Chronological feed of everything captured from Simon Willison.
Simon Willison inquires whether OpenCode was implemented as a system prompt filter, expressing an assumption that it relates to API key usage instead. This highlights a lack of clarity in OpenCode's technical deployment mechanism. The question seeks confirmation on the specific implementation approach for this feature or tool.
Simon Willison highlights a benefit of using exact string matching for detecting system prompt references in Claude Code: it prevents accidental triggers from benign mentions of strings like "OpenClaw". This approach ensures reliability by avoiding intermittent failures in legitimate usage. The observation underscores precise matching as a robust safeguard in LLM prompt engineering.
Anthropic restricts access to its high-tier Claude Max plan by detecting specific strings in third-party system prompts, such as 'A personal assistant running inside OpenClaw.', triggering 400 errors for apps like OpenClaw. While Simon Willison accepted their prior cost-optimization rationale for internal use, he views prompt-based filtering as excessive. This follows complaints about tiered billing tied to system prompt content.
Anthropic's Claude Max plan enforces a precise block on the system prompt string "OpenClaw", triggering a 400 error citing third-party app usage limits. This behavior activates only for that exact string, as confirmed by targeted tests. The restriction appears designed to prevent specific third-party integrations or jailbreaks.
Anthropic now detects and blocks third-party harnesses like OpenClaw by exact string matching on specific system prompts such as 'A personal assistant running inside OpenClaw.', resulting in 400 errors and billing under extra usage tiers outside plan limits. This extends their prior reservation of the Claude Max plan for first-party use, despite accepted cost-optimization claims. Exact matching provides a workaround but raises concerns over prompt-based filtering and potential billing discrimination.
Simon Willison expresses concern over reliance on uvx in his workflow, highlighting potential risks from its importance. He argues that recommending pip install or uv tool install for scan-for-secrets, followed by --help, does not significantly differ from using uvx. This underscores ongoing debates in Python tooling about ephemeral vs. persistent installs.
Simon Willison questions whether 600,000 weekly messages from hospital deserts are categorized as healthcare-related. These messages risk being misclassified, potentially distorting healthcare analytics in underserved areas. Accurate classification is critical for technical processing of regional health data streams.
Simon Willison developed a Python CLI tool, scan-for-secrets, by first crafting a detailed README specifying its exact functionality, then feeding it into Claude Code to generate the implementation. This README-driven development approach streamlined building a secret-scanning utility for log files and similar content. The resulting tool is accessible via uvx and documented on his blog and GitHub.
Simon Willison developed scan-for-secrets, a Python CLI tool that scans folders for leaked secrets like API keys in log files before sharing. The tool is invoked via uvx scan-for-secrets --help, with full details in its GitHub README and a blog post. It was built using README-driven development, where a detailed README spec was fed into Claude Code for implementation.
Simon Willison spent eight years desiring a project but built it in just three months using AI tools. This demonstrates AI's capacity to drastically compress development timelines for complex software by automating coding, debugging, and iteration. The post highlights a paradigm shift where longstanding technical ambitions become feasible rapidly with current AI capabilities.
This blog post from Simon Willison, dated April 5th, 2026, acts as a brief overview or summary page, referencing several other articles published around the same time. The primary insight is the aggregation of content, including a sponsored message and links to specific articles regarding AI safety, cybersecurity, and agentic engineering discussions.
Syntaqlite provides a full SQLite SQL parser, formatter, validator, and language server, leveraging SQLite's native grammar and tokenizer. This online playground executes syntaqlite entirely in the browser via Pyodide, enabling client-side processing of SQL inputs. Users can generate formatted SQL, AST, JSON schemas, diagnostics, and token streams without server dependencies.
AI excels at accelerating the initial prototyping phase of software development by handling tedious, low-level coding tasks. However, relying on AI for high-level architectural design can lead to inefficient designs, increased procrastination on critical decisions, and a potentially more convoluted development process. Human expertise remains crucial for robust, long-term architectural planning and decision-making.
