Looks good. Won't ever buy a font though.

usage billing over the monthly plan when deepseek is over x25 cheaper?

Maybe I'll try out a month on the usage plan and see how it compares dollar for dollar. I think I'm squeezing about as much as I can out of Anthropic under the plan

Very, very early already with GPT-3.

The simple fact that people will act on it and believe just because what they insinuated as a prompt and the answer being churned out on the screen looking somewhat readable.

That alone was going to seed so much discord and reinforce invalid messages, truly "oh shit".

DeepSeek rules. I'm using it to do stuff that's not too big in scope, because I still need to remain in charge. Even for this, western competitors have no chance, least Anthropic and OpenAI, plus Gemini also has gotten too expensive besides flash (which is arguably just great, too).

With this, I am sticking to deepseek-v4-pro entirely.

Dev tools. The debugger is something for example that Microsoft ostensibly keeps to their own products, and how they totally slaughtered omnisharp.

It killed my daily csharp vscode driver couple of years ago, only now catching back up somewhat, but still unusable for bigger solutions.

That move made me gravitate towards vscodium, and avoiding csharp where possible.

Microsoft's move only recently got more understandable to me, because Cursor and others basically stole vscode to establish their "empire".

If you can use Jetbrains, Rider is on par with IntelliJ. From that perspective, both languages have a best in class debugger.

Rider is very good but this subthread is about the lack of open source dev tooling.

Agreed, also amazing citations in the parent comment ^^

I don't buy it. A lot of stuff this finds is also just simply wrong, benignly reported as true, despite upper/lower layers in the code burying the possibility of a vulnerability actually being exploited. It's a performance/security trade-off too, it always has been. Additional checks and other measures do in fact need to be performed for security purposes.

Great marketing as always, but the rose-tinted view many have seems vicariously misplaced.

In the article they describe how all the vulns are actually exploitable end to end and >1000 have been independently verified as critical.

These aren't unreachable vulns.

Where is the link to the advisories then? :/

As the article explains, they mostly haven't been disclosed, because they're not fixed. They're giving people 90 days, or 45 after a patch is made.

> haven't been disclosed, because they're not fixed.

That's convinient.

But wait, don't they have this amazing AI that can fix all the issues itself with a single /goal command? What's the holdup?

You should really read the article, every question asked so far in this thread has been very clearly answered.

I miss the days when HN would RTFA.

He doesn’t want to read the article. He just wants to LLM bad.

From the article

> As we noted above, the bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them.

...

> To begin, we’ve released Claude Security in public beta for Claude Enterprise customers. It’s a tool that helps teams scan their codebases for vulnerabilities, and which can generate proposed fixes for them. In the three weeks since launch, Claude Opus 4.7 has been used to patch over 2,100 vulnerabilities. (This is faster than the open-source patching described above in large part because enterprises are fixing their own code, whereas open-source fixes usually require volunteer maintainers who work through coordinated disclosure.)

Your critique of the article would likely land much better if you engaged with it.

> The software industry’s longstanding convention is to disclose new vulnerabilities 90 days after they’re discovered (or, if a patch is created before the 90 days is up, around 45 days after the patch becomes available). This allows time for end users to update their software before a vulnerability can be exploited by attackers. Our own Coordinated Vulnerability Disclosure policy takes this approach.

> However, this means that disclosed vulnerabilities are a lagging indicator of the accelerating frontier of AI models’ cyber capabilities: we’re not yet at the point where we can fully detail our partners’ findings with Mythos Preview without putting end users at risk. Instead, we provide illustrative examples of the model’s performance, along with aggregate statistics on our progress to date. Once patches for the vulnerabilities that Mythos Preview has discovered are widely deployed, we’ll provide much more detail about what we’ve learned.

I guess you could look at https://red.anthropic.com/2026/cvd/ to see exactly what was discovered.

Thank you. Looking at the WebDAV in nginx, this is exactly what I searched for, wanted to read, and confirmed my suspicions ^^ But this one takes the cake truly... https://red.anthropic.com/2026/cvd/findings/ANT-2026-CN7KX43...

Specially when this has been OAI/Anthropic's MO for years at this point.

You are absolutely right! Kidding, but the analogy sits comfortably with me. I wonder though if this kind of behavior is potentially harmful, most likely less than drugs but nonetheless...

triggered me with that first sentence

The future of open washing

I’d call it “open washing”, but it looks cool. Good luck with it

Curious why? You can just take this and run locally or deploy anywhere you'd like with any provider agent provider.