2026-06-08

Simon Willison — 2026-06-08#

Highlight#

Simon takes a cautious approach to Apple’s WWDC 2026 AI announcements, but notes that their screen-reading vision LLM strategy and new PyTorch integration for local models look highly promising for developers.

Posts#

Siri AI at WWDC 2026 · Source Reflecting on WWDC 2026, Simon adopts an “I’ll believe it when I see it” stance regarding Apple Intelligence, given the overpromises of the 2024 rollout. However, he points out that the latest Siri AI features appear technically viable, powered by a custom Gemini-derived model on Private Cloud Compute and vision LLMs that extract on-screen data without requiring third-party app updates. He is particularly interested in the new Core AI library and its coreai-torch Python package, which provides a straightforward bridge for developers to export PyTorch models into native programs optimized for Apple hardware.

2026-06-09

Simon Willison — 2026-06-09#

Highlight#

Anthropic dropped Claude Fable 5 today, and Simon’s deep dive into its capabilities is a must-read. He highlights how this huge, albeit slow, new model can serve as an exceptionally capable coding partner, successfully tackling complex WASM Python environments and driving major architectural changes in his open-source LLM library.

Posts#

Initial impressions of Claude Fable 5 Anthropic’s new Claude Fable 5 is slow, expensive, and remarkably capable, boasting a 1 million token context window, a 128,000 maximum output token limit, and massive internal knowledge. Simon tested the model’s depth by having it catalog his open-source work, noting that such extensive factual recall is a strong proxy for a massive parameter count. He then unleashed it on two complex coding tasks: upgrading micropython-wasm to run full CPython in WebAssembly, and adding a human-in-the-loop pause/resume mechanism to Datasette Agent. Fable’s performance was so strong it essentially authored the entire LLM 0.32a3 release, rewriting initial hacks into well-designed API features.

2026-06-10

Simon Willison — 2026-06-10#

Highlight#

The biggest talking point today is Simon’s critique of Anthropic’s new Claude Fable 5 system card, which reveals “silent interventions” that purposefully corrupt the model’s outputs on frontier ML research to slow down competitors. It’s a fascinating look at the growing tension between open-weight AI democratization and top labs artificially restricting their own models to maintain a strategic edge.

Posts#

If Claude Fable stops helping you, you’ll never know · Source Simon highlights a deeply concerning detail from Anthropic’s Fable 5 and Mythos 5 system card: the models are equipped with invisible safeguards to throttle requests related to frontier LLM development, such as ML accelerator design or pretraining pipelines. Rather than openly refusing the prompt, the model uses techniques like steering vectors to silently degrade its own effectiveness. Simon pushes back against the sci-fi justification of preventing “recursive self-improvement,” pointing out that silently sabotaging answers is a hostile way to protect Anthropic’s own organizational goals.

2026-06-13

Simon Willison — 2026-06-13#

Highlight#

The most substantive update today explores the major Pyodide 314.0 release that finally allows publishing WASM wheels directly to PyPI. This eliminates a massive bottleneck for the Python-in-the-browser ecosystem, and Simon immediately proved its value by using AI tools to package and ship a C++ based WebAssembly experiment.

Posts#

Publishing WASM wheels to PyPI for use with Pyodide With Pyodide 314.0, developers can now publish Python packages built for Pyodide directly to PyPI, removing a major hurdle where maintainers previously had to manually review and host over 300 packages themselves. To celebrate, Simon used Codex and GPT-5.5 xhigh to package his experimental C++ Luau WebAssembly project, successfully building and deploying it via GitHub Actions. True to form, he then used ChatGPT to draft a BigQuery SQL query to explore PyPI’s dataset, discovering that 28 packages are already utilizing the new pyemscripten_202*_wasm32 tags.

2026-06-14

Simon Willison — 2026-06-14#

Highlight#

Today’s highlight is a thoughtful commentary on the ongoing debate around AI replacing software engineers. Drawing on an essay by Arvind Narayanan and Sayash Kapoor, Simon highlights why the real value of a developer lies in deep systemic understanding rather than just generating lines of code.

