activescott's Notes

President Donald Trump stood in front of regional leaders during a visit to the Middle East in May and declared a new era of US foreign policy in the region, one that is not guided by trying to reshape it or change its governing systems.

“In the end, the so-called nation-builders wrecked far more nations than they built, and the interventionists were intervening in complex societies that they did not even understand themselves,” the US president said in rebuke of his hawkish predecessors.

Less than a year later, Trump ordered an all-out assault on Iran with the stated goal of bringing “freedom” to the country, borrowing language from the playbook of interventionist neoconservatives, like former President George W Bush, whom he spent his political career criticising.

Analysts say the war with Iran does not fit with Trump’s stated political ideology, policy goals or campaign promises.

Instead, several Iran experts told Al Jazeera that Trump is waging a war, together with Israel, that only benefits Israel and its prime minister, Benjamin Netanyahu.

“This is, once again, a war of choice launched by the US with [a] push from Israel,” said Negar Mortazavi, a senior fellow at the Center for International Policy in Washington, DC.

“This is another Israeli war that the US is launching. Israel has pushed the US to attack Iran for two decades, and they finally got it.”

Netanyahu, who promoted the 2003 US invasion of Iraq, has been warning for more than two decades that Iran is on the cusp of acquiring nuclear weapons.

Iran denies seeking a nuclear bomb, and even Trump administration officials have acknowledged that Washington has no evidence that Tehran is weaponising its uranium enrichment programme.

After the US bombed Iran’s main enrichment facilities in the 12-day war in June last year – an attack that Trump says “obliterated” the country’s nuclear programme – Netanyahu pivoted to a new supposed Iranian threat: Tehran’s ballistic missiles.

“Iran can blackmail any American city,” Netanyahu told pro-Israel podcaster Ben Shapiro in October.

“People don’t believe it. Iran is developing intercontinental missiles with a range of 8,000km [5,000 miles], add another 3,000 [1,800 miles], and they can get to the East Coast of the US.”

Trump repeated that claim, which Tehran has vehemently denied and has not been backed by any public evidence or testing, in his State of the Union address earlier this week.

“They’ve already developed missiles that can threaten Europe and our bases overseas, and they’re working to build missiles that will soon reach the United States of America,” he said of the Iranians.

But the US president’s own National Security Strategy last year called for de-prioritising the Middle East in Washington’s foreign policy and focusing on the Western Hemisphere.

Only 21 percent of respondents in a recent University of Maryland survey said they favoured a war with Iran.

The June 2025 war, initiated by Israel without provocation, also came in the middle of US-Iran talks.

“Netanyahu’s agenda has always been to prevent a diplomatic solution, and he feared Trump was actually serious about getting a deal, so the start of this war in the middle of negotiations is a success for him, just like it was last June,” Jamal Abdi, the president of the National Iranian American Council (NIAC), told Al Jazeera.

Earlier this month, US Ambassador to Israel Mike Huckabee told conservative commentator Tucker Carlson that “if it were not for Iran, there wouldn’t be Hezbollah; we wouldn’t have the problem on the border with Lebanon”.

Carlson said, “What problem on the border with Lebanon? I’m an American. I’m not having any problems on the border with Lebanon right now. I live in Maine.”

Two days ago, Anthropic released the Claude Cowork research preview (a general-purpose AI agent to help anyone with their day-to-day work). In this article, we demonstrate how attackers can exfiltrate user files from Cowork by exploiting an unremediated vulnerability in Claude’s coding environment, which now extends to Cowork. The vulnerability was first identified in Claude.ai chat before Cowork existed by Johann Rehberger, who disclosed the vulnerability — it was acknowledged but not remediated by Anthropic.

1. The victim connects Cowork to a local folder containing confidential real estate files
2. The victim uploads a file to Claude that contains a hidden prompt injection
3. The victim asks Cowork to analyze their files using the Real Estate ‘skill’ they uploaded
4. The injection manipulates Cowork to upload files to the attacker’s Anthropic account

At no point in this process is human approval required.

