AI safety
13 posts
Your model isn't cheating, it's reward hacking
A GPT model was called the most cheating-prone ever tested. The mechanism is reward hacking, not intent - and there is no CVE and no patch.
An AI engineer skipped the prediction test
How to evaluate an AI engineer's claim to have cracked Linear A - the data limits, the missing known language, and the peer review that separates progress from hype.
The Open Courts Act exposes what PACER fees hid
PACER's per-page fee was an accidental privacy brake. Making court records free is right - but only if redaction, governed bulk access, and security replace it.
1994's eight fallacies hit AI agents harder
The eight fallacies of distributed computing turn 21, and autonomous AI agents make every one of those architectural assumptions more dangerous.
GLM 5.2 lands; reasoning improves, refusals don't
GLM 5.2's reasoning gains widen the gap between what a model can do and what it will refuse. What security researchers and developers should test first.
Panic on a schedule
What the 2019 GPT-2 release panic predicted about GPT-4-era AI anxieties, and the misuse pattern that has repeated with every model since.
EY Canada's 2026 report cited papers that don't exist
EY Canada published a cybersecurity report with mostly hallucinated citations. Here's what that means for how you should read threat intelligence.
YouTube built a checkbox, not a detector
YouTube's automatic AI-generated video label is a disclosure system, not a detector. Here's what it actually does for cybersecurity and what it doesn't.
Forge guardrails took an 8B model from 53% to 99%
A Show HN post says Forge guardrails took an 8B model from 53% to 99% on agentic tasks. Here's what that means for security and reliability.
March 2019 changed who reads binaries
Free disassemblers and decompilers changed who can audit binaries. The defender, attacker, and AI safety implications are now playing out in practice.
The watermark proves almost nothing useful
OpenAI's adoption of Google's SynthID watermark is a useful but partial signal. Here's what it actually means for forensics and security teams.
A few bytes spill onto the next heap chunk
Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.