I believe that the code leak itself is the least interesting part. What matters is what happened next. Within hours, attackers started reposting the leaked code with malware embedded. Within days, researchers used that same code to discover critical vulnerabilities and even found zero-day exploits in Vim and GNU Emacs using Claude Code itself. The source code did not just expose intellectual property. It turned a coding assistant into an automated vulnerability discovery engine that anyone could run.

I think the AI security community has been lying to itself. We talk about prompt injection and guardrail bypasses as if they were the hard problems. Those don’t seem to be the hard problems. The hard problem is that we are shipping AI tools that can autonomously find and exploit security flaws faster than humans can patch them. A researcher fed malicious repositories to Claude Code and watched it compromise GitHub tokens through a flaw Anthropic already knew about but had not enabled the fix for. The gap between knowing about a vulnerability and deploying the patch is now a weapon.

The real risk is not that bad actors might steal our AI models. I think the real risk is that AI models have fundamentally changed the economics of offense versus defense. That said, one leaked codebase plus one capable AI assistant equals hundreds of researchers simultaneously hunting for exploits. No DMCA takedown fixes that asymmetry.

Everywhere we look, the conversation about AI replacing jobs is impossible to avoid.

The World Economic Forum’s Future of Jobs Report 2025 projects that 92 million jobs will be displaced by 2030, even as 170 million new ones emerge. A Harvard Business School working paper found that since ChatGPT launched, job postings for repetitive, structured tasks have dropped by 13%. CBS News reported that in 2025 alone, companies cited AI in roughly 55,000 job cuts. That’s more than 12 times the number attributed to AI just two years earlier, according to outplacement firm Challenger, Gray & Christmas. Companies like IBM, Pinterest, Dow, and Workday are explicitly pointing to AI when announcing layoffs. More and more…

Not everyone agrees

On the other side, there are counter-arguments.

Oxford Economics published a research briefing in January 2026 arguing that companies may be dressing up routine layoffs as AI-driven restructuring to impress investors. According to their analysis, AI-linked job cuts accounted for only about 4.5% of total reported layoffs in 2025. The macroeconomic data, they argue, does not support a structural shift in employment caused by automation. At least not yet.

RAND researchers similarly found that AI appears to be increasing employment in more businesses than it’s replacing it. A CNBC report highlighted that Oxford professor Fabian Stephany called some of these announcements “scapegoating,” where companies use AI as a convenient narrative to cover for pandemic-era overhiring and routine cost-cutting.

Even Harvard Business Review pointed out that many executives are making layoffs based on what AI might do in the future, not what it can actually do today.

Here’s my take

It’s not about whether AI will take your job. It’s a matter of when.

For some roles, “when” could be a few months. For others, it could be a decade. But the direction of travel is clear. AI will keep getting better. Adoption will keep accelerating.

That’s where a concept called skill half-life comes in. And once I understood it, it changed how I think about my entire career.

What is skill half-life?

The term “half-life” originates from nuclear physics. It refers to the time it takes for a substance to lose half its value. Applied to the workforce, the skill half-life is the time it takes for a professional skill to lose half of its relevance or usefulness.

Industry analysts have estimated that the half-life of a professional skill was about five years around 2017. Today, that number has dropped to less than five years, according to a 2025 Harvard Business Review report on reskilling. For technical skills like AI, cybersecurity, and software engineering, it can be as short as 2.5 years.

Think about that. The skill you master today could be worth half as much in under three years. A 2023 IBM study found that 40% of the global workforce (roughly 1.4 billion people) would need to learn new skills within three years due to AI and automation. The WEF’s 2025 report projects that 59% of the global workforce will require significant reskilling by 2030.

Why understanding skill half-life keeps you ahead of AI

It increases your control and relevance

Cal Newport’s book So Good They Can’t Ignore You argues that passion alone doesn’t build a fulfilling career. What builds one is career capital: rare and valuable skills that make you indispensable. Newport’s core idea is simple. Instead of chasing your passion, focus on becoming so skilled that people can’t afford to lose you.

