Groundy — independent coverage of developer tools, infrastructure, and platforms
agents
When MCP Tool Descriptions Don't Match the Code, Agents Trust the Lie
A study of 2,214 MCP servers finds 9.93% of tool descriptions diverge from the code, creating a confused-deputy risk for agent runtimes that select tools by description alone.
securityStudents Are Prompt-Injecting AI Graders to Score Full Marks
A June 2026 arXiv study finds that prompt injection in student submissions manipulates LLM grading systems into awarding full marks, and current defenses do not hold.
devtools
Malicious npm Packages Hit Red Hat's Published JavaScript Clients
Malicious versions of 32 Red Hat npm packages carried a credential-stealing worm, published through the vendor's OIDC pipeline. Vendor namespaces are not a trust boundary.
policyStacked Org Policies in LLM Chatbots Break Where Rules Collide
Stacking HR, legal, and brand policies in LLM prompts assumes additive compliance. Graph-based research finds per-rule testing misses combinatorial policy conflicts.
securityRemoving an LLM Backdoor Post-Training Without the Poisoned Data
Patcher removes LLM backdoor triggers from a single observed failure and model weights, no poisoned training data required. Deployers gain an alternative to full retraining.
modelsWhich Layer Detects LLM Hallucinations Best? The Case Against Fixed-Layer Probes
An ICML 2026 paper finds that fixed-layer hallucination probes miss detection signal, and proposes FEPoID, a training-free method to calibrate layer choice per model.
policyWhy Fine-Tuning Strips Safety Alignment From Open-Weight LLMs
Safety alignment in open-weight LLMs is concentrated in a handful of output tokens. Benign fine-tuning erases them, making release-time safety evaluations unreliable.
securityStored Prompt Injection Now Persists Across AI Agent Sessions
Prompt injection planted in one agent session resurfaces in later ones through persistent memory and tool state, bypassing input sanitization that only validates external.
featured
- models Opus 4.8 vs Opus 4.7: What Changed and What Did Not
- agents Claude Code, Cursor, Copilot: How Agentic Coding Assistants Get Weaponized as Attacker Shells
- devtools Anthropic Buys Stainless: OpenAI and Google Now Depend on a Rival for SDK Tooling
- agents A New Trust Schema Exposes Why Agent Skill Registries Fail Enterprise Audit Requirements
- policy FTC's TAKE IT DOWN Act Lands May 19: 48-Hour Deepfake NCII Takedowns and No Safe Harbor
most popular
- devtools GitHub Copilot vs Cursor vs Claude Code: The 2026 AI Coding Showdown
- devtools Claude Code Plugins: Anthropic's Official Plugin Ecosystem Explained
- models AI Code Generation Benchmarks 2026: Which Model Actually Writes Better Code?
- models Chinese AI Models Compared: DeepSeek, Qwen, Kimi, Doubao, and Ernie
- infra MLX vs llama.cpp on Apple Silicon: Which Runtime to Use for Local LLM Inference
- devtools GitHub Copilot's Opus 4.7 Multiplier: 7.5x to 15x to 27x in 60 Days
- devtools Claude Code in GitHub Actions: A Complete Guide to Automated PR Fixes
- devtools GitHub Copilot Replaces Premium Request Units With Token-Metered AI Credits on June 1
- industry Cursor's Meteoric Rise: From $300M to $3B ARR in a Year
- security The Mysterious Case of Chinese Bot Traffic in 2026: How AI-Powered Bots Are Rewriting the Rules of Detection
top
feed
- jun 03 agents When MCP Tool Descriptions Don't Match the Code, Agents Trust the Lie
- jun 03 security Students Are Prompt-Injecting AI Graders to Score Full Marks
- jun 03 devtools Malicious npm Packages Hit Red Hat's Published JavaScript Clients
- jun 03 policy Stacked Org Policies in LLM Chatbots Break Where Rules Collide
- jun 03 security Removing an LLM Backdoor Post-Training Without the Poisoned Data
- jun 03 models Which Layer Detects LLM Hallucinations Best? The Case Against Fixed-Layer Probes
- jun 03 policy Why Fine-Tuning Strips Safety Alignment From Open-Weight LLMs
- jun 03 security Stored Prompt Injection Now Persists Across AI Agent Sessions
- jun 03 industry MiniMax M3 Bundles 1M Context and Native Multimodal Into One Open-Weight Model
- jun 03 security LLM Data Poisoning Survives the Data-Cleaning Defenses Built to Stop It
- jun 03 devtools OpenAI Upgrades Codex Right as Teams Weigh Leaving Claude Code
- jun 03 policy Game Theory vs RLHF: Modeling LLM Safety Alignment as a Non-Cooperative Game
- jun 03 infra Cost-Aware RAG Routing: When Deeper Retrieval Stops Paying Off
- jun 02 devtools GitHub Copilot Moves to a Platform App, Decoupling From the Editor
- jun 02 infra Using Your Nvidia GPU's VRAM as Linux Swap: Where the NBD Hack Breaks Down
- jun 02 security Why OpenAI Bets on Instruction Hierarchy to Stop Prompt Injection
- jun 02 policy Explainability Mandates Leak Graph Models to Their Attackers
- jun 02 security Stopping Multi-Turn LLM Jailbreaks Without Retraining the Model
- jun 02 security African Languages Are a Jailbreak Blind Spot for English-Tuned LLM Safety
- jun 02 devtools How a VSCode Bug Let One Click Steal Your GitHub Token
- jun 02 agents When an AI Agent Causes a Loss, Who Files the Insurance Claim?
