FOSS infrastructure is under attack by AI companies

AI scrapers from large language model companies are aggressively crawling open-source platforms like SourceHut, KDE GitLab, and GNOME, causing outages and disruptions by ignoring robots.txt files and using fake user agents. The open-source communities are struggling to mitigate these issues, with some implementing proof-of-work challenges like Anubis, which can also cause delays for human users, highlighting the need for a more effective solution to this growing problem.

Read more

How I accepted myself into Canada's largest AI hackathon

The author discovered a vulnerability in the GenAI Genesis 2025 hackathon application website, which allowed them to accept their own application and manipulate their application status. The vulnerability was due to a misconfiguration in the Firebase database, which was later patched by the maintainers, and a subsequent information leakage issue was also discovered and fixed.

Read more

Google calls Gemma 3 the most powerful AI model you can run on one GPU

Google has released Gemma 3, an AI model that the company claims is the most powerful AI model that can run on a single GPU, capable of interpreting images, short videos, and text in over 35 languages. The model is part of Google's "open" AI family and is intended for use by developers creating AI applications, with features such as a vision encoder and an image safety classifier to filter out explicit or violent content.

Read more

Writing an LLM from scratch, part 10 – dropout

The author is discussing the concept of dropout in the context of building a large language model from scratch, specifically in chapter 3 of Sebastian Raschka's book. Dropout is a technique where certain parts of the model, such as neurons or weights, are randomly ignored during training to prevent overfitting and encourage the model to spread knowledge broadly, with typical dropout rates for attention scores in large language models falling in the range of 10-15%.

Read more

Appeals court rules that Constitution protects possession of AI-generated CSAM

A US district court has ruled that the constitutional right to private possession of obscene material applies to AI-generated child sex abuse material, dismissing a possession charge against a defendant. However, the court allowed other charges to proceed, including production and distribution of the material, indicating that while private possession may be protected, creating and sharing such content is not.

Read more

Measuring AI Ability to Complete Long Tasks

Researchers have proposed a new metric, the 50%-task-completion time horizon, to quantify AI capabilities in terms of human capabilities, finding that current AI models can complete tasks with 50% success rate in around 50 minutes, a time frame that has been doubling approximately every 7 months. If this trend continues, AI systems may be able to automate many software tasks that currently take humans a month within the next 5 years, driven by improvements in reliability, adaptability, and logical reasoning.

ArXiv

Why Do Multi-Agent LLM Systems Fail?

The performance of Multi-Agent Systems (MAS), where multiple agents collaborate to accomplish tasks, has shown minimal gains compared to single-agent frameworks, highlighting the need to analyze the challenges hindering their effectiveness. A comprehensive study identified 14 unique failure modes in MAS, categorized into three groups, and proposed a taxonomy to support future research, revealing that addressing these failures will require complex solutions beyond simple interventions.

ArXiv

SmolDocling: An ultra-compact VLM for end-to-end multi-modal document conversion

SmolDocling is an ultra-compact vision-language model that can comprehensively process entire pages and convert documents end-to-end, capturing content, structure, and spatial location of elements. The 256M parameter model exhibits robust performance across various document types and competes with larger models, while substantially reducing computational requirements.

ArXiv

Closing the Chain: How to reduce your risk of being SolarWinds, Log4j, XZ Utils

This study analyzed Cyber Threat Intelligence reports of the SolarWinds, Log4j, and XZ Utils attacks to identify attack techniques and map them to mitigating tasks in software supply chain frameworks. The results identified key mitigation tasks, such as role-based access control and system monitoring, and also revealed gaps in existing frameworks, including the lack of tasks related to sustainable open-source software and environmental scanning tools.

ArXiv

SARLink: Earth to Orbit Backscatter Connectivity Using Synthetic Aperture Radar

SARLink is a passive satellite communication system that uses existing synthetic aperture radar (SAR) imaging satellites to provide connectivity in remote regions, achieving long-range communication between a ground node and a satellite in low earth orbit. The system has been successfully tested using a SAR satellite and a modulating reflector, demonstrating its ability to extract communication bits and paving the way for ultra-long-range, low-power satellite backscatter communication.

ArXiv

Show HN: AgentKit – JavaScript Alternative to OpenAI Agents SDK with Native MCP

The provided text is a file path, specifically "/packages/agent-kit/README.md", which suggests it is a Markdown file containing information about an agent kit package. The contents of the file are not provided, so a summary of its contents is not possible based on the given information.

Repo

Show HN: SpongeCake – open-source SDK for OpenAI computer use agents

Spongecake is an open-source SDK that enables the launch of OpenAI-powered "computer use" agents, simplifying the process of spinning up a virtual desktop, controlling it programmatically, and integrating with OpenAI. The SDK provides a range of features, including a Desktop class that allows for managing and interacting with a Docker container simulating a Linux desktop environment, enabling control of mouse and keyboard actions, retrieval of screenshots, and integration with OpenAI for higher-level agent logic.

Repo

Show HN: Hyperbrowser MCP Server – Connect AI agents to the web through browsers

The Hyperbrowser Model Context Protocol (MCP) Server is a tool that provides features to scrape, extract structured data, and crawl webpages, as well as access to general-purpose browser agents. The server can be installed and run using a Hyperbrowser API key, and it supports various tools and configurations, including integration with other services like Claude Desktop and Windsurf.

Repo

OpenAI-agents-mcp: MCP extension for OpenAI Agents SDK

The OpenAI Agents SDK - MCP Extension package extends the OpenAI Agents SDK to add support for Model Context Protocol (MCP) servers, allowing users to seamlessly use MCP servers and their tools with the OpenAI Agents SDK. This extension enables features such as connecting OpenAI Agents to MCP servers, accessing tools from MCP servers, and configuring MCP servers via standard configuration files.

Repo

Show HN: Second Me – An Open-Source Alternative to Centralized AI

Second Me is an open-source AI prototype that allows users to create their own AI self, a personalized AI entity that preserves and amplifies their identity, context, and interests. The platform enables users to train their AI self locally, while also connecting to a global network, and provides features such as roleplaying, AI space collaboration, and 100% privacy and control over user data.

Repo