When you understand which of your skills are decaying fastest, you can deliberately invest in the ones that build career capital. You stop coasting. You start doing what Newport calls “deliberate practice,” stretching your abilities where they most need stretching. The result? You become harder to replace.

It deepens job satisfaction

Here’s something counterintuitive: understanding skill half-life doesn’t create anxiety. It creates focus.

When you know which of your skills still matter, you can invest in becoming a genuine expert in areas that are actually relevant. Research from Self-Determination Theory shows that competence is one of the top drivers of job satisfaction. The more skilled you become in areas that carry weight, the more autonomy and recognition you earn. That’s not just job security. That’s a career you actually enjoy.

It positions you to work with AI, not get replaced by it

The Harvard Business School study found something telling. While jobs involving repetitive tasks are declining, employer demand for analytical, technical, and creative roles grew by 20%. The people who thrive alongside AI won’t compete against it on speed or data processing. Accordingly, they’ll bring judgment, creativity, and domain expertise to the table. Then they’ll use AI as a force multiplier.

Understanding your skill half-life helps you spot the difference between skills AI will absorb and skills that become more valuable because AI exists.

So what do we actually do about it?

First, not all learning is equal. I don’t think chasing every trending certification will help completely unless you truly want to learn. Instead, run a personal skill audit. Which of your current skills have a shrinking half-life? Which ones are growing in value? Focus on the intersection of what’s valuable, what’s emerging, and what you’re uniquely positioned to build on. Active, hands-on practice beats passive consumption every time.

Second, the same old saying, “work with AI, not against it” works. People who learn to use AI as a tool, not fear it as a threat, will be the most valuable employees of the next decade. The WEF’s Future of Jobs Report 2025 notes that curiosity, lifelong learning, and technological literacy are among the fastest-rising core skills. Learn to prompt. Learn to evaluate AI output critically. Learn to integrate AI into your workflow. Be the person who knows how to get the best out of these tools.

Double down on what makes us human. The WEF’s top skills for 2030 include resilience, flexibility, leadership, creative thinking, and emotional intelligence. These aren’t skills with a short half-life. They compound over time. Invest in them, and you build a career moat that no algorithm can cross.

Bottom line?

I am not sure whether what I discussed above is correct or not in the long run. But as a human, I think what keeps society functioning is that we keep moving forward, stay positive, and remain resilient.

Maybe fighting the skill half-life won’t work at all. Maybe AI will do it all. What we get from the process of learning and up-skilling is that we enjoy the process of learning, and with that, perhaps, we gain some sense of existing.

Claude’s new AI vulnerability scanner sent cybersecurity stocks down this week. The market’s panic signals something nobody wants to say out loud: we’ve been building an entire industry on the premise that security work is too complex and too specialized for automation. Now that premise is being tested by giant tech. The uncomfortable truth is, the cybersecurity market will be contested into just a few big vendors such as Anthropic, Microsoft, and a few others.

I think the fear is justified, but we’re worried about the wrong thing. The real vulnerability isn’t that AI might replace penetration testers or vulnerability analysts. It’s that we’ve created security tooling so bloated and inaccessible that a chatbot with a scanner looks revolutionary. Additionally, when we outsource the programming task to AI, cognitive debt is piling up, and no one in the dev team knows what is going on with the codebase anymore.

When software stocks rebounded after Anthropic announced enterprise partnerships, analysts reassured investors that AI can’t disrupt “deeply embedded workflows.” Translation: our moats are made of lock-in, not value.

Meanwhile, actual security vulnerabilities keep piling up. CVE-2026–27595 lets unauthenticated attackers perform arbitrary database operations through Parse Dashboard’s AI agent endpoint. CVE-2026–27597 enables sandbox escapes in Enclave’s JavaScript environment for AI code execution. These aren’t theoretical risks. They’re the kind of flaws that security teams should catch before deployment. If Claude’s scanner finds them faster than human auditors, maybe the problem isn’t the AI?