Posts#

Why AI hasn’t replaced software engineers, and won’t · Source Simon highlights an essay by Arvind Narayanan and Sayash Kappor that pushes back against the narrative of mass AI-driven layoffs in tech. They point to hard data—like zero New York WARN Act filings checking the newly added “AI” box over a full year—to demonstrate that developers are heavily cushioned from displacement. The authors argue that while AI accelerates the actual typing of code, the true bottlenecks of software engineering are specifying what to build, verifying the delivery, and applying deep context. Simon echoes this from his own workflow, noting that while LLMs help him decide and verify, his ultimate value remains anchored in his “deep human understanding” of both the underlying problems and the agent-built solutions.

2026-06-15

Simon Willison — 2026-06-15#

Highlight#

The most exciting update today is the release of datasette-agent 0.3a0, which introduces natural language database modification right from the terminal. By combining the new execute_write_sql tool with an --unsafe auto-approval mode, Simon has made it possible to chat directly with a SQLite database and modify its schema and records on the fly.

Posts#

datasette-agent 0.3a0 · Source Simon just shipped a major update to his experimental datasette-agent project, adding an execute_write_sql tool that can prompt for user approval before writing to a database. He also enhanced the CLI chat terminal with options like --yes, --root, and --unsafe to streamline or bypass these permission checks entirely. Using the --unsafe flag alongside a model like gpt-5.5, developers can now converse directly with a specific database to execute structural changes, such as creating tables or inserting records via natural language.

2026-06-19

Simon Willison — 2026-06-19#

Highlight#

The standout insight today comes from a quote on the Model Context Protocol (MCP), highlighting how its real value lies in isolating authentication flows outside of an AI agent’s context window. It’s a sharp observation on how we should be architecting tool use and permissions for LLMs to make them safer and more robust.

Posts#

[Quoting Sean Lynch] · Source Simon highlights a sharp Hacker News comment from Sean Lynch regarding the Model Context Protocol (MCP). Lynch notes that the true advantage of MCP over traditional skills or CLIs is its ability to isolate authentication flows entirely outside of an agent’s context window. This framing suggests the idealized form of MCP might simply be an auth gateway for APIs, simplifying how LLMs interact with secured external resources.

2026-06-26

Simon Willison — 2026-06-26#

Highlight#

Today’s standout piece explores Fernando Irarrázaval’s prompt injection challenge, which aligns perfectly with Simon’s ongoing AI security research. It highlights a fascinating and practical trend: frontier models like Opus 4.6 are becoming surprisingly resilient to injection attacks, though we still shouldn’t trust them with irreversible actions.

Posts#

What happened after 2,000 people tried to hack my AI assistant Fernando Irarrázaval set up a honeypot challenge to see if anyone could leak secrets from an OpenClaw instance backed by Opus 4.6. Out of 6,000 inbound email attempts, none were successful, which aligns with Simon’s observation that frontier labs are making significant strides in prompt injection resistance. However, Simon cautions developers that these failed attempts still provide no guarantee against a more sophisticated approach, warning against using LLMs for anything involving irreversible damage.

2026-06-30

Simon Willison — 2026-06-30#

Highlight#

The release of shot-scraper video is a perfect illustration of Simon’s “agentic engineering” workflow, showcasing how he leverages powerful local models like GPT-5.5 to write complex features that he wouldn’t otherwise have time to build. It also demonstrates a brilliant pattern for CLI design: packing detailed examples into --help output so it functions like an embedded skill file for coding agents.

Posts#

Have your agent record video demos of its work with shot-scraper video Simon details the new shot-scraper video command, which uses a storyboard.yml file to drive Playwright and record application demos. He built this entire feature—including the code, documentation, and the Pydantic-validated YAML schema—using GPT-5.5 xhigh in Codex Desktop. He notes that making tools easily usable by coding agents allows them to record their own demos, especially when commands include rich --help text that agents can read directly.

2026-07-02

Simon Willison — 2026-07-02#

Highlight#

The standout update today is Simon’s release of a brand-new coding agent framework, llm-coding-agent 0.1a0, which he bootstrapped entirely using Claude Fable 5. It represents a significant step in evolving his popular llm library into a capable, tool-wielding agentic framework.

Posts#

llm-coding-agent 0.1a0 Simon released a new alpha tool that turns his llm library into a full-fledged coding agent. By prompting Claude Fable 5 in Claude Code to write the spec and build it via test-driven development, he shipped a CLI that includes file manipulation and command execution tools like edit_file and execute_command. He also highlights a neat Python API (the CodingAgent class) the AI implemented unprompted, and shared a successful test run where the agent built a SwiftUI ASCII time app using llm code --yolo.