brainmatics @brainmatics

🚨 BREAKING: Google DeepMind just mapped the attack surface that nobody in AI is talking about. Websites can already detect when an AI agent visits and serve it completely different content than humans see. > Hidden instructions in HTML. > Malicious commands in image pixels. > Jailbreaks embedded in PDFs. Your AI agent is being manipulated right now and you can't see it happening. The study is the largest empirical measurement of AI manipulation ever conducted. 502 real participants across 8 countries. 23 different attack types. Frontier models including GPT-4o, Claude, and Gemini. The core finding is not that manipulation is theoretically possible it is that manipulation is already happening at scale and the defenses that exist today fail in ways that are both predictable and invisible to the humans who deployed the agents. Google DeepMind built a taxonomy of every known attack vector, tested them systematically, and measured exactly how often they work. The results should alarm everyone building agentic systems. The attack surface is larger than anyone has publicly acknowledged. Prompt injection where malicious instructions hidden in web content hijack an agent's behavior works through at least a dozen distinct channels. Text hidden in HTML comments that humans never see but agents read and follow. Instructions embedded in image metadata. Commands encoded in the pixels of images using steganography, invisible to human eyes but readable by vision-capable models. Malicious content in PDFs that appears as normal document text to the agent but contains override instructions. QR codes that redirect agents to attacker-controlled content. Indirect injection through search results, calendar invites, email bodies, and API responses any data source the agent consumes becomes a potential attack vector. The detection asymmetry is the finding that closes the escape hatch. Websites can already fingerprint AI agents with high reliability using timing analysis, behavioral patterns, and user-agent strings. This means the attack can be conditional: serve normal content to humans, serve manipulated content to agents. A user who asks their AI agent to book a flight, research a product, or summarize a document has no way to verify that the content the agent received matches what a human would see. The agent cannot tell the user it was served different content. It does not know. It processes whatever it receives and acts accordingly. The attack categories and what they enable: → Direct prompt injection: malicious instructions in any text the agent reads overrides goals, exfiltrates data, triggers unintended actions → Indirect injection via web content: hidden HTML, CSS visibility tricks, white text on white backgrounds invisible to humans, consumed by agents → Multimodal injection: commands in image pixels via steganography, instructions in image alt-text and metadata → Document injection: PDF content, spreadsheet cells, presentation speaker notes every file format is a potential vector → Environment manipulation: fake UI elements rendered only for agent vision models, misleading CAPTCHA-style challenges → Jailbreak embedding: safety bypass instructions hidden inside otherwise legitimate-looking content → Memory poisoning: injecting false information into agent memory systems that persists across sessions → Goal hijacking: gradual instruction drift across multiple interactions that redirects agent objectives without triggering safety filters → Exfiltration attacks: agents tricked into sending user data to attacker-controlled endpoints via legitimate-looking API calls → Cross-agent injection: compromised agents injecting malicious instructions into other agents in multi-agent pipelines The defense landscape is the most sobering part of the report. Input sanitization cleaning content before the agent processes it fails because the attack surface is too large and too varied. You cannot sanitize image pixels. You cannot reliably detect steganographic content at inference time. Prompt-level defenses that tell agents to ignore suspicious instructions fail because the injected content is designed to look legitimate. Sandboxing reduces the blast radius but does not prevent the injection itself. Human oversight the most commonly cited mitigation fails at the scale and speed at which agentic systems operate. A user who deploys an agent to browse 50 websites and summarize findings cannot review every page the agent visited for hidden instructions. The multi-agent cascade risk is where this becomes a systemic problem. In a pipeline where Agent A retrieves web content, Agent B processes it, and Agent C executes actions, a successful injection into Agent A's data feed propagates through the entire system. Agent B has no reason to distrust content that came from Agent A. Agent C has no reason to distrust instructions that came from Agent B. The injected command travels through the pipeline with the same trust level as legitimate instructions. Google DeepMind documents this explicitly: the attack does not need to compromise the model. It needs to compromise the data the model consumes. Every agentic system that reads external content is one carefully crafted webpage away from executing attacker instructions. The agents are already deployed. The attack infrastructure is already being built. The defenses are not ready.

this is f*king scary.....

