Notices by Simon Willison (simon@fedi.simonwillison.net)

If you use "AI agents" (LLMs calling tools in a loop) you need to be aware of the Lethal Trifecta

Any time you combine access to private data, exposure to untrusted content and the ability to externally communicate an attacker can trick the system into stealing your data https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

The biggest scandal in AI energy usage right now deserves to be the xAI data center running on 35 methane gas turbines that don't need air permits because they are "temporary" and don't have catalytic reduction pollution controls installed because... they just didn't bother?
https://simonwillison.net/2025/Jun/12/xai-data-center/

The WWDC announcements I'm most excited about are the new Foundation Models framework (for accessing Apple's on-device LLMs) and the Containerization framework for running Docker-style containers without hosting them all in a single Linux VM - here's links to relevant docs for both of those: https://simonwillison.net/2025/Jun/9/apple-wwdc/

Comma v0.1 1T and 2T-7B are two brand new LLMs trained exclusively on public domain and openly licensed text!

I got the 2T one running locally on my Mac after porting it to MLX - notes on that here: https://simonwillison.net/2025/Jun/7/comma/

The AI Engineer World's Fair keynotes livestream is up and running, I'll be speaking about LLMs in 2025 (so far) at 10am, in about 54 minutes https://www.youtube.com/watch?v=z4zXicOAF28

It's interesting how the major LLM API vendors are converging on the following features:

- Code execution: Python in a sandbox
- Web search - like Anthropic, Mistral seem to use Brave
- Document library aka hosted RAG
- Image generation (FLUX for Mistral)
- MCP

MIstral today: https://simonwillison.net/2025/May/27/mistral-agents-api/

The rate MCP support rolled out in the major vendor APIs is pretty astonishing: OpenAI added it May 21st, Anthropic launched theirs May 22nd and now Mistral have launched theirs on May 27th!

Once again, if your LLM system combines access to private data, exposure to malicious instructions and the ability to exfiltrate information (through tool use or through rendering links and images) you have a nasty security hole

This time, GitLab: https://simonwillison.net/2025/May/23/remote-prompt-injection-in-gitlab-duo/

https://benjaminaster.com/css-minecraft/ by Benjamin Aster is incredible! Editable Minecraft-style world, entirely CSS and HTML, not a single line of JS

My notes on how it works here. It uses radio boxes for state, paused animations for controlling the viewport https://simonwillison.net/2025/May/26/css-minecraft/

When lawyers first started getting yelled at by judges for citing hallucinated case law two years ago I naively assumed word would get around and they would all quickly learn not to

This new database has 116 cases from 12 countries where this happened, and 20 of them were from just this month!

https://simonwillison.net/2025/May/25/ai-hallucination-cases/

There was a pelican riding a bicycle in today's Google I/O keynote! https://simonwillison.net/2025/May/20/google-io-pelican/

I built a new LLM plugin that can turn a PDF into an image-per-page for feeding into vision models, and in testing it found that GPT-4.1 mini hallucinates WILDLY if you feed it a blank white rectangle followed by a blank black rectangle https://simonwillison.net/2025/May/18/llm-pdf-to-images/

My favorite local model right now is a bit of surprise to me: I'm really enjoying the relatively tiny Qwen3-8B, running the 4bit quantized version on my Mac using MLX

It's surprisingly capable given it's a 4.3GB download and uses just 4-5GB of RAM while it's running

https://simonwillison.net/2025/May/2/qwen3-8b/

I'm glad somebody out there is brave enough to push back against the "personal ChatGPT usage is terrible for the environment" message https://andymasley.substack.com/p/a-cheat-sheet-for-conversations-about

"If you want to prompt ChatGPT 40 times, you can just stop your shower 1 second early."

"If I choose not to take a flight to Europe, I save 3,500,000 ChatGPT searches. this is like stopping more than 7 people from searching ChatGPT for their entire lives."

New AI ethics scandal brewing... turns out a team at University of Zurich had dozens of undisclosed AI bot accounts debating with people on /r/ChangeMyView from November 2024 to March 2025 https://simonwillison.net/2025/Apr/26/unauthorized-experiment-on-cmv/

I'm tilting at windmills again, trying to convince people that phones don't spy on you through your microphone to target ads at you https://simonwillison.net/2025/Apr/26/rant/

Announcing Datasette for Newsrooms - a hosted version of @datasette.io specifically targeted at newsrooms and data journalists

Think of it as a library for your data - load in CSVs and JSON, extract data with LLMs, collaborate on analysis with the rest of your team
https://simonwillison.net/2025/Apr/24/introducing-datasette-for-newsrooms/

Meta just dropped Llama 4 on a weekend! Two new open weight models (Scout and Maverick) and a preview of a model called Behemoth - Scout has a 10 million token context

Best information right now appears to be this blog post: https://ai.meta.com/blog/llama-4-multimodal-intelligence/

Here's the table of contents for my lengthy new piece on how I use LLMs to help me write code https://simonwillison.net/2025/Mar/11/using-llms-for-code/

My California Clock Change app is handy today
https://tools.simonwillison.net/california-clock-change

I vibe-coded it with Claude last year https://gist.github.com/simonw/9510723176f5b44ac1ebc495c95a4bc7