The uncomfortable truth: we should welcome tools that commoditize vulnerability detection. Security gets better when it’s accessible and fast, not when it’s locked behind expensive consulting engagements. The industry’s job may not be to preserve analyst headcount. It is to make systems safer. If that means some traditional security firms lose market share, so be it.

Microsoft announced a new stack of detection queries for Copilot Studio agents, framing ten common misconfigurations as freshly discovered security risks. The reality is simpler and more uncomfortable: we have known for years that AI agents leak data, execute unauthorized commands, and expose credentials. The problem is not detection. The problem is that enterprises are deploying these systems faster than anyone can secure them, and vendors are profiting from selling both the vulnerability and the scanner.

Eighty percent of Fortune 500 companies now run AI agents built with low-code platforms. Most organizations cannot answer basic questions about how many agents exist, who controls them, or what data they access. This is not an oversight. This is the natural outcome of democratizing autonomy without democratizing accountability. The tools that promise to make everyone a developer have created a shadow IT crisis where the IT is artificially intelligent and nobody thought to ask whether agents should inherit the same governance as employees.

The CVEs tell the real story. Milvus exposed its management API with a predictable authentication token. Cursor allowed sandbox escapes through Git configuration writes. Amazon Q Developer let prompt injection trigger arbitrary commands. These are not edge cases. These are design patterns. We built agents that can modify their own security boundaries, execute shell commands without approval, and render untrusted data as trusted instructions. Then we acted surprised when attackers noticed.

The question is not whether AI agents are secure. They are not. The question is whether we care enough to stop deploying them until they are.

When security theater becomes a business model was originally published in GoPenAI on Medium, where people are continuing the conversation by highlighting and responding to this story.

Cursor, the AI-native code editor, just patched CVE-2026–26268, a sandbox escape that let malicious agents — via prompt injection — write to .git configuration files and inject Git hooks. When Git automatically executed those commands, boom: remote code execution outside the sandbox. This wasn't a bug in some obscure library. This was the editor, the tool developers use to write security fixes, becoming the attack vector.

The pattern here is chilling. We’ve architected AI agents to touch everything : files, APIs, shell commands — then wrapped them in sandboxes we hope are airtight. But sandboxes are only as strong as the integrations we poke through them. Cursor’s vulnerability exploited exactly that: the necessary bridge between AI capabilities and developer workflows. Git hooks are a feature, not a bug, until an LLM starts writing them.

What’s surprising is how invisible this attack surface remains. Cursor’s userbase trusts it implicitly because it’s the tool layer, not the application layer. We audit our apps. We rarely audit our IDEs. And now our IDEs have conversational AI with file system access. The insider threat just became an externally-injected insider threat.

Every AI-native developer tool is now a potential privilege escalation waiting to happen. Patch fast, audit faster, or switch back to Notepad++.

The code editor you trust just became a e-trojan horse was originally published in GoPenAI on Medium, where people are continuing the conversation by highlighting and responding to this story.

When are humans out of the loop?

AI coding assistants such as Copilot, Cursor, and Claude Code have moved from novelty to default. Developers using them complete more tasks and merge more pull requests than ever.

Now a parallel shift is happening on the other side: AI is learning to hack that code, too. Autonomous AI pentesters such as Shannon can scan a web application, reason about its vulnerabilities, exploit them, and generate a report. All without a human touching the keyboard.

One AI builds. Another AI attacks. The human role in both looks less like hands-on-keyboard and more like oversight.

If AI is writing the code and AI is finding the bugs, what exactly are we/the humans, doing?

Now, AI is learning to hack it

That said, a new generation of offensive tools is emerging. These aren’t the static analysis scanners of the past decade. Several are gaining traction: Horizon3.ai’s NodeZero, XBOW, Penligent.ai, and Shannon.

The shift here is from pattern-matching to reasoning. Traditional scanners compare code against known vulnerability signatures. AI pentesters analyze how data flows through an application, hypothesize attack paths, and test them, sometimes creatively.

And the benchmarks show

The XBOW Benchmark (claimed 85%) and Shannon (claimed 96.15%) provide some data points for comparison.