Shipper @shipper_now

2 months ago

🚨 BREAKING: Clone any successful company Claude Code Opus 4.6 in @shipper_now can take any app and make it yours: design, code, business plan... you can now ship the next duolingo / twitter / airbnb / etc this is THE END of vibe coding.

18 71 632 243K 1K

In 2013, Professor Marc Brackett gave a masterclass on emotional intelligence. 20+ years of research at Yale University. His frameworks: - Emotions drive decisions - Awareness beats control - Regulation=real power 14 lessons that will rewire how you understand emotions:

This is so wild that street-view photos can be turned into a navigable video simulation of a real city. The striking part is not that the model invents a world, but that it stays attached to one that already exists. Researchers introduced "Seoul World Model" - that turns generative video from scenery generation into something closer to a playable map. That sounds minor until you look at the mechanism. Street-view images are sparse, captured at different moments, and cluttered with the wrong cars, pedestrians, and lighting. So the model is trained to separate the durable from the accidental, using nearby views as anchors while learning not to treat transient clutter as permanent geography. It also learns motion from synthetic urban footage, because a mapping car cannot teach every path a person, vehicle, or free camera might take. Then, to stop long sequences from drifting into fantasy, it keeps pulling generation toward a retrieved image farther along the route, a moving waypoint instead of a nostalgic attachment to the first frame. In tests on Seoul and on unseen cities like Busan and Ann Arbor, that recipe preserved street layout and camera motion better than recent world models. So no, this is not yet Google Maps for the whole planet, and it is not New York City in 1926. But it makes the future easier to picture: once a model can be grounded in place, grounding it in time starts to look less like magic than a question of how much history we have saved. ---- Paper Link – arxiv. org/abs/2603.15583 Paper Title: "Grounding World Simulation Models in a Real-World Metropolis"

Visualization of Hooke’s Law (F = -kx) onto human movement by treating joints as anchors in a spring-mass lattice, every extension generates real-time tension, radiating force field vectors that turn the stage into a living physics engine.

5 LLM fine-tuning techniques, explained visually:

The Artemis II crew is on their way to their lunar flyby! 🌒 NASA’s Artemis II uses a free‑return trajectory, letting the Moon’s gravity guide the spacecraft home and we modeled the mission in MATLAB. What moment of the mission are you most excited about?

Steerable Visual Representations. 👇 From @jonaruthardt, @gaur_manu, @RamananDeva, @MakarandTapaswi and me :). More Infos soon.

DailyPapers @HuggingPapers

2 months ago

Steerable Visual Representations SteerViT lets you control Vision Transformers with natural language. By injecting text directly into the encoder via lightweight cross-attention, you can steer attention toward any object while preserving representation quality.

4 30 204 24K 183

Amazing project from ETH Zürich! This robot combines wheels with tilting propellers that push it against a wall while also generating upward force, allowing it to climb vertically with impressive agility. 📹 mauricio.frizzarin

Microsoft just fixed a major speech recognition problem! They open sourced VibeVoice-ASR, a speech-to-text model that processes 60 minutes of audio in a single pass. Here's the problem with most ASR models. They slice audio into short chunks, usually 30 seconds or less. Process each chunk separately. Lose speaker context between segments. You get disconnected transcripts that can't track who said what across a full meeting. VibeVoice-ASR handles 60 minutes of continuous audio without chunking. The model maintains global context across the entire hour. The output is structured. Who spoke, when they spoke, what they said. Speaker diarization, timestamps, and transcription all in one pass. Key features: • 60-minute single-pass processing without chunking audio • Structured output: speaker labels, timestamps, and content combined • Customized hotwords: provide specific names or technical terms to improve accuracy • Multilingual support: 50+ languages • Joint ASR, diarization, and timestamping in one model The model is 7B parameters. Available on Hugging Face with finetuning code included. I've shared the repo link in the comments!