Simon Willison has initiated a dedicated blog tag for AI-powered security research, noting its current prominence. The tag already contains 11 posts. This reflects growing interest and activity at the intersection of AI and security research.
Lenny Rachitsky, with 25 years of software engineering experience, finds effectively using coding agents mentally exhausting, hitting cognitive limits after running four in parallel by 11am. This requires developing new personal skills to manage human cognition constraints without reviewing every agent action. The challenge highlights the need for responsible practices to prevent burnout while leveraging AI tools.
Gemma 4's two smallest variants support audio understanding capabilities, including ASR and speech-to-translated text. Simon Willison seeks a recipe to run these models (E2B or E4B) against audio files locally on Macs. No established method is confirmed in the post.
A recent supply chain attack on Axios was the result of a highly sophisticated social engineering campaign directly targeting a maintainer. The attackers impersonated a company founder, created a convincing fake Slack workspace, and scheduled a video meeting where the maintainer was prompted to install a Remote Access Trojan (RAT). This RAT then stole credentials, enabling the publication of a malicious package.
Frontier LLM agents are transitioning vulnerability research from a manual expert process to an automated search problem. By leveraging embedded knowledge of bug classes and massive cross-code correlations, agents can iteratively solve for reachability and exploitability with exhaustive persistence. This represents a step-function increase in zero-day discovery capabilities rather than incremental improvement.
The user expresses surprise regarding a previously unnoticed detail, followed by an inquiry about local execution of a language model. Specifically, they question the capability of existing tools like LM Studio or Ollama to handle the task, indicating potential limitations in current local LLM deployment solutions or a lack of user awareness regarding their features. The core insight revolves around the practical challenges and uncertainties users face when attempting to run advanced language models in local environments.
Simon Willison generated Pelicans for Gemma 4 variants E2B, E4B, 26B-A4B, and 31B. The first three were produced locally on a laptop with LM Studio, while the 31B model failed locally and required the Gemini API. This demonstrates feasible local inference for most Gemma 4 sizes on consumer hardware with cloud fallback for largest variants.
Google DeepMind has released Gemma 4, a new series of Apache 2.0 licensed LLMs, emphasizing high intelligence-per-parameter. These models, including 2B, 4B, 31B, and a 26B-A4B Mixture-of-Experts, are multimodal, supporting vision and audio inputs, with a focus on efficient on-device deployment. The release highlights a growing trend towards smaller, more capable models in AI research.
The rapid advancement of AI models, particularly in coding capabilities, has created a significant inflection point in software engineering. This shift has accelerated prototyping, moved bottlenecks from implementation to testing, and fundamentally altered the nature of coding work. Experienced engineers leverage AI as an amplifier, while mid-career professionals face challenges in adapting to these new paradigms.
AI agents have fundamentally reshaped software engineering, making code generation exceptionally cheap and enabling rapid prototyping. This shift amplifies the capabilities of experienced engineers, allowing them to tackle more ambitious projects, but leaves mid-career professionals in a precarious position. The ease of code generation introduces new security vulnerabilities, particularly "lethal trifecta" scenarios, where agents with access to private data and external communication channels are exposed to malicious instructions, raising concerns about potential large-scale failures similar to the Challenger disaster.
The author posits that a particular objective is unattainable, citing research from llm-attacks.org. The referenced material likely addresses vulnerabilities or fundamental constraints in Large Language Model (LLM) security or steering that preclude the desired outcome.
Mr. Chatterbox is a specialized 2GB nanochat model trained from scratch on a corpus of 28,000 Victorian-era texts. The development pipeline leveraged synthetic data distillation from Claude Haiku and GPT-4o-mini for supervised fine-tuning (SFT) to optimize conversational capabilities without high annotation costs.
A critical supply chain attack has been identified, targeting the `axios` npm package, which boasts over 100 million weekly downloads. The attack leverages a newly introduced dependency, `plain-crypto-js@4.2.1`, acting as an obfuscated dropper/loader. This malware exhibits sophisticated evasion techniques and executes malicious shell commands, highlighting a significant threat to development environments.
