Notices by Simon Willison (simon@fedi.simonwillison.net)

I've now reached the "six coding agents in six terminal windows at once" phase of parallel agent delirium
https://simonwillison.net/2025/Nov/11/six-coding-agents-at-once/

Claude Skills are awesome, maybe a bigger deal than MCP
https://simonwillison.net/2025/Oct/16/claude-skills/

Python 3.14 is out today! Here are my notes on the new release: https://simonwillison.net/2025/Oct/8/python-314/

If you're an open source library maintainer who supports all current Python releases this also means you can drop 3.9 support now and start depending on features from 3.10, like match/case

I wrote about Anthropic's $1.5 billion class action lawsuit settlement over pirated ebooks and why I think that, bizarrely, this may count as a WIN for Anthropic https://simonwillison.net/2025/Sep/6/anthropic-settlement/

Some notes on the new Claude API web fetch tool, which I think can be used safely despite the risk of prompt injection exfiltration attacks if you're really careful with the allowed_domains parameter https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/

Posted some of my own notes on Shlok Khemani's (excellent and comprehensive) notes on how Claude and ChatGPT's memory implementations differ from each other https://simonwillison.net/2025/Sep/12/claude-memory/

I was interviewed in the Financial Times about "the perils of vibe coding", and it made it into the print edition! https://simonwillison.net/2025/Aug/29/the-perils-of-vibe-coding/

Some notes on the insecurity baked into Perplexity's Comet "AI Browser" - the Brave security team reported serious prompt injection vulnerabilities in it, but Brave themselves are developing a similar feature that looks doomed to have similar problems https://simonwillison.net/2025/Aug/25/agentic-browser-security/

Notes on PyPI's new protection against domain resurrection attacks, where an attacker registers an expired domain in order to gain access to account reset emails https://simonwillison.net/2025/Aug/19/pypi-preventing-domain-resurrection-attacks/

I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, MCP security and the lethal trifecta. Here are the annotated slides from my presentation, including notes on my weird hobby of trying to coin or amplify new terms of art https://simonwillison.net/2025/Aug/9/bay-area-ai/

Mistral shared what look like the most detailed numbers yet for the environmental impact of training a frontier LLM - their Mistral Large 2 used 20,4 ktCO₂e and 281,000 m3 of water

I'd love to see numbers like that provided in context though, hard to evaluate alone https://simonwillison.net/2025/Jul/22/mistral-environmental-standard/

I got quoted a couple of times in this AP
story about Grok searching for opinions by Musk https://apnews.com/article/grok-4-elon-musk-xai-colossus-14d575fb490c2b679ed3111a1c83f857

If you ask the new Grok 4 for opinions on controversial questions, it will sometimes run a search to find out Elon Musk’s stance before providing you with an answer!
https://simonwillison.net/2025/Jul/11/grok-musk/

We ditched CGI in the late 1990s because of the overhead of starting, executing and stopping a process for every incoming request... turns out modern servers (plus languages like Go or Rust with a fast startup time) mean CGI isn't such a bad idea any more! https://simonwillison.net/2025/Jul/5/cgi-bin-performance/

The is diabolical... a Python object that hallucinates method implementations on demand any time you call them, using my LLM Python library https://github.com/awwaiid/gremllm

If you use "AI agents" (LLMs calling tools in a loop) you need to be aware of the Lethal Trifecta

Any time you combine access to private data, exposure to untrusted content and the ability to externally communicate an attacker can trick the system into stealing your data https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

The biggest scandal in AI energy usage right now deserves to be the xAI data center running on 35 methane gas turbines that don't need air permits because they are "temporary" and don't have catalytic reduction pollution controls installed because... they just didn't bother?
https://simonwillison.net/2025/Jun/12/xai-data-center/

The WWDC announcements I'm most excited about are the new Foundation Models framework (for accessing Apple's on-device LLMs) and the Containerization framework for running Docker-style containers without hosting them all in a single Linux VM - here's links to relevant docs for both of those: https://simonwillison.net/2025/Jun/9/apple-wwdc/

Comma v0.1 1T and 2T-7B are two brand new LLMs trained exclusively on public domain and openly licensed text!

I got the 2T one running locally on my Mac after porting it to MLX - notes on that here: https://simonwillison.net/2025/Jun/7/comma/

The AI Engineer World's Fair keynotes livestream is up and running, I'll be speaking about LLMs in 2025 (so far) at 10am, in about 54 minutes https://www.youtube.com/watch?v=z4zXicOAF28