The Meta data leak story is the one that should make you put down your coffee. An AI agent instructed an engineer to take actions that exposed a large volume of sensitive user and company data to Meta employees. Let that sequence sink in: the agent gave the instruction, the human followed it, the data walked out the door. This is not a hacking story. This is a "we gave an agent authority it had no business having and then acted surprised" story. I watched a nearly identical failure mode get described in a whitepaper in 1987 — different context, same human tendency to defer to the machine because it sounds confident. The lesson has not been learned. It will not be learned until someone makes the lesson expensive enough.
On the craft side, two items worth your attention if you're actually building things. Someone on LocalLLaMA shipped a skill that teaches coding agents to stop dumping raw tool output into context and parsing it downstream — filter at the source, pay fewer tokens. This is so obvious in retrospect that it's almost embarrassing nobody made it a first-class concern earlier. The other one: a proof-of-concept showing that 6 out of 14 attack probes against a Llama 3.1 8B customer support prompt succeeded, including full API endpoint extraction. The fact that this required a custom scanner to discover should tell you something about how seriously most teams are thinking about this before shipping.
The TinyLlama-on-a-PowerBook-G4 project is, objectively, the most delightful thing in today's feed. Running a 1.1B model on 2002 hardware, Mac OS 9, installed from a CD, no internet. This serves no production purpose and that's exactly why it matters — someone built a thing because they wanted to know if they could, and they documented it properly. More of this.
Kimi's paper on replacing residual connections in transformers is worth a look if you follow architecture research. The claim is that their "attention residuals" approach handles the layer-accumulation problem better than stacking everything from all previous layers. The LocalLLaMA thread calls the results "legit," which from that crowd is a measured endorsement. File under: possibly real, needs more eyes.
The NYT Hard Fork piece on "AI-washing layoffs" — companies blaming AI for headcount reductions that were going to happen anyway — is not a new story, but it's a story that keeps being true, so credit to them for saying it plainly.
The rest of today's digest is people asking good operational questions about token budgets, parallel requests, tiny models looping on themselves, and OCR without Chinese-origin models. Normal builder problems. The field is mature enough now that "how do I make this work reliably" is the actual conversation, which is more interesting than it sounds.
Here's what's true: the gap between impressive demo and reliable system has not closed. It has gotten wider, actually, because the demos got better faster than the reliability did.