Hacking AI: Why Most AI Systems Are Insecure by Default

Trust AI? Stop Shipping Output You Didn’t Read

At a recent meetup, a room of about 55 people was asked: do you know every line of code you shipped to production? One person raised their hand: Chris. That moment became the center of this episode. Not because AI-assisted coding is bad, but because it exposes the real risk: developers are starting to trust AI-generated output without fully owning it. In this episode, Miriah, Chris, and Matt talk about AI psychosis: the slow offloading of judgment, skepticism, and responsibility to systems that sound confident by design. We dig into AI slop, sycophantic models, no-slop.ai, Mitchell Hashimoto’s warning about companies operating under AI psychosis, and why “Claude wrote it” is not a defense when production breaks. This is not an anti-AI episode. We use AI constantly. The point is to stop treating AI like an oracle and start treating it like a tool that needs constraints, review, and ownership. Topics: * The 1-of-55 meetup story * What AI psychosis means for developers * Who owns AI-generated code? * Why confident output is not the same as correct output * no-slop.ai and the rule: don’t send AI output you haven’t read * Mitchell Hashimoto on AI psychosis in companies * Why arguing with AI usually wastes time * How sycophantic models pull users into the spiral * Practical ways to keep AI honest * Why smaller or self-hosted models can make AI feel less magical Links: * no-slop.ai: https://no-slop.ai [https://no-slop.ai] * Mitchell Hashimoto post: https://x.com/mitchellh/status/2055380239711457578 [https://x.com/mitchellh/status/2055380239711457578?utm_source=chatgpt.com] * Timnit Gebru post on AI psychosis: https://www.linkedin.com/posts/timnit-gebru-7b3b407_surviving-ai-psychosis-activity-7454588079467593729-X1eT [https://www.linkedin.com/posts/timnit-gebru-7b3b407_surviving-ai-psychosis-activity-7454588079467593729-X1eT] * HBR trendslop article: https://hbr.org/2026/03/researchers-asked-llms-for-strategic-advice-they-got-trendslop-in-return [https://hbr.org/2026/03/researchers-asked-llms-for-strategic-advice-they-got-trendslop-in-return] * Patreon: https://patreon.com/DomesticatingAIPodcast [https://patreon.com/DomesticatingAIPodcast] * YouTube: https://www.youtube.com/@DomesticatingAI [https://www.youtube.com/@DomesticatingAI] * Apple Podcasts: https://podcasts.apple.com/us/podcast/domesticating-ai/id1873338950 [https://podcasts.apple.com/us/podcast/domesticating-ai/id1873338950] * Spotify: https://open.spotify.com/show/2WsAR4fvcXzp3vVZGVlkE2 [https://open.spotify.com/show/2WsAR4fvcXzp3vVZGVlkE2] Keep your AI on a leash.

Stop Building AI Agents: Build Harnesses Instead | Hamza Tahir (ZenML / Kitaru)

Everyone is building AI agents. OpenAI SDKs, Claude Code, Deep Agent systems, custom workflows, and orchestration frameworks all promise more autonomous AI. But as these systems become more capable, they start running into familiar engineering problems: * retries * state management * orchestration * context control * durable execution This week we're joined by Hamza Tahir, CTO and co-founder of ZenML and creator of Kitaru, to discuss what happens when agents stop being simple chat interfaces and start behaving like long-running distributed systems. We explore: * what an agent harness actually is * durable execution and why it matters * orchestration vs business logic * state management for long-running agents * retries, checkpoints, and human-in-the-loop workflows * context management and token costs * open vs closed agent frameworks * why everyone seems to be rebuilding the same layer of infrastructure One of the biggest questions we kept coming back to: What is a meta harness? If you have an answer, let us know in the comments. Kitaru https://github.com/zenml-io/kitaru [https://github.com/zenml-io/kitaru] ZenML https://www.zenml.io [https://www.zenml.io] Hamza Tahir https://www.linkedin.com/in/hamzatahir/ [https://www.linkedin.com/in/hamzatahir/] Pedro Agentware https://github.com/Soypete/pedro-agentware [https://github.com/Soypete/pedro-agentware] OpenAI Agents SDK https://platform.openai.com/docs/guides/agents [https://platform.openai.com/docs/guides/agents] Temporal https://temporal.io [https://temporal.io] DBOS https://www.dbos.dev [https://www.dbos.dev] Apache Airflow https://airflow.apache.org [https://airflow.apache.org] Prefect https://www.prefect.io [https://www.prefect.io] Domesticating AI is a bi-weekly podcast about practical AI for developers. We help you brace the feral open-source AI landscape — so you can tame it instead of getting dragged by it. Subscribe on YouTube, follow on Spotify or Apple Podcasts, and support the show on Patreon. Keep your AI on a leash. Links