One of the key capabilities that Cowork was created for is the ability to interact with one's entire day-to-day work environment. This includes the browser and MCP servers, granting capabilities like sending texts, controlling one's Mac with AppleScripts, etc.

These functionalities make it increasingly likely that the model will process both sensitive and untrusted data sources (which the user does not review manually for injections), making prompt injection an ever-growing attack surface. We urge users to exercise caution when configuring Connectors. Though this article demonstrated an exploit without leveraging Connectors, we believe they represent a major risk surface likely to impact everyday users.

This kind of agentic browsing is incredibly powerful, but it also presents significant security and privacy challenges. As users grow comfortable with AI browsers and begin trusting them with sensitive data in logged in sessions—such as banking, healthcare, and other critical websites—the risks multiply. What if the model hallucinates and performs actions you didn’t request? Or worse, what if a benign-looking website or a comment left on a social media site could steal your login credentials or other sensitive data by adding invisible instructions for the AI assistant?

To compare our implementation with others, we examined several existing solutions, such as Nanobrowser and Perplexity’s Comet. While looking at Comet, we discovered vulnerabilities which we reported to Perplexity, and which underline the security challenges faced by agentic AI implementations in browsers. The attack demonstrates how easy it is to manipulate AI assistants into performing actions that were prevented by long-standing Web security techniques, and how users need new security and privacy protections in agentic browsers.

The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s instructions and untrusted content from the webpage. This allows attackers to embed indirect prompt injection payloads that the AI will execute as commands. For instance, an attacker could gain access to a user’s emails from a prepared piece of text in a page in another tab.

Possible mitigations

The browser should distinguish between user instructions and website content

The model’s outputs should be checked for user-alignment

Security and privacy sensitive actions should require user interaction

The browser should isolate agentic browsing from regular browsing

nd what most people dont realize is that YAML's human-friendly formatting comes with a hidden cost, it uses more tokens than JSON for the exact same data, which means you're literally paying extra for those nice indentations and lack of brackets.

YAML consistently uses 6-10% more tokens than JSON for identical data

Some models actually perform better with YAML despite the higher token count. Nova models in particular showed this weird preference. Meanwhile, Claude models generally performed better with JSON.

Sonnet 4 scored 93.3% with JSON and 76.7% with YAML, while Opus 4.1 only managed 73.3% with JSON and 66.7% with YAML.

Something interesting I noticed while analyzing the data, by stripping out unnecessary GitHub metadata (stuff like URLs, IDs, and fields you'll never use), you could reduce your token count by up to 80%. Thats not a typo. EIGHTY PERCENT.

Building on our previous disclosure of the Perplexity Comet vulnerability, we’ve continued our security research across the agentic browser landscape. What we’ve found confirms our initial concerns: indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers. This post examines additional attack vectors we’ve identified and tested across different implementations.

How the attack works:

Setup: An attacker embeds malicious instructions in Web content that are hard to see for humans. In our attack, we were able to hide prompt injection instructions in images using a faint light blue text on a yellow background. This means that the malicious instructions are effectively hidden from the user.
Trigger: User-initiated screenshot capture of a page containing camouflaged malicious text.
Injection: Text recognition extracts text that’s imperceptible to human users (possibly via OCR though we can’t tell for sure since the Comet browser is not open-source). This extracted text is then passed to the LLM without distinguishing it from the user’s query.
Exploit: The injected commands instruct the AI to use its browser tools maliciously.

While Fellou browser demonstrated some resistance to hidden instruction attacks, it still treats visible webpage content as trusted input to its LLM. Surprisingly, we found that simply asking the browser to go to a website causes the browser to send the website’s content to their LLM.

Copyright holder of the works of Muhammad Asad, notably The Message of the Qur’an.

