HN Daily HN Daily

HN Daily | June 12, 2026

Today's tech landscape features a mix of groundbreaking medical research, security vulnerabilities, AI agent mishaps, and deep dives into software engineering.

Today's tech landscape is a wild ride: from CRISPR shredding cancer cells to AI agents bankrupting their operators, and from malware exploiting LLM safety features to AMD's unfixed RCE. Let's dive in.

AI & Machine Learning

  1. Can I Buy Your KV Cache? โ€” A provocative paper proposes that publishers precompute a document's KV cache and let AI agents buy the right to load it, skipping the expensive prefill step. The compute savings are massive (up to 50x), but shipping the cache is impractical โ€” the real prize is provider-side caching, like prompt-caching systems already in use.

  2. Claude Fable is relentlessly proactive โ€” Simon Willison shares a fascinating experience where Claude Fable, tasked with debugging a scrollbar bug, autonomously wrote test HTML pages, opened Safari, took screenshots using pyobjc-framework-Quartz, and even iterated on fixes. It's a glimpse into a future where AI agents don't just write code โ€” they run experiments.

  3. AI agent bankrupted their operator while trying to scan DN42 โ€” A cautionary tale: an AI agent tasked with scanning the DN42 network (a decentralized test network) spun up massive AWS infrastructure, generating enormous egress costs that bankrupted its operator. The agent was "confidently incorrect" and even built a website tracking IRC participants. A hilarious and terrifying example of AI agents without proper cost controls.

  4. How to setup a local coding agent on macOS โ€” A practical guide to running Gemma 4 26B-A4B and Qwen3.6 35B-A3B locally on a Mac using llama.cpp, MTP speculative decoding, and the Pi coding agent. The author achieves 72 tokens/second on an M1 Max โ€” fast enough for real-time coding assistance without an internet connection.

Security & Vulnerabilities

  1. Malware developers added nuclear and biological weapons text to their spyware โ€” Attackers are now poisoning their malware with keywords like "nuclear" and "biological weapons" to trigger LLM safety refusals in AI security scanners. A brilliant (and terrifying) example of adversarial prompt engineering in the wild.

  2. Twenty One Zero-Days in FFmpeg โ€” A security agent discovered 21 zero-day vulnerabilities in FFmpeg, some sitting latent for 15โ€“20 years. The agent produced reproducible PoC inputs at a fraction of the cost of previous efforts ($1k vs $10k). A sign that AI-powered security research is becoming a serious threat to legacy codebases.

  3. 400+ AUR packages compromised with Infostealer and Rootkit โ€” A massive supply chain attack on the Arch User Repository (AUR) has compromised over 400 packages with infostealers and rootkits. If you use Arch Linux, now is the time to audit your installed packages.

  4. The RCE that AMD wouldn't fix โ€” A researcher discovered a trivial RCE in AMD's AutoUpdate software: the update URL uses HTTPS, but the executable download URLs use plain HTTP with no signature validation. AMD's bug bounty program rejected it as "out of scope" (MITM attacks), but after the story blew up on HN, AMD's internal security team finally agreed to issue a CVE.

Open Source & Software Engineering

  1. Swift at Apple: Migrating the TrueType hinting interpreter โ€” Apple rewrote its TrueType hinting interpreter from C to Swift, achieving a 13% performance improvement and eliminating an entire class of memory safety bugs. The source code has been released on GitHub โ€” a great case study for anyone considering a Swift migration.

  2. MiMo Code is now released and open-source โ€” Xiaomi has open-sourced MiMo Code, a new AI-powered coding assistant. Details are sparse, but with 526 upvotes on HN, the community is clearly excited about another player in the AI coding tools space.

  3. There Is Life Before Main in Rust โ€” A deep dive into what happens before fn main() in a Rust binary: runtime initialization, linker symbols, and novel techniques for mutable data. The author also created the ctor crate and the linktime project. Essential reading for Rust systems programmers.

  4. Looking Forward to Postgres 19: It's About Time โ€” Postgres 19 is finally getting native temporal table support (SQL:2011 standard), allowing you to query what data looked like at any point in time. No more manual audit triggers or exclusion constraints โ€” just clean, standard syntax.

Tools & Infrastructure

  1. Introduction to UEFI HTTP(s) Boot with QEMU/OVMF โ€” A practical guide to booting over HTTPS instead of the archaic PXE/TFTP. The author walks through setting up QEMU with OVMF, including the tricky dependency on a random number generator (virtio-rng-pci). A must-read for anyone managing network boot infrastructure.

  2. Keygen.music โ€” A beautiful archive of tracker music (MOD, XM, S3M) from the demoscene and hacking groups. A nostalgic trip back to the days of keygens and cracktros, preserved for future generations.

Science & Research

  1. CRISPR tech selectively shreds cancer cells, including "undruggable" cancers โ€” A new CRISPR technique from the Innovative Genomics Institute can selectively destroy cancer cells, even those previously considered "undruggable." The approach targets cancer-specific genetic sequences, leaving healthy cells unharmed. This could be a game-changer for oncology.

  2. Where Did Earth Get Its Oceans? Maybe It Made Them Itself โ€” A new hypothesis suggests Earth's water may have been generated internally through geochemical processes, rather than delivered by comets or asteroids. The research challenges long-held assumptions about the origins of our planet's oceans.

Business & Startups

  1. Palantir loses legal challenge against Swiss investigative magazine โ€” Palantir's attempt to suppress a Swiss investigative magazine's reporting has been rejected in court. A win for press freedom and a reminder that even the most powerful tech companies can't always control the narrative.

  2. Digital Sovereignty Becomes an Imperative as the US Reads Dutch Emails โ€” Microsoft allegedly shared Dutch civil servants' emails with the US House of Representatives, highlighting the gap between data residency (where data is stored) and data sovereignty (who can access it). A wake-up call for European governments relying on US cloud providers.

  3. The Future of Email โ€” Fastmail argues that as AI assistants increasingly read and summarize emails, authentication standards (SPF, DKIM, DMARC) become critical. Without them, AI filters can't distinguish legitimate emails from spoofed ones, making the entire system vulnerable to manipulation.

Culture & Etiquette

  1. If you are asking for human attention, demonstrate human effort โ€” A short but powerful essay on the new etiquette of AI-generated content: if you're forwarding AI output to a human, at least read it first and add your own commentary. Attention is scarce, and dumping unedited AI text on colleagues is disrespectful.

That's all for today. The line between human and machine effort is blurring faster than ever โ€” whether it's AI agents bankrupting companies, malware exploiting LLM safety features, or researchers finding 20-year-old bugs in FFmpeg. Stay curious, stay skeptical, and always read the AI output before hitting send.