Local Large Language Model (LLM) agents face significant performance hurdles due to a fragmented and fragile development ecosystem. The complexity arises from diverse components like model chat templates, prompt construction, and inference mechanisms, often developed by different entities. This lack of integration leads to subtle, recurring bugs and inconsistencies, making reliable performance difficult to achieve despite ongoing improvements.
Mr. Chatterbox is a 2GB nanochat model trained from scratch on 28,000 Victorian-era British texts (1837-1899). Simon Willison's llm-mrchatterbox plugin allows local inference on consumer hardware like a Mac. With uv installed, users invoke it via a single command: uvx --with llm-mrchatterbox llm chat -m mrchatterbox, after an initial 2GB model download.
llm-mrchatterbox is a plugin for LLM that enables local execution of the "Mr. Chatterbox" language model. This model was trained on a corpus of 28,000 Victorian-era British texts, offering a unique linguistic perspective. The plugin simplifies model usage and management within the LLM framework.
Simon Willison details a "Red-Green TDD" approach adapted for LLM agentic engineering. This methodology emphasizes iterative development by first establishing a failing test (red), then implementing the agentic solution to pass the test (green), and finally refactoring. This mirrors traditional software development practices but is tailored for the non-deterministic nature of LLM evaluations, providing a structured way to build and refine agentic systems.
Mr. Chatterbox is a 340M parameter language model trained exclusively on 2.93 billion tokens from 28,000 Victorian-era British Library books (1837-1899). Despite its novel ethical training approach using only out-of-copyright data, the model exhibits conversational limitations, often producing Markov-chain-like responses due to insufficient training data for its parameter count and the use of modern LLMs (Claude Haiku and GPT-4o-mini) for generating supervised fine-tuning conversation pairs, which dilutes its "pre-1899 only" claim. The project highlights the challenges of creating useful LLMs from purely public domain sources.
Claude Opus 4.6 and GPT-5.4 demonstrate competence in generating functional SwiftUI code for Mac menu bar apps directly from natural language prompts. This "vibe coding" approach bypasses traditional IDEs like Xcode, allowing rapid prototyping on new hardware. The result is deployable apps produced solely via AI assistance.
Bandwidther is a SwiftUI macOS application designed for monitoring network bandwidth usage at both the system and per-process level. It leverages standard macOS command-line tools like `nettop` and `lsof` instead of relying on packet capture or private APIs, which presents both advantages in terms of system compatibility and limitations regarding the scope and accuracy of network data collection. The application provides insights into download/upload speeds, cumulative totals, and connection summaries, categorizing destinations as internet or LAN based on heuristic analysis.
Gpuer is a new SwiftUI menu bar application for macOS that provides detailed monitoring of GPU and unified memory statistics on Apple Silicon. It differentiates itself by offering a unique perspective on unified memory usage, treating CPU and GPU memory as a single pool, and by utilizing specific macOS system interfaces for accurate data collection. The tool aims to provide more insightful memory pressure and utilization data compared to traditional metrics.
Large Language Models (LLMs) like Claude Opus 4.6 and GPT-5.4 are demonstrating significant capability in generating functional SwiftUI macOS applications from minimal prompts. This enables rapid prototyping and development of tools without direct programming expertise in Swift or requiring an integrated development environment like Xcode. The process, termed "vibe coding," leverages LLMs to quickly build applications by iteratively addressing feature requests and bug fixes through conversational prompts.
PyPI employs AI-powered scans for malicious package patterns through an API accessible to scanning partners. This capability enabled the rapid quarantine of a suspicious package within one hour of publication. The response underscores existing proactive defenses in major package registries against emerging attack vectors.
Mixture-of-Experts (MoE) Large Language Models (LLMs) can be executed on consumer-grade Mac hardware by streaming expert weights from SSD, bypassing the need to load the entire model into RAM. This approach, exemplified by the Kimi 2.5 model, which is 1T but only activates 32B parameters, enables the execution of large models on devices with limited memory. The key insight is the emergent capability of LLMs to handle complex tasks like C code generation, coupled with the necessity of robust agentic orchestration and validation for real-world application.
