeing time for more critical security assessments.

grcred-teamingautomationsecurity

BleepingComputer16h ago1mFREE

Durable Objects, Workers - New `us` jurisdiction for Durable Objects

Developers can now ensure Durable Objects data resides in the US, aiding compliance with data residency requirements.

cloudflaredurable-objectsworkersdata-residency

Cloudflare Developer Platform30h ago1mFREE

// Yesterday10 stories