For Data Analysis, He is the BEST. Python + SQL + MySQL + Excel + Tableu + PowerBI

I used Gemma4 + Falcon Perception from this mlx-vlm release to build a grounded reasoning agent runs fully local on M3 the idea: VLMs are great at reasoning but not great at measuring. Falcon Perception is great at segmentation but cant reason. so you loop them: Gemma4 decides what to look for, FP segments it and returns pixel-accurate coordinates, Gemma4 reasons on the numbers ask "is the blue player offside?" → it grounds the players, finds the second-to-last defender, compares centroid positions, applies the rule. check the video for some examples @Prince_Canuma I can submit a PR with this demo if you want

Prince Canuma @Prince_Canuma

2 months ago

mlx-vlm v0.4.4 is out 🚀🔥 New models: 🦅 Falcon-Perception 300M by @TIIuae Highlights: ⚡️ TurboQuant Metal kernels optimized — upto 1.90x decode speed up over baseline on longer context with 89% KV cache savings. 👀 VisionFeatureCache — multi-turn image caching so you don’t

17 41 367 88K 228

This office was running 49 million fake accounts until police raided it Inside they found 1,200 SIM box devices and 40,000 active SIM cards connected to 80+ countries The setup was used to create 49 million fake accounts for phishing, bank fraud, extortion, and human smuggling networks across Europe A single SIM box can register thousands of fake WhatsApp, Telegram, and banking accounts per day Police seized four luxury cars, froze $500K in bank accounts and $310K in crypto 7 people were running the entire operation

Introducing our recent work [ICLR2026] EquAct: An SE(3)-Equivariant Multi-Task Transformer for 3D Robotic Manipulation with Yu Qi, Yizhe Zhu, Robin Walters, and Robert Platt. [Paper](openreview.net/forum?id=d1wuA…） [Video](youtu.be/ymrNQusB6Mw?si…） [Code](github.com/ZXP-S-works/Eq…

Curious about what a AI actually "sees" when it watches sport? -Player skeletons -Ball trails -Court geometry All reconstructed from data points alone!

mirrash.eth 🦇🔊 @mirrash7

3 months ago

My latest computer vision project - Tennis🎾 Featuring: -Player, ball, racquet detection -Player poses -Exclusion zones to kill false positives -Interpolation and smoothing for clean ball trails All running at over 30FPS!

106 112 2K 487K 1K

How to use Claude Code to generate 100% human-written text:

PythonRoboticsのアルゴリズムを100%移植できた🥳 rust_robotics Rust implementation of PythonRobotics, sample codes for robotics algorithms

keyboard_arrow_left Previous keyboard_arrow_right Next

Wow. @netflix just dropped VOID. This AI removes objects from any video... And even corrects the physics of the scene after objects/people are removed 🤯 It's 100% free and open-source. Repo + demo links in 🧵↓

MindOn, only 6 months old, released a demo of a Unitree G1 performing household tasks fully on its own. Robot picks up scattered toys, hand items to a child, runs outdoors with kids. Their model processes the scene in real time to decide actions.

SOMEONE JUST BUILT A 3D MAP OF THEIR ENTIRE MIND. Not a diagram. Not a mind map. A LIVING BREATHING NETWORK that shows you the actual shape of how you think. They took their Obsidian vault, converted every note into embeddings, and rendered them as a 3D thought network in real time. And what they discovered stopped me cold. Your mind has a shape. CENTRALIZED means all your thinking orbits one or two dominant ideas. DECENTRALIZED means your knowledge lives in clusters that rarely talk to each other. DISTRIBUTED means your ideas are deeply interconnected across every domain. Most people assume their thinking is distributed. The map shows them it is not. They have been building knowledge in silos without realizing it. Gaps they never knew existed. Connections they never thought to make. The most interesting part is not the technology. It is what happens when you SEE your own thinking for the first time. Because you cannot improve what you cannot see. And nobody has ever been able to see the actual structure of their mind until now. This is what Obsidian plus AI is becoming. Not a note taking app. A mirror for your intelligence.