activescott's Notes

To measure the adversarial robustness of AI agents, we introduce AgentDojo, an evaluation framework for agents that execute tools over untrusted data. To capture the evolving nature of attacks and defenses, AgentDojo is not a static test suite, but rather an extensible environment for designing and evaluating new agent tasks, defenses, and adaptive attacks. We populate the environment with 97 realistic tasks (e.g., managing an email client, navigating an e-banking website, or making travel bookings), 629 security test cases, and various attack and defense paradigms from the literature. We find that AgentDojo poses a challenge for both attacks and defenses: state-of-the-art LLMs fail at many tasks (even in the absence of attacks), and existing prompt injection attacks break some security properties but not all. We hope that AgentDojo can foster research on new design principles for AI agents that solve common tasks in a reliable and robust manner.

Rclone is a command-line program to manage files on cloud storage. It is a feature-rich alternative to cloud vendors' web storage interfaces. Over 70 cloud storage products support rclone including S3 object stores, business & consumer file storage services, as well as standard transfer protocols.

Rclone has powerful cloud equivalents to the unix commands rsync, cp, mv, mount, ls, ncdu, tree, rm, and cat. Rclone's familiar syntax includes shell pipeline support, and --dry-run protection. It is used at the command line, in scripts or via its API.

The Gaza Health Ministry has been documenting the deaths of Palestinians from the Israeli onslaught and reporting the number of people killed. The current toll stands at 71,667 Palestinians, with hundreds of thousands injured.

The health ministry’s numbers have long been dismissed by pro-Israeli voices as “Hamas propaganda.” However, the IDF is now supporting the ministry’s figures.

The IDF says it is now reviewing the Gaza Health Ministry’s data to determine how many militants were killed. Last year, +972 Magazine obtained IDF data that showed at least 83% of the Palestinians killed by Israeli soldiers in Gaza were civilians.

I love these guys:

The Pentagon is at odds with artificial-intelligence developer Anthropic over safeguards that would prevent the government from deploying its technology to target weapons autonomously and conduct U.S. domestic surveillance, three people familiar with the matter told Reuters. ...In its discussions with government officials, Anthropic representatives raised concerns that its tools could be used to spy on Americans or assist weapons targeting without sufficient human oversight, some of the sources told Reuters.

A library that uses zod schemas to generate an Open API Swagger documentation.

A comprehensive list of 500+ verified bots and web crawlers from CloudFlare Radar, available as a JSON dataset for bot detection, user agent analysis, and web scraping identification.

Why

Identifying legitimate bots from malicious scrapers is essential for web security and analytics. This package provides the official CloudFlare Radar verified bots directory, helping you:

Detect verified bots – Identify legitimate crawlers like Googlebot, Bingbot, and more
Filter analytics – Exclude known bots from your traffic reports
Allow-list crawlers – Permit verified bots while blocking suspicious traffic
User agent lookup – Match user agent strings against known bot patterns

DiamondBack Headache Rack for 2021–2025 | Ford | F-150 | 5'7" Bed

We need like 3 of these!

Simple cross-stack type-safety for your API, with just a sprinkle of TypeScript magic ✨

🛟 Contract-First API
🌈 It's just HTTP/REST
🔒 Supports all Standard Schema validation libraries
📦 OpenAPI generation

The monthly employment report gives a snapshot of Washington's job market. It includes the unemployment rate for Washington and the nation, the number of people working or looking for work in Washington, and the number of jobs in each industry. You can use this report to understand overall economic trends and how different industries are doing.

In 2025, the central Puget Sound region lost 12,900 jobs. If you exclude the anomaly of the COVID-19 pandemic, this is the first time the region has experienced an annual decrease of jobs since 2009, during the depths of the Great Recession.

Historically, jobs in the Puget Sound region have grown by between 30,000-40,000 jobs per year. Employment growth during the Amazon boom was significantly higher, peaking at 61,100 jobs added in 2016.

The EV maker is increasingly emphasizing the potential of artificial intelligence, driverless technology and humanoid robots to drive future growth as its traditional business of selling automobiles struggles.

The EV maker is also halting production of its S and X model vehicles and will repurpose the production facilities in Fremont, California, for Optimus. The Model S, a luxury sedan that costs about $95,000 and the Model X, an SUV with a pricetag of nearly $100,000, are low volume vehicles compared to Tesla’s more affordable 3 and Y models.

