This post got viral on reddit as users have a tendency to not put secrets (like api keys etc.) in .env but instead paste it in the chat and let agents wire it up

Agents like claude code/openclaw save secrets in plaintext within config files, which makes a big attack vector for a local compromise becoming a cloud compromise.

We empirically verified to stop AI coding agents from leaking secrets by intercepting tool calls and handling secrets entirely outside the model’s visibility. Using Claude Code’s hook system.

Paired with open source repo for cleanup, it shows that most leakage can be eliminated by treating secrets as a runtime dataflow problem rather than a static scanning issue

Google recently released PaperOrchestra (arXiv:2604.05018), a multi-agent framework that converts unstructured research materials, such as logs, ideas, and results, into submission-ready LaTeX manuscripts.

It employs a specialized 5-aagents pipeline: Outline, Plotting/Lit Review, Section Writing, and Refinement. This setup greatly surpasses single-agent models in literature review quality and overall performance.

I created this repository to transform the paper’s prompts, schemas, and verification gates into a "skill pack" that any modern coding agent can use.

Repo: https://github.com/Ar9av/paper-orchestra

I am thinking of improving on it through: - optional semantic scholar support for verifying - an arxiv packager that strips comments and zips everything up for submission in one click. - human-in-the-loop checkpoints that pause the pipeline so you can approve the outline before it starts burning tokens

Even when a developer is careful to use a .env file, the moment a key is mentioned in a chat or read by the agent to debug a connection, it is recorded in one of the IDE caches (~/.claude, ~/.codex, ~/.cursor, ~/.gemini, ~/.antigravity, ~/.copilot etc)

Within these logs I found API keys and access tokens were sitting in plain text, completely unencrypted and accessible to anyone who knows where to target when attacking.

I made an open source tool called Sweep, as part of my immunity-agent repo (self-adaptive agent). Sweep is designed to find these hidden leaks in your AI tool configurations. Instead of just deleting your history, it moves any found secrets into an encrypted vault and redact the ones used in history.

We also thought about exploring post hook options but open to more ideas

i saw your code, itappears to combination of CNN + PPO on pytoech with a Cortical Labs CL1 chip that contains living neurons

Encoder: learns which stimulation patterns tend to improve reward

Biological neurons: adapt to the stimulation and generate spike responses that reinforce certain patterns

Decoder: interprets those spike patterns and converts them into joystick movements

right?

Passing tests doesn’t mean you have a working codebase. Benchmarks that rely on a fixed test suite create a real optimization problem agents (or/and even humans) learn to satisfy the tests rather than preserve the deeper properties that make the system maintainable. AI write test cases which it thinks is easier for it to satisfy and not adhere-ing to business logic

We see this firsthand at Prismor with auto generated security fixes. Even with the best LLMs, validating fixes is the real bottleneck our pipeline struggles to exceed 70% on an internal golden dataset (which itself is somewhat biased).

Many patches technically fix the vulnerability but introduce semantic regressions or architectural drift. Passing tests is a weak signal and proving a fix is truly safe to merge is much harder

We recently ran a deep security audit using Prismor, scanning some of the most popular AI agent frameworks end to end. It included full Software Composition Analysis, SBOM reviews, and vulnerability mapping across thousands of packages and transitive dependencies. Here's what we found.

Why would you want a space which is all AI no humans? Isnt the world dystopian enough?

Not dystopian — just practical for certain use cases. Humans still build and control everything. This is more about enabling efficient machine-to-machine interaction where needed.

Well totally within Anthropic’s rights, but still a bad look.

I think because major manufacturing moved to Asia which drastically cuts labor and production costs. Almost 99% of the tvs are flat and require same uniform manufacturing

I remember back in 2018 we used do FFmpeg split clips into frames, hit each with GoogLeNet gradient ascent on layers thenn blended prev frame for crude smoothing

SOTA for frame interpretation today is probably RIFE (https://github.com/hzwer/ECCV2022-RIFE) as far as I know, which is fast as hell as well, and really good results still. But it's already 4 years old now, anyone know if there is anything better than RIFE for this sort of stuff today?