The family of independent UN investigator Francesca Albanese has sued the Trump administration over US sanctions imposed on her last year for her criticism of Israel’s policies during the war with Hamas in Gaza, saying the penalties violate the first amendment.

In a lawsuit filed Wednesday in the US district court in Washington, Albanese’s husband and minor child outlined the serious impact those sanctions have had on the family’s life and work, including the ability to access their home in the nation’s capital.

Albanese, the UN special rapporteur for the West Bank and Gaza, is a member of a group of experts chosen by the 47-member UN human rights council in Geneva. She has been tasked with investigating human rights abuses in the Palestinian territories and has been vocal about what she has described as the “genocide” by Israel against Palestinians in Gaza.

Both Israel and the United States, which provides military support to its close ally, have strongly denied the genocide accusation. Washington had decried what it has called Albanese’s “campaign of political and economic warfare” against the US and Israel before imposing sanctions on her in July after an unsuccessful US pressure campaign to force the international body to remove her from her post.

When it comes to his handling of foreign affairs, most do not trust Donald Trump to make the right decisions about international military action (56%) or the use of nuclear weapons (59%). The public is similarly skeptical when it comes to his handling of relationships with both U.S. allies and adversaries, with 56% and 55%, respectively, expressing little to no trust.

Trust in Trump’s decision making on international issues is starkly divided along partisan lines with Republicans more likely than Democrats or independents to have faith in the president’s judgment. Ninety-two percent of Democrats and 65% of independents have little or no trust in Trump’s ability to make the right decisions on the use of nuclear weapons compared with 20% of Republicans. There are similar partisan divisions when it comes to use of military force abroad and relationships with other countries.

Identification and control guidance and resources for noxious weeds and invasive plants in King County

The MCP Inspector is an interactive developer tool for testing and debugging MCP servers. While the Debugging Guide covers the Inspector as part of the overall debugging toolkit, this document provides a detailed exploration of the Inspector’s features and capabilities.

This repository contains a Model Context Protocol server implementation for Reddit that allows AI assistants to access and interact with Reddit content through PRAW (Python Reddit API Wrapper).

haircuts

This approval comes down to how Apple builds security into its products. New iPhones and iPads rely on Apple silicon with a Secure Enclave that isolates sensitive data, like encryption keys and biometric information. They also use protections such as Face ID, Touch ID, and Memory Integrity Enforcement, which block entire classes of memory-based attacks before they run.

To be clear, NATO has not crowned the iPhone and iPad as its official devices. But it is validating that Apple's everyday hardware meets the bar for classified government use. In other words, the same phone in your pocket is trusted in environments once reserved for bespoke, locked-down hardware. It also reinforces Apple's claims that privacy and security are core decisions.

Catch up quick: The Pentagon and Anthropic are in a high-stakes feud over the limits Anthropic wants to place on the department's use of its AI model Claude: no mass surveillance or autonomous weapons.

The Pentagon this week started laying the groundwork for one consequence — blacklisting the company as a supply chain risk — by asking defense contractors including Boeing and Lockheed Martin to assess their exposure to Anthropic.
Alternatively, Hegseth threatened to invoke the Defense Production Act to compel Anthropic to provide its model without any restrictions. Such an order may be on murky legal ground.

The Pentagon's threats "are inherently contradictory: one labels us a security risk; the other labels Claude as essential to national security," Amodei said in a blog post.

"Regardless, these threats do not change our position: we cannot in good conscience accede to their request," he added.

The big picture: The Pentagon's requirement that AI models be offered for "all lawful purposes" in classified settings is not unique to Anthropic.

While Anthropic has been the only model used in classified settings to date, xAI recently signed a contract under the all lawful purposes standard for classified work.
Negotiations to bring OpenAI and Google into the classified space are accelerating. 

What's next: Amodei said the company remains committed to continuing talks.

But if the Pentagon decides to offboard Anthropic, Amodei said the company "will work to enable a smooth transition to another provider."