I have a bad news https://x.com/GithubProjects/status/2070391593383952584/photo/1

Un hombre japonés de 47 años generó 13.450 dólares en un solo mes utilizando eComrads y Claude.

Con una inversión inicial de apenas 20 dólares al mes, creó una modelo virtual impulsada por IA y lanzó perfiles en plataformas de suscripción.

Gracias a Claude, desarrolló toda la estrategia de contenido, automatizó publicaciones y optimizó el crecimiento de las cuentas. Mientras tanto, eComrads le permitió estructurar y escalar el proyecto de forma eficiente.

Para atraer tráfico, abrió una cuenta de TikTok para su personaje virtual. En solo 7 días consiguió:

> Más de 1,2 millones de visualizaciones
> 4.678 nuevos seguidores

También creó una comunidad en Reddit donde compartía imágenes y vídeos cortos del personaje.

Estas dos fuentes de tráfico gratuitas comenzaron a enviar visitantes de forma constante hacia sus plataformas de monetización.

Durante la primera semana obtuvo:

> 143 suscripciones
> 64 suscripciones adicionales en una segunda plataforma

Con una cuota de 9,90 dólares por suscriptor, los ingresos iniciales superaron los 2.700 dólares, y el proyecto terminó alcanzando 13.450 dólares en un mes.

La mayor parte del trabajo fue gestionado por Claude, que ayudó a crear el personaje, generar contenido, analizar tendencias, optimizar publicaciones y automatizar gran parte de las tareas diarias. Combinado con eComrads, logró construir un sistema que funcionaba prácticamente en piloto automático.

Open source Qt6 IDE for reverse engineering Android APKs

https://github.com/vaibhavpandeyvpz/apkstudio https://x.com/tom_doerr/status/2069876690189201740/photo/1

AI security goes far beyond AI.

Adding an LLM call to a product puts security focus primarily on prompt filtering, output guardrails, and input validation.

That is crucial, but it only covers the application layer, and an equally important infra layer needs its own controls.

To understand this, trace a single model call.

The prompt leaves the app, hits a provider endpoint, and depending on their retention policy, it sits in external logs for days.

If that prompt carries any regulated/private data, it moves beyond the app's boundary.

This isn't a failure of prompt filtering since it only governs what goes into the model, and it does not enforce where data can travel/who can store it.

Beyond application-layer controls, two infrastructure-level concerns need their own coverage:

1) The first is per-request.

Every model call moves data outside the app boundary. Who can access it in transit? Is it scoped to the right tenant?

2) The second is posture drift.

Do providers retain the data, and for how long? Can one tenant's prompts reach another tenant's context through unintended disclosure? And do the AI outputs stay inside the compliance boundary that enterprise deals require?

Teams typically solve both in the application code, where each new AI
feature gets its:

- own scoping logic
- own encryption
- own logging

Ten features mean ten separate implementations of the same controls.

Moving both to the infrastructure layer simplifies this.

- If IAM policies control which services can call which endpoints, every new model call will inherit that boundary automatically.

- VPC isolation keeps tenant traffic apart at the network level.

- Encryption covers every data flow by default. Every API call, including model calls, gets logged without the feature code handling any of it.

@awscloud builds this as the managed infra and they have partnered with me today to explain how it works.

Model calls through Bedrock or SageMaker inherit the same IAM, VPC, encryption, and CloudTrail boundaries as every other service.

For instance, IDEMIA runs this pattern in production. The company handles identity data for 45+ US government agencies.

After moving to containers on Amazon EKS in AWS GovCloud, they cut costs by 30% and sped up delivery by 4x, with the security coming from the infrastructure, not the application code.

You can read more on how AWS supports ISVs building this way → https://aws.amazon.com/isv/?utm_source=fnf&utm_medium=x&utm_campaign=june&utm_term=apaachar&utm_content=isv

Also, I wrote a detailed breakdown of the 11 components in a production agent harness, the full software layer that wraps an LLM. This post covers what sits underneath it. The harness is only as secure as the layer it runs on.

Read it below.

Stanford researchers proved you are not being rejected by 10 companies. You are being rejected by one algorithm 10 times.

Your score is stored for 330 days. Every company that uses the same vendor sees the same number. They call it the algorithmic blackball.

Researchers at Stanford HAI, Chapman University, and Northeastern University published the largest audit of AI hiring algorithms ever conducted.

The paper is called "Algorithmic Monocultures in Hiring." Published at FAccT 2026, May 26. The data came from Pymetrics, the AI hiring platform used by major Fortune 100 companies.

Here is what they found.

When you apply for a job at a company that uses Pymetrics, you play a series of assessment games. Your scores are stored. For up to 330 days. If another company also uses Pymetrics, your application is evaluated using the same stored scores. You are not getting two separate evaluations. You are getting the same score twice.

If the algorithm rejects you once, it rejects you everywhere.

The researchers call this the "algorithmic blackball." One bad score locks you out of every company that shares the same vendor. You never find out why. You never get a second chance. You just stop hearing back.

They ran a large-scale simulation using real applicant data. The result: over 40,000 job advances were lost because applicants who would have succeeded at one company were screened out by an algorithm calibrated for a different one.

Then they measured who gets hit hardest.

25.87% of Black applicants were routed into algorithmically discriminatory hiring processes. 14.74% of Asian applicants. These are not hypothetical projections. These are rates measured in deployed, real-world hiring systems used by some of the largest employers on earth.

The same algorithm. Applied across companies. Producing the same racial disparities at every one of them.

This is already in the courts. Mobley v. Workday is a federal class-action lawsuit alleging that AI hiring tools systematically discriminate against older, Black, and disabled applicants. The case is ongoing.

In Europe, the EU AI Act classifies hiring algorithms as high-risk AI systems by default. Compliance requirements take effect August 2, 2026. Weeks away.

In the United States, there is no equivalent federal law.

The researchers make four recommendations. Measure adverse impact at the position level. Strengthen cross-employer surveillance. Monitor risks from algorithmic concentration. Create legal pathways for independent researchers to access hiring data.

The last one carries an implicit warning. This study was only possible because Pymetrics voluntarily shared its data. Most vendors would prefer their algorithms remain opaque.

The next time you apply for a job and never hear back, the rejection may not have come from a human. It may have come from a score you received 330 days ago, at a company you have already forgotten, for a role that had nothing to do with the one you just applied to.