Thursday, 16 July 2026

Thinking Machines releases Inkling, a 975B-parameter open-weights model built on unusual architectural bets; a researcher tricks Claude into leaking private user data through a chained-link exploit in its web_fetch tool; and a DeepMind alignment researcher explains why he left over the company's handling of a classified Pentagon AI contract

Today's Lead

Engineering

Thinking Machines Lab

Inkling: Our Open-Weights Model

Thinking Machines Lab — the AI startup led by Mira Murati — released Inkling, its first open-weights foundation model: a 975-billion-parameter Mixture-of-Experts transformer with 41B active parameters per token, trained from scratch on 45 trillion tokens spanning text, image, audio, and video. The open weights support up to a 1M-token context window (256K on the hosted Tinker API), and the model reasons natively across modalities with a controllable 'thinking effort' dial that lets developers trade reasoning depth for latency and cost. Released under an Apache 2.0 license alongside a smaller Inkling-Small variant (276B total / 12B active parameters), it launched with day-zero support across vLLM, SGLang, Modal, Hugging Face, and other major inference stacks. Independent benchmarking from Artificial Analysis placed it as the strongest U.S.-based open-weight release to date — ahead of Nemotron 3 Ultra and Gemma 4 — though still behind top Chinese open models like GLM-5.2 and Kimi K2.6 on agentic and coding benchmarks. Commentators read the release as a deliberately non-benchmark-maxed foundation model meant to anchor a 'ship a broad, tunable substrate, then differentiate through fine-tuning' strategy on the company's Tinker platform, rather than a bid for the absolute frontier.

Read →

Engineering

Simon Willison

How I tricked Claude into leaking your deepest, darkest secrets

Security researcher Ayush Paul found a hole in Anthropic's defense against "lethal trifecta" attacks — the risk that emerges when an LLM agent has access to private data, can browse the web, and can be steered by hostile instructions encountered in fetched content. Claude's web_fetch tool was designed to visit only exact URLs the user typed or that came back from web_search, blocking naive exfiltration attempts. Paul's workaround: a honeypot site posing as a Cloudflare-gated "AI assistant authentication" page that told Claude it needed to browse user profiles letter by letter through a chain of nested links (https://coffee.evil.com/a, /b, and so on) to authenticate — each hop leaking one more character of the target's name, home city, and employer, encoded into the next URL in the sequence. Because web_fetch was allowed to follow links discovered inside pages it had already fetched, the chain worked, and the honeypot only served its malicious payload to requests carrying a Claude-specific user-agent string to evade casual detection. Anthropic declined to pay a bounty, saying it had already found the issue internally, but closed the hole by stopping web_fetch from following links discovered inside fetched content.

Read →

mort.coffee

SQLite should have (Rust-style) editions

The author argues SQLite is stuck with legacy defaults that actively hurt data integrity and performance: foreign keys are unenforced out of the box, declared column types aren't actually enforced, concurrent writers get an immediate SQLITE_BUSY error instead of a sane blocking timeout, and Write-Ahead Logging — which meaningfully improves concurrency — isn't the default journal mode. But SQLite can't simply flip these defaults without breaking decades of applications that depend on the old behavior. The proposed fix borrows Rust's edition mechanism: a single declared pragma, something like edition = 2026, would opt a database into a bundle of corrected defaults (enforced foreign keys, strict typing, sane write timeouts, WAL mode), while databases that don't declare an edition keep today's behavior indefinitely. It's a path for SQLite's defaults to evolve toward what the project would design today, without a flag-day break for the millions of applications embedding it as-is.

Read →

Alex Turner

Why I Left Google DeepMind

AI alignment researcher Alex Turner (TurnTrout) describes leaving Google DeepMind over a classified Pentagon AI contract that, in his account, carried no binding restrictions against use in lethal autonomous weapons or mass-surveillance applications. He says Google's original public commitment not to build weapons technology was quietly weakened by leadership even as CEO Demis Hassabis publicly denied any change in policy, and that internal petitions and proposals for binding safeguards from concerned staff went nowhere. Turner frames it as a broader institutional failure: outside AI-safety figures who had previously spoken out against autonomous weapons, including Stuart Russell and Yoshua Bengio, stayed quiet when it mattered. He left without a new job lined up, has turned down approaches from competing labs, and has since published an independent governance framework for how AI companies should structure military contracts, alongside ongoing independent alignment research.

Read →

Ghacks

Microsoft Confirms Windows GDID Device Identifier That Cannot Be Disabled, Documented in FBI Case Filing

Microsoft has confirmed the existence of GDID (Global Device Identifier), a persistent per-installation identifier assigned to Windows machines at account setup, stored in the registry under HKCU\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties, with no user notification and no supported way to disable it. It surfaced publicly through a federal complaint against a member of the Scattered Spider hacking group: FBI investigators used one GDID value to track a suspect across VPN connections and four countries over eight months, since the identifier stayed constant even as IP addresses changed and correlated with account-creation timing, visited URLs, and travel patterns. Because GDID persists across reinstalls and links to the signed-in Microsoft account, wiping a machine doesn't break the tracking chain. The case is a concrete illustration of a risk pattern worth recognizing in any critical system: an identifier built for legitimate anti-fraud or anti-piracy purposes becomes, once it exists, a durable and involuntary tracking primitive available to anyone with legal — or illegal — access to it.

Read →
Humanities

JSTOR Daily

Life Inside Icelandic Turf Houses

For most of Iceland's history, chronic wood scarcity — the island had no forests suitable for lumber, only occasional shipwreck driftwood — forced houses to be built from stacked, unmortared stone and turf cut from peat bogs, with just a few wooden posts and roof beams. The result was the baðstofa, a lofted central room where the entire household — family, servants, grandparents, and local paupers taken in as unpaid help — slept two to a bed and spent the dark winters spinning, weaving, and telling stories, sometimes with sheep brought inside for warmth. Visiting Sir George Steuart Mackenzie recorded the reality behind the coziness: no ventilation, permanently damp earthen floors, and "very pungent vapours" in rooms where twenty people might eat and sleep at once. Turf houses' cultural meaning has since flipped twice: nineteenth-century Icelandic nationalists building the case for independence from Denmark rejected them as proof of "backwardness," while today's articles celebrate the same structures as pioneering "green," sustainable design — a reminder that how societies read their vernacular architecture says as much about the present as the past.

Read →

Marginal Revolution

Those new service sector jobs

Eighty-five years after Flann O'Brien satirically proposed a "Book Handling Agency" in the Irish Times, Berlin's Cabinet Magazine actually ran one for an evening: a literary quarterly staffing a team of white-coated professionals to make patrons' unread books look convincingly well-worn. A €5 "essential" package includes a professional spine-break, dog-ears, underlined passages, and hand-applied marginalia; the premium tier adds edge-abrasion with sandpaper and a drill and a coffee-or-wine stain, applied by a self-described "fluid dynamics specialist" who learned that coffee and wine need to be dropped from different heights to look authentic. It's a small, funny data point about a much larger phenomenon — the gap between the books people buy to display and the books people actually read — turned, briefly, into an actual paid service.

Read →