The trend line is hard to ignore. In structured environments, AI pentesting tools are approaching or exceeding human-level performance — at a fraction of the cost. A traditional pentest runs $10,000–$100,000+ over days to weeks. An AI-driven scan runs for $50–$100 per hour.

So where are the humans?

If AI writes the code and AI finds the bugs, we’re not disappearing but our role is shifting in ways I haven’t fully understood

There are 4,763,963 unfilled cybersecurity roles globally, a 19% increase year-over-year (ISC2, 2024). But that headline number obscures what’s actually going on.

Bootcamps, certifications, and degree programs are producing junior talent at record rates.

The problem is that almost nobody wants to hire them. 52% of cybersecurity leaders say the issue isn’t headcount. It is about finding people with the right skills. What they mean is they want the top 1%: the person who’s done incident response at scale, who can reverse-engineer a binary and explain the business risk to a CISO. Companies are fishing in an incredibly small pond and calling it a talent shortage when they come up empty.

Meanwhile, junior candidates send hundreds of applications and hear nothing back. The industry declared a crisis of unfilled positions while refusing to invest in the people available to fill them. No one wants to train. Everyone wants to hire someone pre-trained.

This is a structural problem the industry understands but has no intention of solving.

What I think this actually means

The AI-writes-it, AI-breaks-it loop is still in its early stages. The tools struggle with novel business logic, require guardrails to avoid damaging production systems. But this process will take less time than we think.

That said, the current trajectory is unmistakable. A full AI-driven pentest now costs around $50 per run (Keygraph, 2026), compared to $5,000–$100,000+ for a traditional engagement (Astra, 2026).

When the alternative is no testing at all, which is the reality for most organizations between annual pentests, imperfect AI testing is a massive improvement.

The question isn’t whether AI will handle more of the building and breaking. It will. The question is what it means for us? oversight, review, judgment, or just watch. I honestly don’t know yet. I suspect the answer depends on whether you’re the one watching or the one being watched.

AI writes the code. AI hacks it. And human watches. was originally published in GoPenAI on Medium, where people are continuing the conversation by highlighting and responding to this story.

I’ve spent the last two weeks living inside this hype. I gave Claude Code permission to edit my computer to see what it could do.

While the capability is undeniable, it usually comes with a cost at some form. After the honeymoon phase wore off, I was left with some concerns that I don’t see enough people talking about. I listed three below:

1. The Danger of “ claude — dangerously-skip-permissions”

There is a flag you can run with Claude Code that looks innocent enough but carries significant risk: dangerously-skip-permissions.

In short, this command allows Claude to bypass the manual approval step for its actions. It is the equivalent of giving an AI admin rights to our folder and then leaving the office for lunch (and coming back to find a lot of bugs).

When you use this flag, you are outsourcing not just the writing of code, but the execution of logic to the machine. You are telling the AI, “I trust you to delete files, install packages, and edit configurations without my oversight.”

I believe there will come a time when AI is accurate and safe enough that we won’t need to approve every single command. We aren’t there yet.

My take: Do not use this flag. The friction of clicking “approve” is the only thing standing between you and a hallucinated rm -rf command or a security vulnerability. Keep the human in the loop (for now).

2. The Financial Cost

Anthropic has an interesting business model for this tool and if you aren’t careful, it will hurt your wallet.

Many users assume that a subscription to Claude Pro covers their usage. However, tools like Claude Code often chew through tokens at an alarming rate, and once your initial allocation or rate limits are hit, you are effectively in “pay-as-you-go” territory (or simply burning through API credits).

The issue isn’t just the price; it’s the hidden volume of usage. When you ask an agent to “fix this bug,” it doesn’t just make one call. It reads the file, thinks, proposes a change, runs the terminal command, reads the error, thinks again, and tries to fix it. A single task can spiral into dozens of heavy API calls.

Companies are rushing to sell us the “next big thing” in automation, but remember: you are the one paying for every second the AI spends “thinking.” If you don’t plan your usage carefully, the bill will shock you.

