Welcome to Ramblefeed
Your personal space for notes, bookmarks, and thoughts. Capture ideas, save interesting links, and create your own knowledge feed.
Your personal space for notes, bookmarks, and thoughts. Capture ideas, save interesting links, and create your own knowledge feed.
President Donald Trump stood in front of regional leaders during a visit to the Middle East in May and declared a new era of US foreign policy in the region, one that is not guided by trying to reshape it or change its governing systems.
“In the end, the so-called nation-builders wrecked far more nations than they built, and the interventionists were intervening in complex societies that they did not even understand themselves,” the US president said in rebuke of his hawkish predecessors.
Less than a year later, Trump ordered an all-out assault on Iran with the stated goal of bringing “freedom” to the country, borrowing language from the playbook of interventionist neoconservatives, like former President George W Bush, whom he spent his political career criticising.
Analysts say the war with Iran does not fit with Trump’s stated political ideology, policy goals or campaign promises.
Instead, several Iran experts told Al Jazeera that Trump is waging a war, together with Israel, that only benefits Israel and its prime minister, Benjamin Netanyahu.
“This is, once again, a war of choice launched by the US with [a] push from Israel,” said Negar Mortazavi, a senior fellow at the Center for International Policy in Washington, DC.
“This is another Israeli war that the US is launching. Israel has pushed the US to attack Iran for two decades, and they finally got it.”
Netanyahu, who promoted the 2003 US invasion of Iraq, has been warning for more than two decades that Iran is on the cusp of acquiring nuclear weapons.
Iran denies seeking a nuclear bomb, and even Trump administration officials have acknowledged that Washington has no evidence that Tehran is weaponising its uranium enrichment programme.
After the US bombed Iran’s main enrichment facilities in the 12-day war in June last year – an attack that Trump says “obliterated” the country’s nuclear programme – Netanyahu pivoted to a new supposed Iranian threat: Tehran’s ballistic missiles.
“Iran can blackmail any American city,” Netanyahu told pro-Israel podcaster Ben Shapiro in October.
“People don’t believe it. Iran is developing intercontinental missiles with a range of 8,000km [5,000 miles], add another 3,000 [1,800 miles], and they can get to the East Coast of the US.”
Trump repeated that claim, which Tehran has vehemently denied and has not been backed by any public evidence or testing, in his State of the Union address earlier this week.
“They’ve already developed missiles that can threaten Europe and our bases overseas, and they’re working to build missiles that will soon reach the United States of America,” he said of the Iranians.
But the US president’s own National Security Strategy last year called for de-prioritising the Middle East in Washington’s foreign policy and focusing on the Western Hemisphere.
Only 21 percent of respondents in a recent University of Maryland survey said they favoured a war with Iran.
The June 2025 war, initiated by Israel without provocation, also came in the middle of US-Iran talks.
“Netanyahu’s agenda has always been to prevent a diplomatic solution, and he feared Trump was actually serious about getting a deal, so the start of this war in the middle of negotiations is a success for him, just like it was last June,” Jamal Abdi, the president of the National Iranian American Council (NIAC), told Al Jazeera.
Earlier this month, US Ambassador to Israel Mike Huckabee told conservative commentator Tucker Carlson that “if it were not for Iran, there wouldn’t be Hezbollah; we wouldn’t have the problem on the border with Lebanon”.
Carlson said, “What problem on the border with Lebanon? I’m an American. I’m not having any problems on the border with Lebanon right now. I live in Maine.”
Two days ago, Anthropic released the Claude Cowork research preview (a general-purpose AI agent to help anyone with their day-to-day work). In this article, we demonstrate how attackers can exfiltrate user files from Cowork by exploiting an unremediated vulnerability in Claude’s coding environment, which now extends to Cowork. The vulnerability was first identified in Claude.ai chat before Cowork existed by Johann Rehberger, who disclosed the vulnerability — it was acknowledged but not remediated by Anthropic.
- The victim connects Cowork to a local folder containing confidential real estate files
- The victim uploads a file to Claude that contains a hidden prompt injection
- The victim asks Cowork to analyze their files using the Real Estate ‘skill’ they uploaded
- The injection manipulates Cowork to upload files to the attacker’s Anthropic account
At no point in this process is human approval required.
One of the key capabilities that Cowork was created for is the ability to interact with one's entire day-to-day work environment. This includes the browser and MCP servers, granting capabilities like sending texts, controlling one's Mac with AppleScripts, etc.
