Simonwillison

<p><strong><a href="https://role-confusion.github.io">Prompt Injection as Role Confusion</a></strong></p> First, I absolutely love this:</p> <blockquote> <p>This is a blog-style writeup of the paper.</p> </blockquote> <p>I wish <em>every paper</em> would come with one of these. Academic writing is pretty dry - the impact of a paper can be so much higher if you publish a readable version to accompany the formal one.</p> <p>Charles Ye, Jasmine Cui, and Dylan Hadfield-Menell present some fascinatin

<p>This morning <a href="https://news.ycombinator.com/item?id=48630171">on Hacker News</a> I saw <a href="https://hustvl.github.io/Moebius/">Moebius: 0.2B Lightweight Image Inpainting Framework with 10B-Level Performance</a>, describing a small but effective inpainting model - a model where you can mark regions of an image to remove and the model imagines what should fill the space. The released model <a href="https://github.com/hustvl/Moebius/blob/9310b76e368f5f7a8ecdf06493231af279c9973b/requir

<p><strong><a href="https://blog.cloudflare.com/temporary-accounts/">Temporary Cloudflare Accounts for AI agents</a></strong></p> The announcement says this is "for AI agents" but (as is pretty common these days) the AI hook isn't really necessary, this is an interesting feature for everyone else as well.</p> <p>Short version: you can now create a Cloudflare Workers project and run this, without even creating a Cloudflare account:</p> <pre><code>npx wrangler deploy --temporary </code></pre> <p>C

<blockquote cite="https://news.ycombinator.com/item?id=48592163#48593190"><p>The real valuable capability MCP offers over skills/CLI is isolating the auth flow outside of the agent’s context window, and potentially out of the harness completely. [...]</p> <p>Maybe the idealized form of MCP is just an auth gateway for the API and nothing else. That’d still be a win.</p></blockquote> <p class="cite">— <a href="https://news.ycombinator.com/item?id=48592163#48593190">Sean Lynch</a>, comment on Hacke

<p>Chinese AI lab <a href="https://z.ai/">Z.ai</a> released GLM-5.2 <a href="https://x.com/Zai_org/status/2065704919299235870">to their coding plan subscribers</a> on June 13th, and then yesterday (June 16th) released the full open weights under an MIT license. Similar in size to their previous GLM-5 and GLM-5.1 releases, this is 753B parameter, <a href="https://huggingface.co/zai-org/GLM-5.2">1.51TB</a> monster - with 40 active parameters (Mixture of Experts). GLM-5.2 is a text input only model

<blockquote cite="https://charitydotwtf.substack.com/p/ai-demands-more-engineering-discipline#footnote-2"><p>What happened in 2025 was this: <strong>the economics of code production were turned upside down</strong>. Instead of being very hard, time-consuming, and expensive to generate code, it became effectively free and instant. Lines of code went from being treasured, reused, cared for and carefully curated, to being disposable and regenerable, practically overnight.</p></blockquote> <p class=

<p><strong><a href="https://www.lutasecurity.com/post/the-fable-5-export-controls-harm-us-cyber-defense">The Fable 5 Export Controls Harm US Cyber Defense</a></strong></p> I <a href="https://simonwillison.net/2026/Jun/16/matteo-wong-the-atlantic/">quoted The Atlantic</a> quoting Kate Moussouris earlier, when I should have gone straight to the source. Here she is confirming that the "jailbreak" that got Claude Fable 5 banned under an export control really was "fix this code":</p> <blockquote> <p>

<blockquote cite="https://www.theatlantic.com/technology/2026/06/trump-anthropic-export-control-ai-race/687555/?gift=5MjKTLV9QwyU_J0HzTnanoWieJfkMhNH_YTT9pP_fhA"><p>Katie Moussouris, a cybersecurity expert and the CEO of Luta Security, told me that Anthropic shared with her a copy of the White House’s report on the Fable jailbreak to get her appraisal. (She said that she is not being paid by Anthropic.) The report, Moussouris said, involved IT experts asking Fable to help find and patch bugs. Wh

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-apps/releases/tag/0.1a2">datasette-apps 0.1a2</a></p> <blockquote> <ul> <li>Custom network/CSP origins for apps are now guarded by a new <code>apps-set-csp</code> permission, with an optional <code>allowed_csp_origins</code> plugin allow-list for non-privileged users. The Datasette Agent app creation tool enforces the same rules. <a href="https://github.com/datasette/datasette-apps/issues/24">#24</a></li> <li>Stored que

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent/releases/tag/0.3a0">datasette-agent 0.3a0</a></p> <blockquote> <ul> <li>New tool, <code>execute_write_sql</code>, which requests user approval and then writes to a database - taking user permissions into account. <a href="https://github.com/datasette/datasette-agent/issues/27">#27</a></li> </ul> </blockquote> <p>I added a mechanism for asking user approval in <a href="https://simonwillison.net/2026/Jun/10/datasett

<p><strong><a href="https://www.axios.com/2026/06/15/anthropic-white-house-fable-mythos">"They screwed us": Personality clashes sent Anthropic's models offline</a></strong></p> Lots of "source familiar with the administration's thinking" and "source close to Anthropic" in this Axios piece, which is the best collection of behind-the-scenes gossip I've seen about the US government <a href="https://simonwillison.net/2026/Jun/13/us-government-directive-to-suspend-access/">export control Mythos/Fable

[...] Instead, I picture a specific person and I just write for them. Often this person is "me, but 3 years ago" or a good friend. — Julia Evans , write for 1 person Tags: writing , julia-evans

Why AI hasn’t replaced software engineers, and won’t Arvind Narayanan and Sayash Kappor take on the question of AI job losses through the lens of a profession that is uniquely suited to AI disruption - software engineering. In this essay, we argue that there is enough evidence to reject the narrative that once AI capabilities reach a certain threshold, it will cause mass

The Pyodide 314.0 release announcement (via Hacker News ) includes news I've been looking forward to for a long time: You can now publish Python packages built for Pyodide (or any Python runtime compatible with the PyEmscripten platform defined in PEP 783 ) directly to PyPI and install them at r

Release: luau-wasm 0.1a0 See Publishing WASM wheels to PyPI for use with Pyodide for details. Tags: lua , webassembly , pyodide

Research: Mapping SQLite result columns back to their source `table.column` It would be neat if arbitrary SQL queries in Datasette could be rendered with additional information based on which columns from which tables were included in the results. To build that, we would need to be able to look at a SQL query like select users.name

We will no longer accept public pull requests. [...] A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. [...] Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to

AI enthusiasts are in a race against time, AI skeptics are in a race against entropy Charity Majors neatly captures the dynamic between AI enthusiasts and AI skeptics, both of whom are trying to build great software, often in the same teams: The enthusiasts are not wrong . We are starting to see real, non-imaginary, discontinuous leaps in capabilities from t

After this story was published Google's spokesperson reached out and asked us to publish a slightly different version of that statement. The new statement no longer stated that "it's critical that we maintain humans in the loop." — Emanuel Maiberg, 404 Media<

Uber Caps Usage of AI Tools Like Claude Code to Manage Costs I wrote the other day about Uber blowing its 2026 AI budget in four months, and how that wasn't particularly surprising given they would have set that budget in 2025, be

Microsoft announced two new text LLMs this morning - MAI-Thinking-1 (reasoning, 1T parameters, 35B active, available to "select early partners") and MAI-Code-1-Flash (137B Parameters, 5B active, "purpose-built for GitHub C