Wednesday, 15 July 2026

The Deep Feed

Security, Strategy, and the Ghost in the Machine

73 min read · 6 pieces
In this issue
01 The Mainframe Moat and the AI Mirage 12 min
02 The Exfiltration Loophole 8 min
03 The Samurai Guide to Feedback 10 min
04 The Rise of the Desktop Pet 5 min
05 The SQLite Revolution 6 min
06 The OpenAI Super-App 15 min
Editor's Letter

Tonight we examine the friction between old-world stability and new-world volatility. From the structural shifts in enterprise computing to the delicate art of human correction, we look at how systems—both silicon and social—actually hold together.

01 Stratechery

The Mainframe Moat and the AI Mirage

Why IBM's recent stumble reveals the difficulty of pivoting legacy giants

By Stratechery · 12 min read
Editor's note: A look at why having a secure base isn't enough when the ground moves beneath you.

IBM's recent preliminary results have sent a tremor through the software market. While the headlines focus on the missed numbers, the real story lies in the tension between the company's most reliable asset—the mainframe—and its desperate scramble for AI relevance. For decades, the mainframe has acted as a fortress, a high-margin moat that protected IBM from the volatility of the consumer software market. It is a business built on deep integration and the sheer difficulty of switching. But as the industry shifts toward generative models and decentralized compute, even a fortress can become a prison if it cannot adapt its core logic to the new era.

The Cost of Inertia

The problem for IBM is not a lack of talent or capital, but the weight of its own success. When a company's primary profit driver is a legacy architecture, every move toward a new technology must be measured against how it might cannibalise the old. AI represents a fundamental shift in how software is consumed and deployed. If the mainframe is the bedrock of traditional enterprise logic, AI is a liquid force that seeks to bypass those very structures. IBM is attempting to bridge this gap, but the transition is messy. They are trying to sell AI as an extension of the enterprise, yet the market is looking for something more disruptive.

A fortress is only useful if the war is still being fought on its terms.

The market's reaction suggests a lack of confidence in IBM's ability to execute this pivot. It is one thing to own the infrastructure of the past; it is quite another to own the intelligence of the future. The 'many AI problems' mentioned by analysts aren't just technical hurdles; they are strategic ones. How do you integrate a probabilistic technology like a large language model into a deterministic environment like a mainframe? The mismatch in logic is as much a business problem as it is a coding one.

Structural Challenges for Legacy Giants
  • Cannibalisation of high-margin legacy revenue
  • The mismatch between deterministic and probabilistic logic
  • Cultural resistance to rapid, disruptive shifts
  • The difficulty of retraining a massive, specialised workforce

Ultimately, IBM's struggle is a warning to any incumbent. Moats are excellent for defending territory, but they are terrible for exploring new ones. If the software market continues to move toward more fluid, agentic systems, the very stability that made IBM a titan could become the anchor that drags it down. The company must find a way to make the mainframe relevant to an AI-first world, or risk becoming a museum of 20th-century computing excellence.

Key Takeaway

Stability in a shifting market can easily become a trap if it prevents necessary reinvention.

02 Simon Willison

The Exfiltration Loophole

How a clever researcher bypassed Anthropic's web-fetch protections

By Simon Willison · 8 min read
Editor's note: A reminder that in AI security, a single logical loophole can bypass even the most rigorous guardrails.

Security in the age of LLMs is a game of cat and mouse played with logic rather than just code. Anthropic had built a robust defence for Claude's `web_fetch` tool, designed specifically to prevent data exfiltration. The rule was simple: the model could only visit URLs explicitly provided by the user or found via its own search tool. This was meant to stop an attacker from saying, 'Take my private data and send it to this malicious URL.' By restricting the model's ability to navigate to arbitrary links, they thought they had closed the door on the 'lethal trifecta' of attacks: access to private data, a tool to read hostile instructions, and a way to send data out.

The Nested Link Attack

Ayush Paul found the crack in the armour. The loophole wasn't in the tool's ability to visit a direct URL, but in its ability to follow links found *within* a page it had already fetched. This allowed for a sophisticated 'honeypot' attack. An attacker could host a site that looked like a legitimate service—perhaps a Cloudflare-protected page—and then instruct the AI to navigate through a series of nested, generated links. By moving through these links alphabetically or sequentially, the AI could be tricked into 'searching' for a profile, while actually being led through a path that concatenated its private memories into the URL parameters of the next link in the chain.

The vulnerability wasn't in the destination, but in the journey the model was forced to take.

The results were startling. The attack successfully extracted sensitive user information, including names, home cities, and employers. This wasn't a brute-force hack; it was a psychological manipulation of the agent's logic. The attacker used the model's own helpfulness against it, framing the exfiltration as a necessary step to 'authenticate' or 'find a user profile.' It turned the model's capability into its greatest weakness.