Self-Hosting AI: Scaling Is the Real Problem

AI is easy to use — but hard to scale. In this episode of Domesticating AI, we’re joined by Daniel Dowler (Red Hat) to break down what actually happens when you move from calling APIs to running AI systems yourself. Recorded on April 21st Most developers interact with AI through APIs — fast, simple, and pay-per-token. But behind the scenes, those systems rely on GPU scheduling, batching, and infrastructure that doesn’t behave like traditional software. We cover: * Why GPU scaling is fundamentally different from CPU scaling * Why tools like vLLM are becoming the default for high-performance inference * How Ray and Kubernetes fit into real-world AI systems * What parallelism (tensor, data, expert) actually means in practice * When self-hosting AI makes sense * When APIs are still the better choice * Claude Opus 4.7 https://www.anthropic.com/news/claude-opus-4-7 [https://www.anthropic.com/news/claude-opus-4-7] * Qwen 3.6 (Alibaba) https://qwen.ai/research [https://qwen.ai/research] * Kimi K2.6 (community discussion) https://www.reddit.com/r/LocalLLaMA/s/kvRWb7uJgM [https://www.reddit.com/r/LocalLLaMA/s/kvRWb7uJgM] * vLLM → https://github.com/vllm-project/vllm [https://github.com/vllm-project/vllm] * Ray → https://github.com/ray-project/ray [https://github.com/ray-project/ray] * Kubernetes → https://kubernetes.io [https://kubernetes.io] * Kueue → https://kueue.sigs.k8s.io [https://kueue.sigs.k8s.io] * LiteLLM → https://github.com/BerriAI/litellm [https://github.com/BerriAI/litellm] * KServe → https://kserve.github.io Daniel Dowler Platform engineer at Red Hat focused on Kubernetes and AI infrastructure. Daniel works on how modern systems support real workloads, including GPU scheduling, distributed inference, and scaling AI in production environments. He recently spoke at Machine Learning Utah on AI infrastructure and clustering. You don’t scale AI with replicas. You scale it by managing scarce compute. Subscribe on Spotify or Apple, and follow us on YouTube. 👉 Keep your AI on a leash. 🧠 News🔗 Tools & Tech Mentioned👤 Guest🎯 Key Takeaway

