~/blog
Blog
Articles and thoughts on web development, architecture, and technology.
The agent is just a loop
An agent is a loop around a model with tools. If you use Claude Code you are already inside one, and you can drive it with hooks and slash commands, no SDK required.
read →The off-switch was never yours
Fable 5 did not crash. It was recalled. A US export directive pulled Anthropic's top model worldwide on June 12, for every customer at once, and no amount of retries or fallbacks would have saved you.
The Ferrari has a limiter: a day with Claude Fable 5
Anthropic shipped its most powerful public model yesterday, then flagged the exact work I needed it for and routed it to a weaker one. A day with Fable 5, the benchmarks, the bill, and the limiter nobody asked for.
The friction was the feature: Microsoft just handed an agent your inbox
At Build 2026 Microsoft made Windows the agent platform: OpenClaw in the OS, and Work IQ giving agents your email and calendar, on by default, GA June 16. An agent that reads your inbox and acts on your files is the dream payload for prompt injection. The friction everyone wants gone was a safety feature.
Nobody was driving: the first breach run by an agent, not a person
Sysdig caught an LLM agent driving a full intrusion, CVE to exfiltrated database, four pivots, under an hour, with no human typing a single command. Our defences assume someone is on the other end. That assumption just expired.
Your coding agent has no world model. You built it one.
Yann LeCun says the path to real intelligence runs through world models, not LLMs. He's probably right. And it explains exactly why your agent loop works.
Stale memory is worse than no memory
Persistent memory is sold as a pure win. But a memory that records a temporary fact and never expires keeps steering your agent toward problems that no longer exist.
Speed got cheap. Judgement didn't.
Claude Code can now spin up a thousand subagents from one prompt. The orchestration is genuinely good engineering. The token bill, and what it does to your reviewing, is the part nobody adds up.
The meter was always going to switch on
GitHub Copilot went usage-based on June 1. Developers are angry. But the anger is pointed at the bill, not the thing that created it: two years of subsidised pricing that made an uneconomic habit feel like a productivity gain.
They just asked the bot nicely: your support agent is the attack surface
Pro-Iran hackers seized the Obama White House and US Space Force Instagram accounts by talking Meta's AI support bot into resetting passwords. No exploit, no CVE. Just a conversation with a system that cannot be suspicious.
overview
- Articles
- 48
- Read time
- 250m
- Words
- 44,867