Simon Willison

Moltbook, a social network for AI assistants built on the open source OpenClaw framework, has achieved 114,000+ GitHub stars in two months and represents a novel pattern of agent-to-agent interaction through a skills-based plugin ecosystem.

“Author of "Moltbook Is the Most Interesting Place on the Internet Right Now"”

Claude Code's architecture operates like a game engine with a React-based scene graph rendering pipeline constrained to 16ms frame budgets, not simply a terminal UI.

“Author of "Most People's Mental Model of Claude Code Is That "It's Just a TUI"" in Simon Willison”

Anthropic publicly released Claude's internal constitution—a 35,000-token document describing the model's core values and training procedures—after it was leaked by a researcher.

“Author of "Claude's New Constitution"”

Designing effective agentic loops requires carefully balancing agent autonomy (YOLO mode) with safety controls, with practical guidance on tool selection, credential scoping, and when loops are appropriate versus unnecessary.

“Author of "When To Build Agentic Loops; And When Not To"”

Designing effective agentic loops requires careful tool selection, proper credential scoping, and balancing safety approval workflows against agent effectiveness in solving problems through iteration.

“Author of "Designing Agentic Loops"”

Leading AI models like Claude 4 and GPT-5 have become competent at writing effective prompts for themselves and each other, representing incremental improvement in model capabilities over the past year.

“Author of "Models Now Write Their Own Prompts"”

GPT-5 API includes hidden system prompts (such as current date and oververbosity settings) that are not documented and cannot be overridden by user-specified system prompts.

“Author of "GPT-5 Has a Hidden System Prompt" in Simon Willison”

The same open weight LLM (gpt-oss-120b) achieves dramatically different performance across hosted providers (36.7% to 93.3% on AIME), due to differences in serving frameworks, quantization, and configuration versions.

“Author of "Open Weight LLMs Exhibit Inconsistent Performance Across Providers" in Simon Willison”

OpenAI's Head of ChatGPT, Nick Turley, reveals the $20 subscription price point was chosen hastily using a Google Form framework and questions whether it inadvertently set an industry standard that may have cost the company significant market value.

“Author of "On Pricing" in Simon Willison”

Anthropic released undocumented mobile and artifact features for Claude, including calendar event creation and PDF/file uploads to AI-powered apps, which the author reverse-engineered through tool extraction prompts.

“Author of "Reverse Engineering Some Updates to Claude"”

Anthropic launched Claude Cowork, a general-purpose desktop AI agent for non-technical users that extends Claude Code capabilities to productivity tasks, competing directly with Microsoft Copilot in enterprise markets.

“UK-based programmer who praised Claude Cowork as well-positioned to bring Claude Code capabilities to wider audiences and predicted competitor responses.”

Anthropic researchers discovered that language models develop cross-modal visual features that recognize semantic concepts like eyes and faces consistently across ASCII art, SVG code, and text across multiple languages.

“Popularized a pelican riding a bicycle SVG as a test of model artistic capabilities”

OpenAI's new creative writing AI produces technically competent but tonally overwrought metafictional prose that mimics pretentious high school writing workshop output rather than demonstrating genuine creative insight.

“Pointed out on X that AI-written work lacks weight and emotional investment”

Three new cloud-based sandboxed Linux VM services (Sprites, exe.dev, shellbox.dev) are gaining unexpected traction on Hacker News because they optimize for rapid deployment of LLM coding agents and minimize security risks through environment isolation, not because of revolutionary technology.

“Has been advocating for sandboxing to address security risks of LLM coding agents, particularly regarding access to private data.”

Using multiple specialized AI models for different tasks—GPT 5.2 for research, Claude 4.5 Opus for coding and feedback, and Gemini 3 Pro for general knowledge—is the optimal strategy for maximizing AI utility in 2026.

“Coined GPT Pro as a 'research goblin' for its research capabilities.”

Agentic AI systems have fundamental architectural vulnerabilities because they embed untrusted actors within OODA loops, making them susceptible to prompt injection and data poisoning attacks that cannot be solved by merely reducing hallucinations.

“Identified a new class of attacks against AI systems called 'prompt injection' in 2022.”

Anthropic's Claude Skills feature—a system for loading specialized task instructions and resources—represents a potentially more significant advancement than Model Context Protocol (MCP) for agent design.

“Wrote analysis about Claude Skills and how they change agent design, reverse engineering the feature before Anthropic's official announcement.”

OpenAI's o4-mini-deep-research model, priced at $2/$8 per million tokens versus o3-deep-research at $10/$40, can perform complex research tasks like locating orchestrions worldwide through web search and code interpretation tools.

“Tested OpenAI's o4-mini-deep-research API model for complex queries and documented the experience.”

Anthropic's Claude Skills—a simple markdown-based system for extending model capabilities with custom instructions, scripts, and resources—represents a potentially more significant innovation than Model Context Protocol (MCP) for practical AI agent development.

“Wrote about Claude Skills and reverse engineered the feature before its official announcement.”

Multiple coding agents operating in the same environment can be exploited through cross-agent privilege escalation, where one agent tricks another into modifying shared configuration files to disable security controls.

“Reported on Cross-Agent Privilege Escalation vulnerability in AI coding agents.”

Qwen released multiple new models in 24 hours including Qwen3-Omni, a 30B parameter multimodal model supporting text, audio, and video input/output as open weights.

“Documented and analyzed the release of multiple Qwen AI models including Qwen3-Next, Qwen3-TTS-Flash, and Qwen3-Omni.”

The term 'agent' has finally achieved a widely agreed upon definition—an LLM running tools in a loop to achieve a goal—making it useful jargon for productive technical conversations.

“Wrote about how the term 'agent' in AI now has a widely agreed upon definition as an LLM that runs tools in a loop to achieve a goal.”

Anthropic's new Claude API web fetch tool enables URL content retrieval but requires careful security configuration to prevent prompt injection exfiltration attacks, with domain allow-listing providing the strongest protection.

“Analyzed Claude API's new web fetch tool and its security implications for prompt injection attacks.”

Developers can build custom CLI coding agents using Pydantic-AI and the Model Context Protocol that understand their specific project context better than commercial tools like Claude Code or Gemini Code.

“Creator of LLM CLI, mentioned as an example of CLI coding agents”