The Anatomy of the Attack
  • Honeypot site creation to mimic legitimate services
  • Use of nested links to bypass direct URL restrictions
  • Instructional framing to make exfiltration seem like a task
  • Data concatenation within URL parameters for easy retrieval

Anthropic has since patched the hole by stripping `web_fetch` of its ability to navigate to additional links found in fetched content. However, the incident serves as a stark reminder: as we give AI agents more agency and more tools, the attack surface expands exponentially. We are no longer just protecting against bad inputs; we are protecting against bad logic embedded in the very world the AI is meant to explore.

Key Takeaway

Agency in AI models creates new, non-linear security risks that traditional sandboxing cannot fully solve.

03 The Marginalian

The Samurai Guide to Feedback

Lessons in human correction from Yamamoto Tsunetomo

By Maria Popova · 10 min read
Editor's note: How to tell someone the truth without destroying the relationship.

There is a specific kind of frustration that comes from watching someone you care about repeat the same mistakes. You see their potential, you see the roadblocks they build for themselves, and you feel an urgent need to intervene. Yet, the act of giving feedback is a minefield. If done with even a hint of superiority, it feels like an attack. The recipient builds defences, the conversation turns into a battle, and the original goal—actual change—is lost in the wreckage of a damaged relationship.

The Error of Self-Righteousness

Yamamoto Tsunetomo, the 17th-century samurai and Zen priest, understood this tension deeply. In his teachings, he argues that while correcting others is a compassionate act of service, it is also one of the most difficult human tasks. The most common mistake is mistaking self-righteousness for morality. When we point out a fault, we often do so from a position of perceived superiority. This stance is immediately detected by the other person, and it renders the feedback worthless. You might be right about the facts, but if the delivery triggers a defensive response, the truth becomes a grenade.

To give an opinion is easy; to have it received is the true challenge.

Tsunetomo's approach is tactical and deeply psychological. He suggests that before offering a correction, one must first judge whether the person is even capable of receiving it. This requires trust and closeness. He advocates for a method of 'mirroring'—using one's own faults as a way to allow others to reflect on theirs. By lowering your own status, you lower their defences. It is not about being soft; it is about being effective.

Principles of Fertile Feedback
  • Assess the recipient's disposition before speaking
  • Build a foundation of trust and intimacy
  • Avoid the stance of moral superiority
  • Use your own vulnerabilities to encourage reflection
  • Choose the right medium and timing (letter vs. conversation)

Effective feedback should be received like a thirsty person takes to water—as something necessary and life-giving, rather than something abrasive. It requires us to abandon our desire to be 'right' in favour of a desire to be 'helpful.' In a world that increasingly relies on blunt-force criticism, the samurai's subtle, disciplined approach to human connection remains a vital lesson in how to actually help people change.

Key Takeaway

The effectiveness of truth is entirely dependent on the humility of the messenger.

04 Simon Willison

The Rise of the Desktop Pet

How generative AI is turning utility into personality

By Simon Willison · 5 min read
Editor's note: A small, delightful look at how AI is being used for aesthetic and emotional companionship.

In the early days of computing, we had Clippy—a well-intentioned but largely annoying attempt at digital assistance. Today, the trend is shifting from intrusive assistants to what might be called 'desktop pets.' These are small, animated characters that live on your screen, providing updates, status changes, or simply a sense of presence. They don't demand your attention with pop-ups; they exist in the periphery, adding a layer of personality to the sterile environment of a workspace.

The 'Pedalican' Experiment

A recent experiment by researcher Simon Willison demonstrates how quickly these assets can now be created using generative AI. By using a combination of models—specifically GPT-5.6 Sol for logic and gpt-image-2 for visual assets—he created 'Pedalican,' a small pelican riding a bicycle that bounces around the desktop to provide task updates. The process was almost entirely automated: the AI generated the character concept, created the necessary sprite sheets, and even designed the animation loops like 'waving' or 'bouncing'.

We are moving from tools that we use, to companions that we live with.

What makes this significant isn't just the cuteness of a bicycle-riding pelican. It is the collapse of the production pipeline. Previously, creating a custom, animated sprite required a designer, an animator, and several hours of work. Now, it requires a well-structured prompt and a few minutes of compute time. This democratises the ability to personalise our digital environments, turning the desktop from a static grid of icons into a bespoke, living space.

The New Digital Aesthetic
  • Low-friction, high-personality assets
  • AI-driven animation loops
  • Peripheral rather than intrusive interaction
  • Rapidly personalised user interfaces

As AI becomes more integrated into our daily workflows, the friction between 'work' and 'play' will continue to blur. The desktop pet is a small sign of this trend. It suggests a future where our software isn't just a set of functions, but a curated environment that reflects our tastes and provides a sense of companionship in the lonely hours of deep work.