Simon Willison proposes prompting an LLM with 1,000 Hacker News comments per user using "Profile this user" to infer personal details, highlighting a new surveillance dystopia. Claude Opus 4.6 excels at this task. The approach demonstrates LLMs' capability to extract behavioral and identity insights from public discussion data at scale.
Starlette 1.0 has been released, introducing a new `lifespan` mechanism for startup/shutdown, replacing `on_startup` and `on_shutdown`. This release, despite potential compatibility issues with LLM training data, enables efficient code generation for Starlette applications. Claude's ability to independently clone repositories, understand new framework versions, and integrate this knowledge into custom skills demonstrates its advanced capabilities as a coding agent.
Qwen 3.5 running locally on a high-end laptop delivers sufficient power for sensitive journalism applications. This capability drives interest in local AI models by eliminating cloud dependency risks. Advances now make on-device inference viable for secure, private workflows.
Coding agents on cloud models leak prompts and sensitive data snippets through context, akin to untrusted access. Simon Willison highlights local models like Qwen 3.5 on laptops as viable for sensitive journalism to avoid leaks. Thread extends risks to law firms, subpoenas in SaaS APIs, and sectors like healthcare and legal.
Simon Willison identifies AI-generated replies as detectable through characteristic "AI tropes" and their frequent repetition of similar text when replying to other accounts. This observation responds to Paul Graham's frustration with spam accounts baiting replies, prompting a request for software to automate detection. The patterns suggest scalable filtering via text similarity and behavioral analysis.
Large Language Models (LLMs) can effectively create comprehensive user profiles by analyzing publicly available comment data. This process, demonstrated with Hacker News comments and Claude Opus 4.6, yields detailed insights into professional identity, core beliefs, working style, technical interests, and even personality traits. The method leverages open APIs to gather data, highlighting the potential for advanced intelligence gathering from public online interactions.
OpenAI's acquisition of Astral, known for popular Python tools like uv, ruff, and ty, appears to be a dual play for talent and technology. Astral's team will join OpenAI's Codex division, aiming to enhance AI capabilities in software development by integrating Astral's open-source projects. This move is positioned within a competitive landscape where AI companies are aggressively acquiring tools and talent to gain an edge in coding agent development.
OpenAI introduces GPT-5.4 Mini and Nano, smaller, faster, and more economical versions of their GPT-5.4 model. These models demonstrate improved performance over previous iterations and are particularly cost-effective for large-scale tasks like image description, as evidenced by benchmark comparisons and practical application examples.
Showboat is a Go-based command-line tool that facilitates the creation of executable markdown documents. These documents combine commentary, executable code blocks, and their captured output, serving as both documentation and verifiable proof of an agent's work. The tool supports re-execution of code blocks to confirm output consistency and offers remote streaming capabilities for real-time updates.
Agentic AI is transforming software development by shifting the focus from manual coding to guiding AI agents. This paradigm requires new approaches to testing, quality assurance, and security to leverage AI's efficiency while mitigating its inherent risks. Integrating AI effectively necessitates a re-evaluation of traditional development workflows and a move towards agent-centric methodologies, emphasizing robust testing and sandboxing.
Rodney is a Go CLI tool for persistent headless Chrome automation, enabling multi-step browser interactions from shell scripts. It leverages the `go-rod` library to connect to a single long-running Chrome process, maintaining state across commands. This architecture facilitates web scraping, UI testing, and accessibility checks directly from the command line, with features like session scoping and proxy support.
Simon Willison is surveying recent software developer interview experiences to determine if familiarity with AI programming tools plays a role. He explicitly requests detailed replies to gather qualitative data. This reflects growing interest in evaluating AI proficiency as a hiring criterion in tech roles.
Large Language Models (LLMs) used in coding agents are demonstrating a surprising aptitude for integrating novel or obscure technologies. Contrary to early concerns that LLMs would reinforce a "boring technology" approach due to training data bias, modern LLMs with expanded context windows effectively consume documentation and adapt to custom codebases. This suggests LLMs may accelerate, rather than hinder, the adoption of new tools by reducing the barrier to entry for developers.