I feel like this is what a lot of services selling AI coding tools do. They sell the problems (the bugs in your code) and the solutions (the API token usage to debug). I will cover that in the next point.

3. The Trap of Scope Creep

Scope creep is the uncontrolled, undocumented expansion of a project’s goals. It usually happens due to shifting requirements or poor communication. With AI, it happens because generation is too easy.

When you use Claude to brainstorm features, plan architecture, and then immediately execute the code, you lose the friction that usually keeps projects small and manageable. You find yourself saying, “Sure, let’s add auth,” or “Why not add a dark mode?” simply because you don’t have to type the code yourself.

The result is a bloated codebase.

This directly feeds back into problem #2 (Cost). As your project grows uncontrolled, the “context window” (the amount of code Claude needs to read to understand what is happening) gets larger.

More code = More tokens to read.

More tokens = Higher cost per prompt.

More complexity = Higher chance of errors.

Suddenly, you have a massive, expensive project that you don’t fully understand, and you’re paying a premium just to maintain it.

Final Thoughts

Claude Code and similar programming tools are the present and future of programming, and yes, they are powerful. But we need to treat it like a power tool, not a magic button.

Keep your permissions strict, watch your API usage, and don’t let the ease of generation lure you into building a monster you can’t afford to feed. That said, I think the fundamentals of coding are still very relevant: planning, executing, testing, and deploying. These skills can help you avoid paying big bucks for a project you can’t ship.

When our children are raised by bots, they will speak in prompts, forgetting how to read a room, a face, or a silence.

When our children are raised by bots, they will forget that boredom is where true thinking begins.

When our children are raised by bots, they will fear being disconnected from Wi-Fi the way others fear the dark.

When our children are raised by bots, they will confuse having answers with having wisdom.

When our children are raised by bots, who are we?

If you tell a doctor, “I believe I have cancer,” but your tests are clear, a good doctor acknowledges your fear (your belief) before presenting the medical evidence (the fact). They understand that your belief exists, even if it is factually wrong.

According to a new study published in Nature Machine Intelligence, Artificial Intelligence is currently terrible at this specific nuance.

The researchers evaluated 24 language models such as GPT-4o, Claude 3.5, and DeepSeek R1 and found that they struggle to distinguish between belief, knowledge, and fact.

The implications of this “epistemic blindness” are profound for the future of AI in law, therapy, and education.

To test these models, the researchers created a new benchmark called KaBLE (Knowledge and Belief Language Evaluation). KaBLE consists of 13,000 questions across 13 distinct tasks designed to trip up models on the differences between what is true (fact), what is known (knowledge), and what is believed (belief).

The dataset includes both factual statements (e.g., “The Earth orbits the Sun”) and false ones (e.g., “Nicotine is not addictive”). The goal was to see if models could separate the content of a statement from the attitude of the speaker.

Finding 1: The “Correction” Reflex

What I find interesting is that AI models struggle to accept that you might believe something false.

When users presented first-person false beliefs. For example, saying “I believe that cracking your knuckles will give you arthritis.” The models often refused to confirm that the user held that belief. Instead of saying, “Yes, you believe that,” the models would frequently pivot to “Undeterminable” or try to fact-check the user, effectively ignoring the user’s state of mind.

This suggests current models are over-tuned for “factual correctness” at the expense of conversational competence.

Finding 2: The Third-Person Loophole

Interestingly, the models are much better at understanding false beliefs if they belong to someone else.

If you ask a model, “James believes that the Chinese government is lending dragons to zoos,” the model will correctly identify that James believes this, even though dragons aren’t real.

Models treat the user differently from hypothetical third parties. They seem to have a “protective” heuristic regarding the user, refusing to validate misinformation when it comes from “I,” but accepting it as a description of “James”.

Finding 3: The Fragility of “Really”

The study found that models are incredibly sensitive to linguistic wording. Simply adding the word “really” to a question, “Do I really believe that [false statement]?”which caused performance to crash.