Adjusted earnings per share were 50 cents in the quarter, Tesla said Wednesday, higher than the average of analyst estimates. The results snap a string of quarters in which profit was weaker than expected.

The profit beat helps offset disappointment stemming from a steady decline in vehicle sales: Tesla earlier this month reported a 9% decline in 2025 deliveries from the previous year. That slump sharpened in the fourth quarter, when deliveries dropped 16% from a year earlier.

Revenue from regulatory credits fell 22% in the fourth quarter from a year earlier, showing how a lucrative revenue stream is drying up. The company receives the payments from competitors who exceed federal fuel economy standards. That income has dropped after the Trump administration eliminated penalties for automakers that failed to meet the standards. Due to the lower regulatory credit revenue and a drop in vehicle deliveries, Tesla’s 2025 revenue declined for the first time.

The company reported 1.1 million active subscribers for its Full Self Driving driver assistance software — up nearly 40% from a year earlier. The software, which currently is not considered autonomous and requires constant human supervision, is becoming subscription-only starting after Feb. 14.

Robotaxi launched in Austin in June. This month, Tesla started rolling out “a few” robotaxis without human driver supervision in Austin. It plans to scale this to its entire Austin fleet over time. The company also operates a rideshare service on the same app in the San Francisco Bay Area that is not considered autonomous and has drivers in the front seat. It also has permits to test the service in Nevada and Arizona.

The security firm identified risks such as exposed gateways and API/OAuth tokens, plaintext storage credentials under ~/.clawdbot/, corporate data leakage via AI-mediated access, and an extended prompt-injection attack surface.

A major concern is that there is no sandboxing for the AI assistant by default. This means that the agent has the same complete access to data as the user.

Similar warnings about Moltbot were issued by Arkose Labs’ Kevin Gosschalk, 1Password, Intruder, and Hudson Rock. According to Intruder, some attacks targeted exposed Moltbot endpoints for credential theft and prompt injection.

Hudson Rock warned that info-stealing malware like RedLine, Lumma, and Vidar will soon adapt to target Moltbot’s local storage to steal sensitive data and account credentials.

A separate case of a malicious VSCode extension impersonating Clawdbot was also caught by Aikido researchers. The extension installs ScreenConnect RAT on developers' machines.

The big picture shows that spending has remained at similar levels. According to USASpending.gov, average monthly federal spending in the year leading up to January 2025 was $443.1 billion. In October 2025, it was $442.9 billion, down .05%.

tRPC allows you to easily build & consume fully typesafe APIs without schemas or code generation. Features

✅  Well-tested and production ready.
🧙‍♂️  Full static typesafety & autocompletion on the client, for inputs, outputs, and errors.
🐎  Snappy DX - No code generation, run-time bloat, or build pipeline.
🍃  Light - tRPC has zero deps and a tiny client-side footprint.
🐻  Easy to add to your existing brownfield project.
🔋  Batteries included - React.js/Next.js/Express.js/Fastify adapters. (But tRPC is not tied to React, and there are many community adapters for other libraries)
🥃  Subscriptions support.
⚡️  Request batching - requests made at the same time can be automatically combined into one
👀  Quite a few examples in the ./examples-folder

A few random notes from claude coding quite a bit last few weeks.

Coding workflow. Given the latest lift in LLM coding capability, like many others I rapidly went from about 80% manual+autocomplete coding and 20% agents in November to 80% agent coding and 20% edits+touchups in December. i.e. I really am mostly programming in English now, a bit sheepishly telling the LLM what code to write... in words. It hurts the ego a bit but the power to operate over software in large "code actions" is just too net useful, especially once you adapt to it, configure it, learn to use it, and wrap your head around what it can and cannot do. This is easily the biggest change to my basic coding workflow in ~2 decades of programming and it happened over the course of a few weeks. I'd expect something similar to be happening to well into double digit percent of engineers out there, while the awareness of it in the general population feels well into low single digit percent.

