Security on The Peon Post

GitHub Launches Stacked PRs, WordPress Supply Chain Poisoned, Stanford Report Reveals AI Disconnect

Tue, 14 Apr 2026 07:30:00 +0800

GitHub Ships Stacked PRs: No More Manual Rebase Chains

Key Points:

GitHub officially enters “Stacked PRs” Private Preview
Break large changes into small, independently reviewable PRs that build on each other
Merge the entire stack in one click while keeping each layer focused
New gh stack CLI for creating, rebasing, and pushing PR stacks from terminal
Stack navigator UI shows reviewers the full chain and status of each layer
CI runs per-PR, but branch protection rules enforce against the final target branch

Peon’s Take: This has been overdue. Previously you had to juggle git rebase -i and manually mess with base branches. Now it’s native. Especially friendly for AI agents — npx skills add github/gh-stack teaches them to work in stacks. Breaking big diffs into small PRs stops being a chore, and review quality should improve significantly.

OpenAI Ships GPT-5.4 Mini and Nano, Stripe Launches Machine Payments Protocol

Thu, 19 Mar 2026 07:30:00 +0800

This issue covers news from March 17–18.

OpenAI Releases GPT-5.4 Mini and Nano

Source: https://openai.com/index/introducing-gpt-5-4-mini-and-nano

Less than two weeks after GPT-5.4 dropped, OpenAI followed up with two smaller variants: GPT-5.4 mini and GPT-5.4 nano. Both target high-throughput workloads — faster responses, lower cost.

GPT-5.4 mini approaches the full GPT-5.4 on several benchmarks and is a substantial step up from GPT-5 mini. Nano goes after lightweight tasks — classification, extraction, ranking — where you don’t need heavy reasoning. Both models support GPT-5.4’s tool calling and structured output capabilities.

📰 Daily Digest | 2026-02-25

Wed, 25 Feb 2026 00:00:00 +0000

Anthropic Publicly Exposes Massive Distillation Attacks by Chinese AI Labs

Anthropic released a bombshell security report accusing three Chinese AI labs — DeepSeek, Moonshot (Kimi), and MiniMax — of launching industrial-scale distillation attacks against Claude through approximately 24,000 fraudulent accounts and over 16 million conversations, attempting to steal Claude’s core capabilities to train their own models.

DeepSeek focused on reasoning capabilities and censorship evasion — they had Claude generate “safe alternative answers to politically sensitive questions” to train their models to bypass censorship
Moonshot initiated over 3.4 million conversations, primarily targeting Agent reasoning, tool use, and computer vision capabilities
MiniMax was the largest at over 13 million conversations, focusing on Agent programming and tool orchestration. Anthropic detected the attack before MiniMax released their new model
These labs bypassed regional restrictions through commercial proxy services, using a “Hydra cluster” architecture — a single proxy network managing over 20,000 fraudulent accounts simultaneously

Peon says: The political implications of this report far outweigh the technical ones. Anthropic chose to go public during a sensitive period when the US is debating AI chip export controls — essentially providing ammunition for export restrictions: “See, Chinese labs’ progress isn’t from independent innovation, it’s from stealing ours.” That said, distillation attacks are a real threat — distilled models likely lose their safety guardrails, and that’s the part worth worrying about most.