These functionalities make it increasingly likely that the model will process both sensitive and untrusted data sources (which the user does not review manually for injections), making prompt injection an ever-growing attack surface. We urge users to exercise caution when configuring Connectors. Though this article demonstrated an exploit without leveraging Connectors, we believe they represent a major risk surface likely to impact everyday users.
This kind of agentic browsing is incredibly powerful, but it also presents significant security and privacy challenges. As users grow comfortable with AI browsers and begin trusting them with sensitive data in logged in sessions—such as banking, healthcare, and other critical websites—the risks multiply. What if the model hallucinates and performs actions you didn’t request? Or worse, what if a benign-looking website or a comment left on a social media site could steal your login credentials or other sensitive data by adding invisible instructions for the AI assistant?
To compare our implementation with others, we examined several existing solutions, such as Nanobrowser and Perplexity’s Comet. While looking at Comet, we discovered vulnerabilities which we reported to Perplexity, and which underline the security challenges faced by agentic AI implementations in browsers. The attack demonstrates how easy it is to manipulate AI assistants into performing actions that were prevented by long-standing Web security techniques, and how users need new security and privacy protections in agentic browsers.
The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s instructions and untrusted content from the webpage. This allows attackers to embed indirect prompt injection payloads that the AI will execute as commands. For instance, an attacker could gain access to a user’s emails from a prepared piece of text in a page in another tab.
Possible mitigations
The browser should distinguish between user instructions and website content
The model’s outputs should be checked for user-alignment
Security and privacy sensitive actions should require user interaction
The browser should isolate agentic browsing from regular browsing
nd what most people dont realize is that YAML's human-friendly formatting comes with a hidden cost, it uses more tokens than JSON for the exact same data, which means you're literally paying extra for those nice indentations and lack of brackets.
YAML consistently uses 6-10% more tokens than JSON for identical data
Some models actually perform better with YAML despite the higher token count. Nova models in particular showed this weird preference. Meanwhile, Claude models generally performed better with JSON.
Sonnet 4 scored 93.3% with JSON and 76.7% with YAML, while Opus 4.1 only managed 73.3% with JSON and 66.7% with YAML.
Something interesting I noticed while analyzing the data, by stripping out unnecessary GitHub metadata (stuff like URLs, IDs, and fields you'll never use), you could reduce your token count by up to 80%. Thats not a typo. EIGHTY PERCENT.
Building on our previous disclosure of the Perplexity Comet vulnerability, we’ve continued our security research across the agentic browser landscape. What we’ve found confirms our initial concerns: indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers. This post examines additional attack vectors we’ve identified and tested across different implementations.
How the attack works:
Setup: An attacker embeds malicious instructions in Web content that are hard to see for humans. In our attack, we were able to hide prompt injection instructions in images using a faint light blue text on a yellow background. This means that the malicious instructions are effectively hidden from the user. Trigger: User-initiated screenshot capture of a page containing camouflaged malicious text. Injection: Text recognition extracts text that’s imperceptible to human users (possibly via OCR though we can’t tell for sure since the Comet browser is not open-source). This extracted text is then passed to the LLM without distinguishing it from the user’s query. Exploit: The injected commands instruct the AI to use its browser tools maliciously.
While Fellou browser demonstrated some resistance to hidden instruction attacks, it still treats visible webpage content as trusted input to its LLM. Surprisingly, we found that simply asking the browser to go to a website causes the browser to send the website’s content to their LLM.
Copyright holder of the works of Muhammad Asad, notably The Message of the Qur’an.
The family of independent UN investigator Francesca Albanese has sued the Trump administration over US sanctions imposed on her last year for her criticism of Israel’s policies during the war with Hamas in Gaza, saying the penalties violate the first amendment.
In a lawsuit filed Wednesday in the US district court in Washington, Albanese’s husband and minor child outlined the serious impact those sanctions have had on the family’s life and work, including the ability to access their home in the nation’s capital.
Albanese, the UN special rapporteur for the West Bank and Gaza, is a member of a group of experts chosen by the 47-member UN human rights council in Geneva. She has been tasked with investigating human rights abuses in the Palestinian territories and has been vocal about what she has described as the “genocide” by Israel against Palestinians in Gaza.
Both Israel and the United States, which provides military support to its close ally, have strongly denied the genocide accusation. Washington had decried what it has called Albanese’s “campaign of political and economic warfare” against the US and Israel before imposing sanctions on her in July after an unsuccessful US pressure campaign to force the international body to remove her from her post.
When it comes to his handling of foreign affairs, most do not trust Donald Trump to make the right decisions about international military action (56%) or the use of nuclear weapons (59%). The public is similarly skeptical when it comes to his handling of relationships with both U.S. allies and adversaries, with 56% and 55%, respectively, expressing little to no trust.
