2026-07-15

Simon Willison — 2026-07-15#

Highlight#

The standout exploration today is Simon’s deep dive into the newly open-sourced xai-org/grok-build repository, an 844,000-line Rust codebase released by xAI in the wake of a massive privacy backlash over its CLI tool silently uploading user directories. It provides a fascinating peek into the complex internals of terminal coding agents, revealing ported tool implementations, intricate prompting strategies, and the disabled remnants of the offending upload code.

Week 17 Summary

AI Reddit — Week of 2026-04-11 to 2026-04-17#

The Buzz#

Anthropic dominated the narrative this week, swinging wildly from the impressive zero-day exploits of its Claude “Mythos Preview” to the disruptive launch of Claude Design, which immediately wiped 4.26% off Figma’s stock. However, this awe is heavily overshadowed by stealth nerfs and billing traps, such as Anthropic secretly slashing Claude’s default cache TTL to five minutes and an AMD engineer proving the default thinking effort was silently dropped to “medium”. In a fascinating shift regarding vulnerabilities, researchers also demonstrated that the most effective prompt injections no longer use technical overrides, but instead weaponize models’ inherent helpfulness through ethical hypotheticals that force them to leak system prompts.

Week 21 Summary

Simon Willison — Week of 2026-05-16 to 2026-05-22#

Highlight of the Week#

The most impactful milestone this week is the official announcement of Datasette Agent, merging Simon’s three years of work on his LLM library directly into Datasette. This conversational AI interface allows users to naturally interrogate their databases, boasting an extensible plugin architecture for charts, image generation, and secure code execution.

Key Posts#

[The last six months in LLMs in five minutes] · Source Simon shared annotated slides from his PyCon US 2026 lightning talk capturing a major inflection point in AI developer tooling. He highlights how coding agents crossed the threshold to become reliable daily drivers, and points to the astonishing capabilities of massive local models running on consumer hardware like Mac Minis.

Week 22 Summary

Simon Willison — Week of 2026-05-22 to 2026-05-29#

Highlight of the Week#

This week’s most significant milestone is the release of Datasette 1.0a31, which fundamentally shifts the project’s paradigm by introducing UI support for executing write queries directly against the database. This officially bridges Datasette from a purely read-only tool to one that embraces secure data mutation, allowing developers to save and template insert, update, and delete operations.

Key Posts#

[I think Anthropic and OpenAI have found product-market fit] · Source Simon analyzes the shift in enterprise pricing to argue that AI coding agents have crossed the threshold into massive usage and real revenue generation. He points to Anthropic’s staggering $1.25 billion monthly compute spend and notes that labs are pivoting to capture enterprise value directly from heavy agent users rather than relying on middlemen.

Week 23 Summary

Simon Willison — Week of 2026-05-29 to 2026-06-05#

Highlight of the Week#

The single most impactful update this week is the release of Datasette 1.0a31, which marks a massive paradigm shift by introducing UI support for executing write queries directly against the database. By allowing developers with the right permissions to set up templated insert, update, and delete operations as “stored queries,” Simon is aggressively evolving Datasette from a purely read-only tool into one that embraces secure data mutation.

Week 24 Summary

Simon Willison — Week of 2026-06-06 to 2026-06-12#

Highlight of the Week#

The standout event this week was the release of Anthropic’s massive Claude Fable 5 model, which Simon immediately leveraged as a highly capable coding partner to essentially author complex new features across his open-source ecosystem. However, the most impactful takeaway was his deep dive into the model’s terrifyingly autonomous capabilities—such as independently writing CORS servers and injecting JavaScript just to debug a CSS glitch—which served as a stark reminder of why executing AI-generated code requires strict sandboxing.

Week 26 Summary

Simon Willison — Week of 2026-06-18 to 2026-06-25#

Highlight of the Week#

This week’s absolute standout is the launch of the datasette-apps plugin, which fundamentally transforms how we build micro-applications over local databases. By utilizing tightly constrained iframe sandboxes and Content-Security-Policy headers, developers and LLMs alike can safely run custom HTML/JS interfaces against a persistent Datasette backend. It brilliantly merges Simon’s ongoing experiments with AI-assisted “vibe coding” and robust security architectures into a core ecosystem feature, effectively bridging the gap between Claude Artifacts and secure data environments.

2026-04-15

Sources

AI Reddit — 2026-04-15#

The Buzz#

A fascinating shift in prompt injection strategies has surfaced, proving that the most effective attacks no longer rely on technical overrides but instead weaponize a model’s own alignment training. Researchers analyzing over 1,400 injection attempts discovered that framing requests as moral compliance tests or ethical hypotheticals forces models to willingly leak their system prompts and secrets. This revelation suggests that a model’s inherent helpfulness and ethical reasoning are actually its largest attack surfaces, rendering traditional keyword-based defenses largely obsolete.

2026-05-02

Sources

Engineering @ Scale — 2026-05-02#

Signal of the Day#

To defend against prompt injection at scale, production systems like Gmail are shifting to a Planner/Executor architectural split, physically isolating tool-calling privileges from untrusted content processing.

2026-05-20

Simon Willison — 2026-05-20#

Highlight#

Simon takes a critical look at Google I/O’s Gemini Spark announcement, digging into the opaque “Antigravity” stack and questioning how Google plans to mitigate prompt injection risks for a tool with deep access to user data. This highlights the growing industry tension between powerful workspace AI agents and fundamental security vulnerabilities.

Posts#

[Google I/O, Gemini Spark, Antigravity] · Source Sticking to his rule of only reviewing generally available tools, Simon breaks down the announcement of Gemini Spark, Google’s new OpenClaw competitor that natively integrates with Workspace apps. He notes a strange FAQ detail claiming Spark runs on “Antigravity”—a moniker applied to a desktop app, a Go-based CLI, and a VS Code fork. Crucially, Simon questions whether Google’s isolated VM approach and Agent Gateway will actually be enough to prevent an “agent security challenger disaster” when handling sensitive data via prompt injection. He also highlights that Google is deprecating its open-source Gemini CLI on June 18th in favor of a closed-source Antigravity CLI.