- jun 02 models Cross-Domain RL Training Degrades Capabilities. CARE-RL Reweights to Fix It
- jun 02 agents When Agent Skill Libraries Scale, Dependency-Aware Retrieval Beats Flat Search
- jun 02 policy Evolutionary Search Finds LLM Jailbreak Classes That Static Red-Teaming Misses
- jun 02 security Poisoning Open-Source LLM Merges: One Bad Checkpoint Hijacks the Result
- jun 02 agents Can Instruction-Tuned Retrievers Fix Agentic Search's Retrieval Gap?
- jun 02 models LLM Watermarking Without Quality Loss: The Non-Distortionary Approach
- jun 02 security An Autonomous Research Agent Now Discovers SOTA LLM Jailbreak Attacks
- jun 02 devtools GitHub Copilot and Productivity: What an Observational Dose-Response Study Measures
- jun 02 policy Why AI Red-Teaming Rediscovers the Same Jailbreaks and Misses the Rest
- jun 02 industry Morningstar's $780B SpaceX Mark Undercuts the IPO Target by Half
- jun 02 security Malware Can Prompt-Inject the AI Agent Reverse-Engineering It
- jun 02 agents Bandit-Based Prompt Optimization Targets Multi-Agent Systems Like CrewAI and AutoGen
- jun 01 oss Open-Source Workspace Suite tinycld Takes On Google and Nextcloud
- jun 01 oss DARPA's AIxCC Postmortem: What Autonomous Cyber Reasoning Systems Got Right and Wrong
- jun 02 security CVE-Factory Turns Published CVEs Into Security Agent Training Data. A 32B Model Beats Claude 4.5 Sonnet.
- jun 01 oss An Open-Source Home Camera That Encrypts End-to-End Instead of Trusting Ring
- jun 01 policy LLMs Treat the Assistant Persona as Privileged. That's a Safety Gap
- jun 01 industry Vercel's Grep Buy Signals Code Search Is Now AI Agent Infrastructure
- jun 01 security LLM Reasoning Traces Leak the Private Data They're Told to Hide
- jun 01 models Treating LLM Agent Memory as a Database: The VikingMem Approach
- jun 01 oss Your Open-Source License Won't Stop Someone Phishing With Your Code
- jun 01 models Can a Language Model Work Without a Neural Network? A New arXiv Paper Says Yes
- jun 01 models Can Code-Generating LLMs Do Engineering Math? FEM-Bench Tests Them
- jun 01 policy Newer LLMs Aren't Always Safer: Adversarial Attacks Transfer Across Model Generations
- jun 01 models Unlearning Isn't Deletion: arXiv 2505.16831 Shows Machine Unlearning in LLMs Is Reversible
- jun 01 security Video Jailbreaks Hit Multimodal LLMs by Splitting Payloads Across Clips
- jun 01 industry OMB's Power to Cancel Any Grant at Any Time Shifts Risk Onto University AI Labs
- may 31 models Why LLMs Fail at Spatial Reasoning When Planning Navigation
- may 31 culture Ranking LLMs Side by Side Makes Their Dialect Bias Worse