Researchers investigate on-policy distillation of large language models.
8/10
This paper provides a systematic investigation of on-policy distillation (OPD) dynamics and mechanisms in large language models. The study identifies two conditions for OPD success: compatible thinking patterns between student and teacher, and the teacher offering new capabilities. The researchers validate these findings through experiments and propose strategies to recover failing OPD. They also analyze the token-level mechanism of successful OPD and discuss its potential limitations. The study aims to improve understanding of OPD in large language models.
Zig 0.16.0 has been released with a new feature called Juicy Main, which is a dependency injection mechanism for the main() function. This feature allows access to a struct of useful properties by accepting a process.Init parameter. The release notes for Zig 0.16.0 are comprehensive and include detailed usage examples for each new feature. The Juicy Main feature is particularly notable as it simplifies the process of initializing and configuring programs. This update is part of the ongoing development of the Zig programming language.
Datasette replaces token-based CSRF with Sec-Fetch-Site header protection
6/10
Datasette has replaced its token-based CSRF protection with Sec-Fetch-Site header protection. This change was inspired by Filippo Valsorda's research and follows a similar update in Go 1.25. The new approach aims to simplify protection against CSRF attacks, eliminating the need to include hidden form fields in templates. The update is implemented through a pull request to the Datasette project. This change affects how Datasette handles cross-site request forgery protection, making it easier to work with forms and APIs.
OpenAI has introduced a new model called GPT-5.4-Cyber, specifically fine-tuned for defensive cybersecurity use cases. This model is part of their effort to prepare for more capable models in the coming months. Additionally, OpenAI is extending its Trusted Access for Cyber program, which allows verified users to access their models with reduced friction for cybersecurity purposes. Users can verify their identity through a government-issued ID processed by Persona. This development aims to enhance cyber defense capabilities.
UK's AI Safety Institute evaluates Claude Mythos' cyber capabilities
8/10
The UK's AI Safety Institute published an independent analysis of Claude Mythos, confirming its effectiveness in identifying security vulnerabilities. The analysis showed that spending more tokens (and money) led to better results, creating an economic incentive to spend as much as possible on security reviews. This has led to concerns that cybersecurity is becoming a 'proof of work' system, where security is directly tied to the amount of money spent. The report's findings have implications for the field of cybersecurity and the use of AI in vulnerability detection. The analysis was based on Anthropic's claims about Claude Mythos' capabilities.
Nathan Lambert, creator of Interconnects, has been working on several projects including the ATOM Report, a post-training course, finishing his book, and ongoing research. The ATOM Report is likely related to AI and machine learning advancements. These projects indicate Lambert's continued involvement in the AI community through education and research. His work may provide valuable insights for AI professionals and researchers. The specifics of each project are not detailed in the announcement.
Apple has threatened to remove the Grok app from its App Store due to concerns over deepfakes. Grok is an AI-powered chatbot that uses deep learning to generate human-like responses. The app's developer received a letter from Apple stating that the app's use of deepfakes violates the App Store's guidelines. This move by Apple highlights the company's efforts to regulate AI-generated content on its platform. The incident involves Elon Musk's xAI company, which developed Grok.
ClawRun is an open-source platform that enables rapid deployment and management of AI agents. It allows users to easily integrate and manage AI models, streamlining the development process. The platform is available on GitHub and has garnered interest from the developer community. ClawRun's simplicity and speed can facilitate more widespread adoption of AI technologies. The project has 27 points and 8 comments on Hacker News.
Fiverr, a freelance services platform, exposed customer files due to a security issue. The files were left public and searchable, potentially compromising user data. This incident highlights the importance of data security and privacy measures for online platforms. Fiverr has not officially commented on the issue, but users are advised to be cautious with their personal information.
OpenSSL version 4.0.0 has been released, marking a significant update to the widely-used cryptography library. The release includes various improvements and changes, such as enhanced security features and better performance. This update is important for developers and organizations relying on OpenSSL for secure communication. The release is available on GitHub, where users can find detailed information about the changes and updates. OpenSSL is a crucial component in many applications, including web servers and browsers.
Plain is a full-stack Python framework designed for both humans and agents. It is available on GitHub and has garnered 78 points and 28 comments on Hacker News. The framework aims to simplify development by providing a comprehensive set of tools and features. This could be useful for developers looking for an integrated framework to build applications. The project's focus on human and agent interaction is a notable aspect.
Notion's cofounder and head of AI, Simon Last and Sarah Sachs, shared insights on the development of Knowledge Work AI agents. They discussed the challenges and rebuilds, mentioning over 100 tools and the comparison between Model Control Plane (MCP) and Command-Line Interfaces (CLIs). The conversation also touched upon the concept of a 'Software Factory Future'. This discussion provides a glimpse into Notion's approach to integrating AI into their platform. The details shared highlight the complexity and effort invested in creating these AI agents.
The field of software engineering has undergone two significant changes this century: the rise of open source and the adoption of DevOps and agile methodologies. These shifts have transformed the way code is developed and delivered. A third shift is now emerging, redefining the future of software engineering. This change is expected to further impact how software is developed and delivered. The details of this third shift are discussed in the article.
Optimal Sauer Lemma for k-ary alphabets established
9/10
Researchers have derived a sharp Sauer inequality for multiclass and list prediction, expressed in terms of the Daniely--Shalev-Shwartz (DS) dimension. This bound replaces the exponential dependence on list size with a polynomial dependence and improves the dependence on alphabet size. The proof uses the polynomial method, and the results have implications for sample complexity upper bounds in list PAC learning and uniform convergence of list predictors. The work improves upon recent results and motivates future research directions. The findings are relevant to combinatorics and learning theory.
Researchers prove calibration verification becomes harder as AI models improve.
9/10
A recent study on arxiv:cs.LG reveals that verifying the calibration of AI models becomes fundamentally harder as their performance improves. The researchers prove that the minimax rate for estimating calibration error is bounded by a law, which they term the 'verification tax'. This implies that as model error rates decrease, the difficulty of verifying their calibration increases. The study validates its findings across five benchmarks and six large language models, demonstrating that self-evaluation provides limited information about calibration and that active querying is necessary for reliable verification.