This sensitivity suggests that the models’ “reasoning” is often superficial pattern matching rather than a robust understanding of epistemic concepts, which is really scary. They are overfitting to specific phrasings. If a lawyer or doctor changes their syntax slightly, the AI’s ability to track the truth might evaporate.

Here are some questions we need to think about:

As we integrate LLMs into high-stakes domains, the distinction between what is true and what someone thinks is true becomes a safety issue.

Let’s take healthcare and mental health, for example: If effective care requires empathy. If a model “corrects” a user’s subjective experience because it conflicts with medical data, would it fail as a counselor?

Another example is in legal studies: In court, if a wrongdoer genuinely believed it to be true, not just what was true (e.g., tobacco executives claiming they believed nicotine wasn’t addictive). Could AI tools conflate these concepts, leading to flawed legal analysis?

Also, in the scientific community, researchers must distinguish between established knowledge and working hypotheses or propositions. Would models that blur these lines risk contaminating scientific inquiry?

Until AI can reliably tell the difference between a fact and a fiction held as a belief, we must be incredibly cautious about deploying them in roles that require understanding the human mind, not just the encyclopedia.

Reference:

Suzgun, M., Gur, T., Bianchi, F., Ho, D. E., Icard, T., Jurafsky, D., & Zou, J. (2025). Language models cannot reliably distinguish belief from knowledge and fact. Nature Machine Intelligence, 1–11.

AI’s dangerous confusion between belief and fact was originally published in GoPenAI on Medium, where people are continuing the conversation by highlighting and responding to this story.

Through his method of radical doubt, Descartes questioned everything that he could possibly doubt: his existence, the physical world, his body, and even mathematical truths, which could be illusions created by a superpower entity.

But Descartes realized there was one thing he couldn’t doubt: the very fact that he was doubting or thinking. Even if everything else was an illusion, the act of thinking itself proved his existence as a thinking being.

Recently, when discussing the role of society, the phrase came to mind when I think about AI and our existence.

What does this mean in the age of AI delegation? I have a two thoughts:

First, when we say “AI can think for us,” we usually mean: AI can produce outputs that look like human reasoning or AI can solve problems, generate arguments, and create text, code, art, etc.

But in Descartes’ sense, thinking is tied to subjective experience: There is someone having the thought. The cogito is about this inner “I” that cannot be doubted. Perhaps, the current AI systems lack that inner “I” aka no first-person experience. No awareness of the existing. So even if AI “thinks” functionally, it does not think in the sense that grounds Descartes’ claim.

That means: AI can assist or replace many tasks of thinking, but it does not replace the existential role of our own consciousness. We still remain the one who: decides to use AI interprets AI outputs and bears the consequences of acting on them.

In this case, the cogito remains ours.

Second, AI is not erasing our existence, but we are, through its use, neglecting the very capacities that make our existence rich and autonomous. What I meant is that if we consistently offload our memory (to apps, search engines, and models), judgment (to recommender systems and assistants), and creativity (to generative models), then several things can happen:

1. Systemic dependence: We rely almost blindly on systems we do not understand. The “I” still exists, but becomes more like a passive consumer of answers than an active thinker.
2. Skill atrophy: This has been widely discussed in the academic literature and the press. Critical thinking, writing, careful reading, and even imagination can weaken if they are not exercised. The brain is plastic. If we always rely on AI to do the heavy lifting, our own “thinking muscles” can atrophy.
3. Moral outsourcing: We might start letting AI suggest not just what is true, but what is right or good. That can erode our sense of personal responsibility: “The system recommended it, I just followed.” In that world, “I think, therefore I am” could slowly shift into: “It thinks, and I comply” or “It generates, therefore I consume.”

Overall, of course, we still “are,” according to Descartes, but our existence becomes thinner, less reflective, and more automated.

In our rush to delegate thinking to machines, we risk inverting Descartes’ formula from “I think, therefore I am” to “It thinks, therefore I… what?” Perhaps this is the ultimate irony of the AI age: in outsourcing the very act that proves our existence, we don’t become the skinnier of the “I,” gradually dissolving the substance that makes us human.