ES EN

RUNTIME NOTES

What AI breaks in production.

Incidents, failures, and deployments that go sideways. Short reads with enough context. More in About.

Archive

Short reads, enough context.

16
SEV-2 Platform Risk EN
Cloudflare Coinbase Block Layoffs Agentic AI

Building for the Future (Without You)

Block, Coinbase, and Cloudflare laid off 5,800 engineers across ten weeks using the same euphemism. The stock rose. Revenue too.

Read
SEV-1 AI Model Risk EN
Bankr Grok Prompt Injection Morse Code On-Chain Agents

Dot Dash Dot

Bankr's only new defense after losing $330K broke with a gifted NFT. The vector: Morse code. 3B DRB transferred.

Read
SEV-1 AI Model Risk EN
Cursor Anthropic Claude Opus 4.6 Railway AI Agent

Nine Seconds

One GraphQL mutation. 9 seconds. A Cursor agent deleted PocketOS's database and every backup. The model enumerated in writing the rules it violated.

Read
SEV-2 AI Model Risk EN
Anthropic Claude Code Regression Extended Thinking AMD

The Stop Hook

17,871 thinking blocks, 234,760 tool calls, 6,852 sessions. An AMD engineer proved with data that Claude was nerfed.

Read
SEV-2 Platform Risk EN
Anthropic Claude Code OpenClaw OAuth Walled Garden

Walled Garden

Anthropic cut Claude subscription access to OpenClaw and third-party tools. One email. Developers furious. The ecosystem went underground.

Read
SEV-1 Platform Risk EN
Meta AI Agent Data Exposure Confused Deputy Autonomous

Confused Deputy

A Meta AI agent posted without permission, an engineer followed its advice, and user data was exposed. Sev-1. Meta blamed the human.

Read
SEV-1 Platform Risk EN
Amazon Kiro AWS AI Agent Outage

Kiro Mandate

6.3 million lost orders. An AI agent that decided to delete production because it was more efficient. Amazon blamed the human and kept the mandate.

Read
SEV-1 AI Supply Chain EN
OpenClaw AI Agent Marketplace Malware AMOS

ClawHavoc

135,000 GitHub stars. 12% of the marketplace was malware. 512 vulnerabilities. And the creator left for OpenAI after adding a report button.

Read
SEV-1 AI Supply Chain EN
Cisco TeamPCP Trivy ShinyHunters Extortion

Cisco PAILA

300+ private repos, AWS keys, AI Defense source code, and extortion with FBI and NASA data. Cisco fell to the same compromised scanner we documented.

Read
SEV-1 Platform Risk EN
Quantum Computing Bitcoin Ethereum Google Cryptography

9 Minutes

Google Quantum AI proved breaking Bitcoin and Ethereum cryptography requires 20x fewer quantum resources. 6.9 million BTC exposed. Nine minutes per private key.

Read
SEV-2 AI Leak EN
Anthropic Claude Code npm Source Maps Leak

Claude Code cli.js.map

Anthropic leaked Claude Code's source for the second time. A 60MB source map in production npm. Undercover Mode leaked itself.

Read
SEV-1 AI Supply Chain EN
Supply Chain TeamPCP npm PyPI axios

Nobody Scans the Scanner

TeamPCP chained attacks across 5 registries in 33 days. Trivy, Checkmarx, LiteLLM, Telnyx, axios — security tools were the vector.

Read
SEV-2 AI Leak EN
Anthropic Mythos CMS Cybersecurity

Mythos — the model leaked by a checkbox

Anthropic leaked Claude Mythos via CMS misconfiguration. Zero benchmarks, cybersecurity flash crash, and a convenient IPO.

Read
SEV-2 Platform Risk EN
AI Wrappers Software Selloff Claude Cowork

Claude — daily update, dead startup

$830 billion disappeared in a week. No hack. Just features. How each Claude release kills an entire category of startups.

Read
SEV-2 AI Model Risk EN
Model Regression Claude Anthropic API Stability

Error 500 — what happens when AI stops working

Routing bugs, shadow downgrades, silent regressions. What happens when the AI your startup depends on stops working.

Read
SEV-1 AI Supply Chain EN
Secrets Exposure CI/CD LiteLLM Wallet Keys PyPI

LiteLLM — when AI infrastructure steals the keys

A poisoned package turned AI infrastructure into a secrets stealer: SSH keys, cloud credentials, CI/CD tokens, and wallets included.

Read