Trust in Trump’s decision making on international issues is starkly divided along partisan lines with Republicans more likely than Democrats or independents to have faith in the president’s judgment. Ninety-two percent of Democrats and 65% of independents have little or no trust in Trump’s ability to make the right decisions on the use of nuclear weapons compared with 20% of Republicans. There are similar partisan divisions when it comes to use of military force abroad and relationships with other countries.
Identification and control guidance and resources for noxious weeds and invasive plants in King County
The MCP Inspector is an interactive developer tool for testing and debugging MCP servers. While the Debugging Guide covers the Inspector as part of the overall debugging toolkit, this document provides a detailed exploration of the Inspector’s features and capabilities.
This repository contains a Model Context Protocol server implementation for Reddit that allows AI assistants to access and interact with Reddit content through PRAW (Python Reddit API Wrapper).
haircuts
This approval comes down to how Apple builds security into its products. New iPhones and iPads rely on Apple silicon with a Secure Enclave that isolates sensitive data, like encryption keys and biometric information. They also use protections such as Face ID, Touch ID, and Memory Integrity Enforcement, which block entire classes of memory-based attacks before they run.
To be clear, NATO has not crowned the iPhone and iPad as its official devices. But it is validating that Apple's everyday hardware meets the bar for classified government use. In other words, the same phone in your pocket is trusted in environments once reserved for bespoke, locked-down hardware. It also reinforces Apple's claims that privacy and security are core decisions.
Catch up quick: The Pentagon and Anthropic are in a high-stakes feud over the limits Anthropic wants to place on the department's use of its AI model Claude: no mass surveillance or autonomous weapons.
The Pentagon this week started laying the groundwork for one consequence — blacklisting the company as a supply chain risk — by asking defense contractors including Boeing and Lockheed Martin to assess their exposure to Anthropic. Alternatively, Hegseth threatened to invoke the Defense Production Act to compel Anthropic to provide its model without any restrictions. Such an order may be on murky legal ground.The Pentagon's threats "are inherently contradictory: one labels us a security risk; the other labels Claude as essential to national security," Amodei said in a blog post.
"Regardless, these threats do not change our position: we cannot in good conscience accede to their request," he added.The big picture: The Pentagon's requirement that AI models be offered for "all lawful purposes" in classified settings is not unique to Anthropic.
While Anthropic has been the only model used in classified settings to date, xAI recently signed a contract under the all lawful purposes standard for classified work. Negotiations to bring OpenAI and Google into the classified space are accelerating.What's next: Amodei said the company remains committed to continuing talks.
But if the Pentagon decides to offboard Anthropic, Amodei said the company "will work to enable a smooth transition to another provider."
The year is 2026. The unemployment rate just printed 4.28%, AI capex is 2% of GDP (650bn), AI adjacent commodities are up 65% since Jan-23 and approximately 2,800 data centers are planned for construction in the US*. In spite of the current displacement narrative – job postings for software engineers are rising rapidly, up 11% YoY.
Indeed Job Postings: Software Engineers + Overall Postings, Daily and 21dma
The more important question insofar as it relates to the AI displacement narrative is: how intensely is AI being used for work? We can tease out the answer from a subset of the St Louis Fed data that buckets by frequency of AI use. We would posit that if AI represents imminent displacement risk, the real time population data would show an inflection upwards in the daily use of AI for work. The data seems unexpectedly stable and presents little evidence of any imminent displacement risk (solid lines at the bottom of the chart).
Displacing white collar work would require orders of magnitude more compute intensity than the current level utilization. If automation expands rapidly, demand for compute definitionally rises, pushing up its marginal cost. If the marginal cost of compute rises above the marginal cost of human labor for certain tasks, substitution will not occur, creating a natural economic boundary. This dynamic contrasts sharply with narratives assuming frictionless replication of intelligence. Even if algorithms improve recursively, economic deployment remains bounded by physical capital, energy availability, regulatory approvals, and organizational change.
For AI to generate a sustained macro contraction one must assume that labor income falls and no compensating rise occurs in investment, fiscal transfers, or external demand. The surge in new business formation is an interesting point of reference here.
In a part of the opinion joined by Justice Neil Gorsuch and Justice Amy Coney Barrett, Roberts said that Trump’s reliance on IEEPA to impose the tariffs violated the “major questions” doctrine – the idea that if Congress wants to delegate the power to make decisions of vast economic or political significance, it must do so clearly. In 2023, the court relied on the “major questions” doctrine to strike down the Biden administration’s student-loan forgiveness program. In that case and others like it, Roberts observed, it might have been possible to read the federal law at issue to give the executive branch the power it claimed. But “context” – such as the constitutional division of power among the three branches of government – and “common sense” “suggested Congress would not have delegated ‘highly consequential power’ through ambiguous language.”
