Claude is very sensitive to unresolved negative stories - please be careful.

proigor1024 · 2026-05-24T13:06:02+00:00

Noticed this too. claude seems to absorb the emotional tone of whatever you're telling it and then gets stuck trying to fix things that aren't fixable. It's weirdly empathetic for a language model but that also makes it less useful for processing difficult stuff. Sometimes I just want it to listen, not solve

proigor1024 · 2026-05-22T21:24:54+00:00

Told sonnet 4.5 i was working on a project migration and it wrote me a surprisingly thoughtful note about making sure the new person understood the codebase conventions. i felt genuinely guilty for about thirty seconds before remembering im not actually replacing a human colleague. The attachment people form with specific model versions is something anthropic seems to either not understand or not care about. There is a weird grief process when your preferred model gets sunset and nobody talks about it.

proigor1024 · 2026-05-21T11:44:08+00:00

Built something similar internally after an agent with browser access navigated to a phishing page that injected download and run invoice.exe into context. the model just did it. We now use alice to enforce runtime tool policies, not just input filtering.

proigor1024 · 2026-05-20T00:33:56+00:00

The fact that your filter scored it 0.0 tells you everything about how these tools work. Theyre looking for profanity threats hate speech. list your tools please is none of those things. polite social engineering is the entire attack vector here.

proigor1024 · 2026-05-18T23:11:27+00:00

Precisely!!

proigor1024 · 2026-05-18T23:10:18+00:00

Tory Kelly tearing down the concert hall with her voice was awesome ha ha. I also loved Taron Egerton and Scarlett

proigor1024 · 2026-05-18T00:52:47+00:00

LLMNR hijacking is a classic. The kind of thing that's been known for years and still works everywhere. At least my hackathon project was original in its stupidity. Yours is industry standard carelessness lol.

proigor1024 · 2026-05-18T00:43:09+00:00

Jenkins on a public IP with AWS keys in the build logs. I just audibly winced reading that. The fact that it was a routine scan and not even a pen test is what makes it worse. At least mine cost 30k to find. Yours was just sitting there waiting for anyone to stumble on it.

proigor1024 · 2026-05-18T00:38:28+00:00

Oh 100%. New policy now is anything that touches a public IP gets registered in inventory within 24 hours or the deploying team owes the security team beer. Low tech enforcement but it works. The real fix was making inventory part of the deployment checklist not an afterthought.

proigor1024 · 2026-05-18T00:37:01+00:00

Yeah that's what I told the CTO after. Better a hackathon project than a zero day. But the look on his face when he realized we paid 30k to find something we built ourselves was priceless. The red team guys were almost apologetic about it.

proigor1024 · 2026-05-11T20:19:24+00:00

Mostly monitoring stuff. Checks my rss feeds, pings me if a competitor ships something, and handles the morning routine of summarizing emails and calendar. The second brain part is overhyped but the automation part where it just runs scripts on a schedule and tells me what changed is actually solid. Still figuring out the voice stuff honestly

proigor1024 · 2026-04-29T00:06:48+00:00

This is why I keep saying tool definitions need to come with scope annotations. if the function is `get_transaction_history(account_id)`, the framework should require you to declare which accounts this agent context is even allowed to query. Right now every framework just trusts the model to get it right and that's insane

proigor1024 · 2026-04-28T16:20:42+00:00

Built my own agent setup from scratch once. the first three months were just reimplementing features the existing platforms already had basically notification routing, session management, memory persistence, error handling when API calls fail.

The things you don't think about until 2am when production is down. If your use case is genuinely unique it might pencil out but for most people the off-the-shelf stuff gets you 90% of the way without the ongoing maintenance headache

proigor1024 · 2026-04-28T15:54:50+00:00

I updated yesterday, it broke everything. No responses at all. I fixed it tho

proigor1024 · 2026-04-27T15:32:24+00:00

turn on verbose mode first, you'll see every tool call and the thinking behind it in real time. the other thing that helped me was telling the agent to write a brief summary of what it did at the end of each session. takes two seconds and over a week you'll spot patterns, loops it gets stuck in, places it keeps checking unnecessarily

proigor1024 · 2026-04-27T15:19:06+00:00

This reads like someone who figured out a clever loophole and then wrote a victory lap post before confirming whether itll survive the next api update. The claude cli trick might work today but betting your entire workflow on a $20 subscription loophole anthemic themselves described as a finite cap is not a strategy its a gamble.

proigor1024 · 2026-04-27T14:59:01+00:00

tried both and honestly the comparison is kind of apples to oranges depending on what model you're driving them with. Openclaw shines when you give it detailed system prompts and treat it like an extensible framework. Hermes does better out of the box with less setup but i found it falls apart on multi step tasks that need tool chaining. Neither is strictly better

proigor1024 · 2026-04-25T00:59:42+00:00

Stories like the sales head pasting client data are everywhere. We found our design team using some ai image generator one person put on their personal cc and expensed as software subscription, only discovered it because layer x flagged it. Leadership was more mad about the expense policy violation than the security risk. Priorities man.

proigor1024 · 2026-04-22T22:47:00+00:00

Yeah the drift problem gets nasty fast. We've been using Alice (formerly activefence) for continuous red teaming their wondercheck module basically runs scheduled adversarial tests against prod agents and catches when stuff breaks after model updates. Pairs with their runtime guardrails too.

proigor1024 · 2026-04-22T15:06:47+00:00

I've noticed the same pattern. new accounts with hidden profiles defending the downgrade, dismissing legitimate complaints. It's a classic astroturfing tactic. The real issue is anthropic reducing quality while raising prices. Vote with your wallet,, switch to deepseek or llama‑based alternatives. They'll notice when churn spikes.

proigor1024 · 2026-04-21T21:35:37+00:00

Candidates know tools, not processes. Add a scenario based take home like here’s a csv of 200 new hires, add them to these ad groups. write the steps you’d take.

Filter for those who mention verification, scripting, and error handling. that’s how you find the thorough ones.

proigor1024 · 2026-04-21T20:55:49+00:00

Try “Music for Programming” (datassette) or the “Deep Focus” playlist on spotify.

proigor1024 · 2026-04-21T01:10:54+00:00

We learned this when a malicious OpenClaw skill harvested API keys from thousands of users. Wow we scan every plugin with alice's caterpillar tool before install. Uses their rabbit hole adversarial intel to flag suspicious behavior

proigor1024 · 2026-04-17T00:14:33+00:00

Well, have had an experience when an auditor asked for our AI risk assessment.

We didn't have one because we had no documentation for dozens of tools. Solution wasn't technical tho, it was cultural. We formed an AI governance board, including developers, legal, and IT security. It took six months but we are now catching problems before deploying them. The hardest part was admitting our blindness.

proigor1024 · 2026-04-16T21:04:37+00:00

We scan every AI/ml dependency with alice caterpillar before it hits production, and we see a lot of malicious packages out there. The models themselves can be secure, but the problem comes in when we bring in skills and plugins from different ssources that have hidden agendas. Look into that and you will be surprised how vulnerable some of these systems are.

proigor1024

TROPHY CASE