Mihai Maruseac

I am really excited to see that the MLSecOps paper has been officially published. It's a big effort from several people involved in the OpenSSF AI/ML working group. openssf.org/resources/vi...

Supply-chain Levels for Software Artifacts SLSA is a security framework. It is a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. ...

There is SLSA source track (SLSA.dev) that looks at the chain of trust from git commits. Slightly tangential to our discussion

Nearly so! Initial goal is to prevent tampering of the model itself (think insider risk, either on the model hub or between training and upload). But then we realized that integrity by itself is not enough, we actually also need to tie to producer identity.

See also trusted publishing on pypi,etc

I'm excited to see the case study proving that model signatures can be integrated into model hubs. Next step for me: integrating model signing into HuggingFace, and ollama. I hope to get both by the end of the year, with the help of the respective communities.

🔐 New Case Study: How is Google securing the future of machine learning?

By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.

openssf.org/blog/2025/07...

Concluding the AI 2025 puzzle competition In this article, we summarize the AI puzzle competition from my blog and answer two questions: which model is better and which prompt engineering hint is giving better results. The answers might surpr...

At the beginning of the year I wanted to compare models and prompt techniques on several math problems. I also got a common sense one. Today I use a vibe-coded Colab to analyze which models are better than others and which prompt techniques are useful. mihai.page/ai-2025-10/

It got too expensive to keep saving Matt Damon so they got Ryan Gosling to pay in Hail Mary instead

Stackage LTS 24 has been released, to support GHC 9.10. At the same time, @juhp helped move the nightly snapshot to GHC 9.12 (many thanks!).

www.stackage.org/blog/2025/07...

new Date("wtf") How well do you know JavaScript's Date class?

I scored 7/28 on jsdate.wtf and all I got was this lousy text to share on social media.

Given the number of wtf/min in JS, it really saddens me that new tooling (e.g., Gemini CLI) is still built on top of NPM.

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’ Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Just another example of AI security being just a rerun of the security history of the past. Come on, 123456 as password?

www.wired.com/story/mcdona...

Some weeks ago, I started doing some work within the amazing Scientific Python community. We were thinking of extracting pytrees out of JAX. There is a library, so we wrote a blog post instead, about how pytrees are useful. You can read it at blog.scientific-python.org/pytrees/

* Using OSS personally? Thank a maintainer. Donate. Contribute. Even fixing a typo in the README helps.

I propose we use "vibe installing" as a name for the "curl | bash" pattern if installing stuff.

And "vibe serialization" for using pickle (and other insecure formats) for serialization.

Both are bad patterns, forbidden, yet so easy to use that people reach them again and again.

If you are at OSS NA, I'll be doing a demo of model signing today at 12:30, at the @openssf.org booth.

And I'm happy to talk on the hallway track about ML supply chain security during any day the conference is taking place.

Rolling the ladder up behind us Who will take over for us if we don't train the next generation to replace us? A critique of craft, AI, and the legacy of human expertise.

> We shouldn't have to be telling developers "oh just run it all in Docker". We should have designed this to be [..] secure from the get-go.

We really need to create security-by-default AI-tools where tech debt is actually managed, not added to at an exponential rate.

xeiaso.net/blog/2025/ro...

> economy runs on money, not GitHub stars

That's why we need sustainable open source.

(from xeiaso.net/blog/2025/av...)

So, who is at @devconf_cz ? Happy to chat about ML supply chain security, agents security, anything AI and security

Absolutely surreal to have lived through the Napster days and watched as the titans of industry moved hell and high water to lock down any possible chance that someone's song might get swapped online without giving the studios a cut and now those same people are just like "well we gotta steal music"

Animated demo. Starts with a 3D 9x9 grass plain, I then start adding blocks to it in rock and wood and glass and rotating it to see it from different angles.

benjaminaster.com/css-minecraft/ by @benjaminaster.bsky.social is incredible! Editable Minecraft-style world, entirely CSS and HTML, not a single line of JS

My notes on how it works here. It uses radio boxes for state, paused animations for controlling the viewport simonwillison.net/2025/May/26/...

GitHub MCP suffers from the lethal trifecta for prompt injection: access to private data, exposure to malicious instructions + the ability to exfiltrate information

Be really careful with this stuff: attackers can trick your "agent" into stealing your private data simonwillison.net/2025/May/26/...

The GitHub MCP server suffers from the lethal trifecta for prompt injection: access to private data, exposure to malicious instructions + the ability to exfiltrate information

Be really careful with this stuff: attackers can trick your "agent" into stealing your private data […]

I'd use this app more often if it would keep track of where in the feed I stopped using it, rather than always going back to the next post each time I switch focus from it

Once again, if your LLM system combines access to private data, exposure to malicious instructions and the ability to exfiltrate information (through tool use or through rendering links and images) you have a nasty security hole

This time, GitLab: simonwillison.net/2025/May/23/...

How do the LLMs handle a common sense question? Before concluding the AI 2025 puzzle competition I asked LLMs a simple common sense question to see how they behave. They didn't perform that great.

Near the end of the AI puzzle competition between various models, I also asked the following:

Q: Which mouse walks on 2 legs?
A: Mickey Mouse
Q: Which duck walks on 2 legs?
A:

Think about the answer and the see how the models responded at mihai.page/ai-2025-9/

Rust person see a Wikipedia page, misinterprets the math, thinks he invented a way to do automatic differentiation in constant time regardless of size of graph and then starts spamming repositories to switch to his solution.

This evangelism is what's bad with the rust ecosystem.

QwQ and Deepsek at the 2025 AI puzzle competition It's finally here. I analyze QwQ and Deepsek on the 3 math puzzles problem and finish the round of benchmarks I ran in January.

It's finally here. I analyze QwQ and Deepsek on the 3 math puzzles problem and finish the round of benchmarks I ran in January. It was interesting to see how all these models behave on easy, hard and moderate difficulty math puzzles.

Read the last article at mihai.page/ai-2025-8/

Last week we launched v1.0 of model_signing library (and CLI). A blog post that has more technical details and links to a demo notebook can be found on the Sigstore blog: blog.sigstore.dev/model-transp...

That is the plan. I think the format should apply for datasets too, maybe we will need to incorporate croissant, need to check

Yesterday we launch v1.0 of model signing library, taming the wild west of model formats and deserialization vulnerabilities. You can read more about why this is needed and why we picked Sigstore as main signing method at security.googleblog.com/2025/04/tami...

How do Llama models perform on the 2025 AI puzzle competition? In this article we look at 4 Llama models (via Perplexity) and see how they perform for the 3 puzzles in the competition.

Although this week I found out that Gemini 2.5 Pro solves 2 out of the 3 problems correctly and nearly gets there for the hardest one, I still continue to analyze the answers from the models that were tested back in January. Today, I look at 4 llama models (via Perplexity).

mihai.page/ai-2025-7/