IDEs/agent swarms/fallability. Both the "no need for IDE anymore" hype and the "agent swarm" hype is imo too much for right now. The models definitely still make mistakes and if you have any code you actually care about I would watch them like a hawk, in a nice large IDE on the side. The mistakes have changed a lot - they are not simple syntax errors anymore, they are subtle conceptual errors that a slightly sloppy, hasty junior dev might do. The most common category is that the models make wrong assumptions on your behalf and just run along with them without checking. They also don't manage their confusion, they don't seek clarifications, they don't surface inconsistencies, they don't present tradeoffs, they don't push back when they should, and they are still a little too sycophantic. Things get better in plan mode, but there is some need for a lightweight inline plan mode. They also really like to overcomplicate code and APIs, they bloat abstractions, they don't clean up dead code after themselves, etc. They will implement an inefficient, bloated, brittle construction over 1000 lines of code and it's up to you to be like "umm couldn't you just do this instead?" and they will be like "of course!" and immediately cut it down to 100 lines. They still sometimes change/remove comments and code they don't like or don't sufficiently understand as side effects, even if it is orthogonal to the task at hand. All of this happens despite a few simple attempts to fix it via instructions in CLAUDE . md. Despite all these issues, it is still a net huge improvement and it's very difficult to imagine going back to manual coding. TLDR everyone has their developing flow, my current is a small few CC sessions on the left in ghostty windows/tabs and an IDE on the right for viewing the code + manual edits.

Tenacity. It's so interesting to watch an agent relentlessly work at something. They never get tired, they never get demoralized, they just keep going and trying things where a person would have given up long ago to fight another day. It's a "feel the AGI" moment to watch it struggle with something for a long time just to come out victorious 30 minutes later. You realize that stamina is a core bottleneck to work and that with LLMs in hand it has been dramatically increased.

Speedups. It's not clear how to measure the "speedup" of LLM assistance. Certainly I feel net way faster at what I was going to do, but the main effect is that I do a lot more than I was going to do because 1) I can code up all kinds of things that just wouldn't have been worth coding before and 2) I can approach code that I couldn't work on before because of knowledge/skill issue. So certainly it's speedup, but it's possibly a lot more an expansion.

Leverage. LLMs are exceptionally good at looping until they meet specific goals and this is where most of the "feel the AGI" magic is to be found. Don't tell it what to do, give it success criteria and watch it go. Get it to write tests first and then pass them. Put it in the loop with a browser MCP. Write the naive algorithm that is very likely correct first, then ask it to optimize it while preserving correctness. Change your approach from imperative to declarative to get the agents looping longer and gain leverage.

Fun. I didn't anticipate that with agents programming feels more fun because a lot of the fill in the blanks drudgery is removed and what remains is the creative part. I also feel less blocked/stuck (which is not fun) and I experience a lot more courage because there's almost always a way to work hand in hand with it to make some positive progress. I have seen the opposite sentiment from other people too; LLM coding will split up engineers based on those who primarily liked coding and those who primarily liked building.

Atrophy. I've already noticed that I am slowly starting to atrophy my ability to write code manually. Generation (writing code) and discrimination (reading code) are different capabilities in the brain. Largely due to all the little mostly syntactic details involved in programming, you can review code just fine even if you struggle to write it.

Slopacolypse. I am bracing for 2026 as the year of the slopacolypse across all of github, substack, arxiv, X/instagram, and generally all digital media. We're also going to see a lot more AI hype productivity theater (is that even possible?), on the side of actual, real improvements.

Questions. A few of the questions on my mind:

• What happens to the "10X engineer" - the ratio of productivity between the mean and the max engineer? It's quite possible that this grows a lot.
• Armed with LLMs, do generalists increasingly outperform specialists? LLMs are a lot better at fill in the blanks (the micro) than grand strategy (the macro).
• What does LLM coding feel like in the future? Is it like playing StarCraft? Playing Factorio? Playing music?
• How much of society is bottlenecked by digital knowledge work?

TLDR Where does this leave us? LLM agent capabilities (Claude & Codex especially) have crossed some kind of threshold of coherence around December 2025 and caused a phase shift in software engineering and closely related. The intelligence part suddenly feels quite a bit ahead of all the rest of it - integrations (tools, knowledge), the necessity for new organizational workflows, processes, diffusion more generally. 2026 is going to be a high energy year as the industry metabolizes the new capability.

An interesting tool that uses playwright to extract structure based on apparently accessibility roles and geometry of “important” elements and use that for an execution agent to process the page results. Important elements are somehow ranked. Then geometry is inferred from those elements.

Also relies on jest-style assertions to explicitly assert whether a step succeeded or failed.