NerdNews

The widely used Axios npm package was compromised with a backdoor Remote Access Trojan (RAT) after attackers hijacked the maintainer's account. Two malicious versions, axios@1.14.1 and axios@0.30.4, were published before being removed. Developers who installed these versions are advised to take immediate action to secure their systems.

Matthew Skelton suggests that Team Topologies provide the necessary infrastructure for agency with AI, focusing on trust, bounded agency, and clear boundaries for humans and AI agents to operate within. He highlights the importance of managing cognitive load and AI context windows to ensure effective stewardship.

Hackers compromised the Axios npm package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. The threat actor published two malicious versions of the package, axios@1.14.1 and axios@0.30.4, which were published without automated OpenID Connect (OIDC) package origin and no matching GitHub commit.

OpenAI has closed a deal to raise $122 billion at an $852 billion valuation. The round was co-led by SoftBank and Andreessen Horowitz, with participation from Amazon, Nvidia, and Microsoft. About $3 billion came from individual investors, and OpenAI will be included in several ETFs managed by ARK Invest.

AI seed startups are commanding higher valuations due to increased investor interest and fast traction. Investors are willing to pay premiums for proven AI talent, and seed VCs are doing more pre-seed deals. However, higher seed valuations mean less margin for error, and founders must grow their companies quickly to justify the high early valuations.

Paul Duvall discusses how agentic AI patterns are reinforcing core engineering discipline, including trunk-based development, automated testing, and specification-driven development. He shares his repository of AI engineering patterns, emphasizing the importance of clear specifications, automated validation, and shift-right feedback.

Anthropic's Claude Code users are experiencing high token usage and early quota exhaustion, disrupting their work. The company has acknowledged the issue and is investigating. Possible factors include recent changes to quotas during peak hours, a promotion that doubled usage limits, and potential bugs in the code that increase token usage.

Adobe Firefly's custom AI models allow users to generate images and content that's specifically designed to work with a brand, enabling consistent color palettes, character designs, and icons. This technology solves the challenge of consistency in generative AI and helps creatives scale their output without sacrificing quality.

Enterprises are deploying AI agents that can reason, plan, and take actions across systems. These agents fall into three categories: agentic chatbots, local agents, and production agents. Each category introduces different operational capabilities and risk profiles. The true risk of an agent depends on two key factors: access and autonomy. Organizations must understand which types of AI agents exist in their organization and prioritize risk based on access and autonomy.

Ring, owned by Amazon, has launched a new app store that expands its cameras' capabilities beyond home security using AI technology. The store allows developers to create apps for various use cases, such as elder care, workforce analytics, and rental management. With over 100 million cameras in the field, Ring aims to unlock new value for its customers while being mindful of privacy concerns.

Mantis Biotech is developing a platform to create 'digital twins' of humans, which can be used to simulate and predict medical issues, study rare diseases, and train AI models. The company's platform integrates disparate data sources and uses a physics engine to create high-fidelity models of the human body. This technology has the potential to solve the data availability problem in medicine and can be used in various fields such as professional sports and preventative healthcare.

Anthropic's AI coding tool Claude Code had its source code exposed due to a mistake in the build pipeline, allowing access to 1,900 TypeScript files and over 512,000 lines of code. The leak was caused by a reference to an unobfuscated TypeScript source in the map file included in Claude Code's npm package. The exposed code has been backed up in a GitHub repository and forked over 41,500 times.

Arm unveiled its AGI CPU, a 136-core chip designed for agentic AI workloads, while Intel's Data Center Group head expressed skepticism about the need for a new type of CPU. Arm argues that existing x86 processors are not optimized for AI workloads, while Intel claims that its existing CPUs can handle these tasks. The debate highlights the different approaches to CPU design for AI workloads, with Arm focusing on efficiency and Intel emphasizing the capabilities of its existing products.

Anthropic accidentally leaked the source code for Claude Code, a closed-source AI project, in an NPM package. The leak included 1,900 files and 500,000 lines of code. Anthropic confirmed the leak and stated that no customer data or credentials were exposed. The company is taking measures to prevent similar incidents in the future.

Waymo has started its robotaxi service at San Antonio International Airport, allowing riders to be dropped off curbside at terminals and picked up at the airport's designated rideshare area. This is the company's fourth major airport and its first in Texas. Waymo plans to make the service available to all public riders soon in San Antonio, where it has been operating an invitation-based system since February.

US Senator Ed Markey's investigation found that seven robotaxi companies, including Waymo and Tesla, refused to disclose how often their autonomous vehicles require remote assistance, citing confidentiality and lack of federal standards.

Amazon's Alexa+ upgrade enables users to order food from Uber Eats and Grubhub in a conversational manner, allowing for easy customization and reordering of favorite meals. This feature is available on Echo Show 8 devices and larger, and is part of Amazon's goal to establish adaptive interaction models.

Nomadic AI, a startup founded by CEO Mustafa Bal and CTO Varun Krishnan, has raised $8.4 million in seed funding to develop a platform that helps companies manage and analyze data from autonomous vehicles and robots. The platform uses vision language models to turn footage into a structured, searchable dataset, allowing for better fleet monitoring and the creation of unique datasets for reinforcement learning and faster iteration.

Rivian spinoff Also will develop autonomous delivery vehicles for DoorDash, with DoorDash participating in Also's $200 million Series C funding round. The partnership aims to leverage Also's micromobility technology and DoorDash's autonomy expertise to create efficient delivery solutions.

Tesla has admitted that its robotaxis are sometimes fully human-controlled, with remote operators taking temporary control of the vehicle. This is different from competitors like Waymo, which allow humans to play a more limited role in the operation of their vehicles. Tesla's approach has raised concerns about the safety and regulation of autonomous vehicles.