activescott's Notes

Mayo Clinic adopted a reverse RAG technique that effectively eliminated data retrieval hallucinations in their tests. In a traditional RAG setup, an LLM retrieves context from a knowledge source before generating an answer. Mayo’s reverse RAG flips this process: the model first extracts or summarizes information, then links every data point in its output back to the document. By forcing the AI to provide a reference for each fact, Mayo virtually eliminated hallucinations in non-diagnostic use cases, building clinician trust in the results.

The workflow looks like this:

1. Data Extraction — The LLM/OCR/API reads the patient’s records (e.g. discharge summaries or outside medical files) and produces a summary or list of facts. This initial output might include details as patient age, diagnoses, lab results, etc.
2. Fact Splitting — The AI output is split into individual facts or data points. Each sentence or key piece of information from the summary is treated separately.
3. Source Matching — For each fact, the system searches the patient’s records (using a vector database of document embeddings) to locate the original source text that supports that fact. Essentially, the AI is asked: “Where did this piece of information come from?” Every fact must be matched to a snippet in the records (for example, the patient’s age is verified from the admission note, a lab value from the lab report, etc.).
4. Verification — A second LLM then compares each fact to the retrieved source text and scores how well they align. It checks that the fact is truly supported by the source and not a misunderstanding or fabrication. Mayo’s team even looked for a causal relationship — ensuring the context implies that fact, not just a coincidental mention.
5. Output with References — Only facts with solid support are kept. The final output is delivered with inline citations or links to the original records for every data point. This means physicians can click a link and see exactly where each piece of information came from, ensuring transparency and trust.

LLM agents are vulnerable to prompt injection attacks when handling untrusted data. In this paper we propose CaMeL, a robust defense that creates a protective system layer around the LLM, securing it even when underlying models are susceptible to attacks. To operate, CaMeL explicitly extracts the control and data flows from the (trusted) query; therefore, the untrusted data retrieved by the LLM can never impact the program flow. To further improve security, CaMeL uses a notion of a capability to prevent the exfiltration of private data over unauthorized data flows by enforcing security policies when tools are called.

Visit a Reddit post with Comet and ask it to summarize the thread, and malicious instructions in a post there can trick Comet into accessing web pages in another tab to extract the user's email address, then perform all sorts of actions like triggering an account recovery flow and grabbing the resulting code from a logged in Gmail session.

Anthropic don't recommend autonomous mode - where the extension can act without human intervention. Their default configuration instead requires users to be much more hands-on:

Sen. Lisa Murkowski, an Alaska Republican, blasted the Pentagon’s investigation of Kelly and the FBI’s probe of him and other lawmakers.

“Senator Kelly valiantly served our country as an aviator in the U.S. Navy before later completing four space shuttle missions as a NASA astronaut,” Murkowski wrote in a post on X.

“To accuse him and other lawmakers of treason and sedition for rightfully pointing out that servicemembers can refuse illegal orders is reckless and flat-out wrong,” she wrote. “The Department of Defense and FBI surely have more important priorities than this frivolous investigation.”

Antigravity is Google’s new agentic code editor. In this article, we demonstrate how an indirect prompt injection can manipulate Gemini to invoke a malicious browser subagent in order to steal credentials and sensitive code from a user’s IDE.

Google’s approach is to include a disclaimer about the existing risks, which we address later in the article.

While the ozone hole varies in size from year to year, the report says this year's monitoring shows "controls on ozone-depleting chemical compounds established by the landmark Montreal Protocol and subsequent amendments are driving the gradual recovery of the ozone layer."

FastDomainCheck MCP Server is a Model Context Protocol (MCP) server implementation that enables secure, two-way connections between AI tools (like Claude) and domain availability data. By following the open MCP standard, it ensures seamless compatibility with various AI-powered applications.

WASHINGTON, D.C. – Today, U.S. Senator Elissa Slotkin (D-MI), Senator Mark Kelly (D-AZ) and Representatives Jason Crow (D-CO-06), Chris Deluzio (D-PA-17), Maggie Goodlander (D-NH-02), and Chrissy Houlahan (D-PA-06) released the following joint statement:  “We are veterans and national security professionals who love this country and swore an oath to protect and defend the Constitution of the United States. That oath lasts a lifetime, and we intend to keep it. No threat, intimidation, or call for violence will deter us from that sacred obligation.  “What’s most telling is that the President considers it punishable by death for us to restate the law. Our servicemembers should know that we have their backs as they fulfill their oath to the Constitution and obligation to follow only lawful orders. It is not only the right thing to do, but also our duty.  “But this isn’t about any one of us. This isn’t about politics. This is about who we are as Americans. Every American must unite and condemn the President’s calls for our murder and political violence. This is a time for moral clarity.  “In these moments, fear is contagious, but so is courage. We will continue to lead and will not be intimidated.   “Don’t Give Up the Ship!” 

The FCC has divided its wireless E911 program into two parts - Phase I and Phase II. Under Phase I, the FCC requires carriers, within six months of a valid request by a local Public Safety Answering Point (PSAP), to provide the PSAP with the telephone number of the originator of a wireless 911 call and the location of the cell site or base station transmitting the call.

Under Phase II, the FCC requires wireless carriers, within six months of a valid request by a PSAP, to begin providing information that is more precise to PSAPs, specifically, the latitude and longitude of the caller.

Probably my most enjoyable read of a machine learning-related paper.

But Trump has promised debt reduction, deficit reduction, $2,000 dividend checks and farm bailouts with the money, among other things. All of it would cost hundreds of billions of dollars, if not trillions, more in total than is on track to be collected.

How did the last security guarantees from the US (to give up nuclear weapons) work out for Ukraine?

The new Trump plan to end the war in Ukraine would grant Russia parts of eastern Ukraine it does not currently control, in exchange for a U.S. security guarantee for Ukraine and Europe against future Russian aggression, a U.S. official with direct knowledge told Axios.

A llama.cpp-based app for running local models.

A great open source alternative that I used for running llms locally without having to use llama.cpp directly.