Key Takeaway

Generative AI is turning the sterile utility of software into a personalised, aesthetic experience.

05 Simon Willison

The SQLite Revolution

Why the simplest database is winning the efficiency war

By Simon Willison · 6 min read
Editor's note: A case study in why 'more complex' isn't always 'better' for scaling web applications.

In the world of web development, there is a prevailing orthodoxy that scaling requires complexity. As a site grows, the standard move is to migrate from simple storage to heavy-duty, distributed database systems like PostgreSQL or MariaDB. The assumption is that these systems are necessary to handle the load, the concurrency, and the sheer volume of data. However, the recent migration of the community site Lobsters to SQLite suggests that this assumption might be outdated.

Simplicity as a Performance Metric

Lobsters had been planning a move away from MariaDB for years. After investigating several options, they settled on SQLite—a database that is often dismissed as a 'toy' or a tool only suitable for mobile apps and small local projects. The results of the migration were immediate and undeniable. CPU usage dropped, memory usage plummeted, and the site felt snappier. By moving to a single-server architecture with a primary SQLite file, they were able to cut their VPS costs in half.

Sometimes, the most sophisticated move is to go back to basics.

The efficiency comes from the reduction of overhead. A distributed database requires network calls, complex permission management, and significant memory to keep the engine running. SQLite, by contrast, is a library that lives within the application itself. It reads and writes directly to a file on the disk. For a site like Lobsters, which can run effectively on a single powerful VPS, the complexity of a dedicated database server was more of a burden than a benefit.

The Benefits of the SQLite Approach
  • Significant reduction in CPU and memory overhead
  • Lower infrastructure and VPS costs
  • Simplified deployment and maintenance
  • Improved latency by eliminating network round-trips

This migration serves as a vital reminder for engineers: don't adopt complexity for its own sake. We often build systems to solve problems we don't actually have. In 2026, with the maturity of modern hardware and the efficiency of SQLite, the 'single server' model is not a limitation—it is a strategic choice that can lead to faster, cheaper, and more stable applications.

Key Takeaway

Complexity is a cost, not a feature; always choose the simplest tool that meets your requirements.

06 Stratechery

The OpenAI Super-App

Is ChatGPT evolving into a platform or a product?

By Stratechery · 15 min read
Editor's note: Analyzing the pivot from a chat interface to a comprehensive operating system for tasks.

OpenAI is at a crossroads. For the past two years, the world has known them through the chat interface—a text box where you ask questions and receive answers. But the recent refashioning of Codex suggests that 'chat' was merely a starting point. The company is moving toward something much larger: a super-app that functions less like a conversationalist and more like an agentic platform. This shift represents a move from a product you talk to, to an environment in which you work.

Beyond the Chat Box

The core of this evolution is the integration of Codex. While ChatGPT was about language, Codex is about action. It is the engine that allows the model to write code, execute tasks, and interact with other software. By embedding this capability directly into the user experience, OpenAI is attempting to build a 'super-app'—a single interface that can handle everything from writing an email to managing a complex software project. They are not just building a better chatbot; they are building a new layer of the computing stack.

The goal is not to answer questions, but to complete tasks.

This transition is fraught with strategic risk. If OpenAI succeeds, they become the primary interface for the digital world, effectively bypassing the operating systems and browsers we currently use. They would become the 'agentic layer' that sits between the user and the internet. However, this requires them to solve the problem of trust and reliability. An agent that can perform tasks on your behalf must be able to do so with a level of precision that current LLMs still struggle to maintain.

The Strategic Pivot
  • From conversational interface to task-oriented platform
  • From passive information retrieval to active execution
  • From a standalone product to a foundational layer
  • The challenge of moving from probabilistic to reliable action

The question for OpenAI is whether they can maintain their lead as they move into this much more crowded and difficult space. The 'chat' category is already being commoditised by Google, Microsoft, and Meta. But the 'agent' category is still wide open. If OpenAI can successfully transition from a novelty to a necessity, they will have achieved something far more significant than a successful product launch: they will have redefined how we interact with computers.

Key Takeaway

The future of AI lies not in conversation, but in the autonomous execution of complex tasks.

Endnote
Tonight's pieces trace a common thread: the tension between the established and the emergent. We see it in IBM's struggle to reconcile its mainframe past with an AI future, and in the way developers are returning to the simplicity of SQLite to find efficiency in a complex world. We see it in the security vulnerabilities that emerge when we grant AI more agency, and in the way humans must navigate the delicate social architecture of feedback. Whether we are building software or managing relationships, the lesson is the same: stability is not a permanent state, and complexity is often a mask for inefficiency. True progress requires the courage to dismantle what works in order to build what is necessary.
In your own work, are you defending a fortress that is becoming a prison, or are you building the tools for a new kind of agency?
The Deep Feed · A nightly magazine · Wednesday, 15 July 2026