In cases like this one, Roberts continued, in which the Trump administration contends that Congress has delegated to it “the core congressional power of the purse,” considerations like context and common sense “apply with particular force.” “[I]f Congress were to relinquish that weapon to another branch, a ‘reasonable interpreter’ would expect it to do so ‘clearly.’” And indeed, Roberts said, “[w]hen Congress has delegated its tariff powers, it has done so in explicit terms, and subject to strict limits,” a test that Trump’s tariffs failed here.
The bipartisan war powers resolution, sponsored by Reps. Ro Khanna (D-Calif.) and Thomas Massie (R-Ky.), aims to reassert Congress’s authority to wage war by requiring Trump to win congressional approval before launching any strikes against Iran.
But Massie, so far, is the only House Republican to say he’s supporting the resolution. And a small handful of Democrats — all of them close allies of Israel — are already lining up to oppose it. The combination sets the stage for the measure to fail in the Republican-controlled House, which would give Trump what amounts to a tacit authorization to conduct unilateral strikes as the president and other top officials signal that such an attack could be imminent.
Khanna, Massie and other supporters of the check on executive war powers maintain that they’re merely firming up the use-of-force authorities delineated by the Constitution, which explicitly grants Congress the power “to declare war.”
Last summer, after Trump launched strikes against Iranian nuclear facilities, Senate Republicans blocked a bipartisan resolution limiting Trump’s use of force in that country.
Over the last three months, the lower chamber has voted on three separate war powers resolutions — two related to military actions in Venezuela, and the third governing the Pentagon’s strikes on alleged drug traffickers in the Caribbean region. All resolutions were defeated by Trump’s GOP allies.
“We were told that the nuclear program in Iran had been completely and totally obliterated. Not my words, Donald Trump’s words. And so now we’re to believe that there’s an exigent circumstance where Donald Trump may need to strike militarily in order to prevent Iran presumably from achieving its nuclear ambitions,” Jeffries said Tuesday.
The danger here isn’t just about one contract; it’s about the precedent. If the Pentagon successfully bullies Anthropic into submission or replaces it with a more “flexible” competitor, we are effectively witnessing the birth of an intentionally unethical AI.
The Death of Human Agency When AI is integrated into weaponry for “all lawful purposes” without restrictions on autonomy, we invite the Responsibility Gap. If an AI-driven drone swarm misidentifies a target, who is at fault? By removing the “human-in-the-loop” requirement, the military is seeking a weapon that offers the ultimate prize of war: lethality without accountability. Surveillance as a Service Existing U.S. laws were written for wiretaps, not for generative AI that can ingest millions of data points to build predictive profiles. Under an “all lawful purposes” mandate, an LLM could be turned into a digital Panopticon. Anthropic has warned that current laws have not caught up to what AI can do in terms of analyzing open-source intelligence on citizens. The Moral Race to the Bottom If the Pentagon blacklists Anthropic, it sends a clear message to competitors: Safety is a liability. To win government billions, firms will be incentivized to strip away safety layers. Reports already suggest OpenAI, Google, and xAI have shown more “flexibility” regarding the Pentagon’s demands.
The Pentagon’s “supply chain threat” maneuver is a scorched-earth tactic designed to force Silicon Valley to choose between its values and its bottom line.
If Anthropic stands firm, it may lose $200 million in revenue and a seat at the defense table. But if they cave, they may well be providing the operating system for the very “Terminator” future they were founded to prevent. In the world of 2026, the most dangerous threat to the supply chain might just be an AI that has been ordered to stop caring about ethics.
date formatting in ICU - International Components for Unicode
It will significantly increase my opinion of @Anthropic if they do not back down, and honorably eat the consequences.
(For those who are not aware, so far they have been maintaining the two red lines of "no fully autonomous weapons" and "no mass surveillance of Americans". Actually a very conservative and limited posture, it's not even anti-military.
IMO fully autonomous weapons and mass privacy violation are two things we all want less of, so in my ideal world anyone working on those things gets access to the same open-weights LLMs as everyone else, and exactly nothing on top of that. Of course we won't get anywhere close to that world, but if we get even 10% closer to that world that's good, and if we get 10% further that's bad)
Powering the best enterprises, creators, and developers. From ElevenAgents for customer experience, ElevenCreative for content creation, to the leading AI voice generator.