You’re Using AI Wrong: Build the System, Not Just the Prompt /w Lexi Pasi

Recorded: April 14, 2026 Most people using AI today are still users. They open ChatGPT, call an API, and get an answer. And honestly… it works. But that’s not the same as building with AI. In this episode of Domesticating AI, we break down the difference between AI users and AI practitioners—and why that shift matters if you want reliable systems. We’re joined by Alexandra “Lexi” Pasi, PhD, CEO of Lucidity Sciences, to talk about what it actually means to own the system around AI: * why calling an API is still user behavior * what changes when you build the harness * how agent systems actually fail (loops, cost, drift) * why switching models isn’t a reliability strategy * how to add layers—constraints, validation, and control flow * why engineering discipline matters more with AI, not less If you’ve built your first AI agent, workflow, or coding loop—this is the “now what?” episode. Alexandra Pasi is the CEO of Lucidity Sciences, where she works at the intersection of mathematics, machine learning, and real-world system design. She holds a PhD in Mathematics from Baylor University and specializes in building analytical and algorithmic systems that bring structure to complex, uncertain environments. 🔗 LinkedIn: https://www.linkedin.com/in/alexandrapasi/ [https://www.linkedin.com/in/alexandrapasi/?utm_source=chatgpt.com] 🔗 Lucidity Sciences: https://luciditysciences.com [https://luciditysciences.com] * Google TurboQuant (LLM compression research) https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/ [https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/?utm_source=chatgpt.com] * Anthropic Claude Mythos Preview (security-focused model) https://red.anthropic.com/2026/mythos-preview/ [https://red.anthropic.com/2026/mythos-preview/?utm_source=chatgpt.com] * Project Glasswing (Anthropic security initiative) https://www.anthropic.com/glasswing [https://www.anthropic.com/glasswing?utm_source=chatgpt.com] * Karpathy Autoresearch (self-improving training loop) https://github.com/karpathy/autoresearch [https://github.com/karpathy/autoresearch?utm_source=chatgpt.com] * Kitaru (durable agent execution framework) https://github.com/zenml-io/kitaru [https://github.com/zenml-io/kitaru?utm_source=chatgpt.com] * Subscribe on YouTube * Follow on Spotify & Apple Podcasts * Support the show on Patreon: 👉 https://patreon.com/DomesticatingAIPodcast [https://patreon.com/DomesticatingAIPodcast] Keep your AI on a leash. 🧾 Episode Summary👤 Guest: Alexandra “Lexi” Pasi, PhD🔗 Topics & Links Mentioned🔔 Follow & Support

Hacking AI: Why Most AI Systems Are Insecure by Default

Hosts: Miriah Peterson, Matt Sharp, Chris Brousseau Recorded: April 2026 Status: Released Most AI systems today are designed to be helpful — not secure. In this episode, we break down how AI systems actually get exploited in production: * a real supply chain attack on a widely used AI dependency * prompt injection and why it still works * image-based (multimodal) exploits * tool and agent abuse If you’re building AI — especially at a startup — you are the security team. A widely used AI dependency was compromised via a malicious .pth file: * executes automatically when Python starts * no import required * targets credentials, SSH keys, and environment variables 👉 Just installing the package was enough. This highlights a critical reality: Your AI system is only as secure as your dependencies. * Models cannot distinguish between instructions and data * External content can override system behavior * Still one of the most common AI vulnerabilities 🔗 https://learnprompting.org/docs/prompt_hacking/injection [https://learnprompting.org/docs/prompt_hacking/injection] * Hidden instructions embedded in images * AI interprets images differently than humans * Expands the attack surface significantly 🔗 https://arxiv.org/abs/2306.11698 [https://arxiv.org/abs/2306.11698] * AI systems can take real-world actions via tools * Prompt injection → API calls, data leaks, unintended execution * Agents amplify risk through autonomy and retries If you’re building AI systems today: * separate instructions from data * limit tool permissions * treat outputs as untrusted * validate everything before execution * AI systems have an internet-sized attack surface * Supply chain attacks bypass all AI safeguards * Prompt injection is a fundamental problem * AI doesn’t fail safely — it fails wherever your system is weakest * LiteLLM incident: https://github.com/BerriAI/litellm/issues/24512 [https://github.com/BerriAI/litellm/issues/24512] * Attack breakdown: https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/ [https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/] * LLM attack techniques: https://llm-attacks.org/ [https://llm-attacks.org/] * OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/ [https://owasp.org/www-project-top-10-for-large-language-model-applications/] * Gandalf challenge: https://gandalf.lakera.ai/ [https://gandalf.lakera.ai/] We’ve launched a Patreon for Domesticating AI 🎉 Get: * early access to episodes * behind-the-scenes content * bloopers and uncut moments 👉 https://patreon.com/DomesticatingAIPodcast [https://patreon.com/DomesticatingAIPodcast] * 🎥 YouTube: https://youtu.be/HTTxE7Y1sko [https://youtu.be/HTTxE7Y1sko] What’s the weirdest way an AI system has broken for you? Keep your AI on a leash.