🤖 The 2025 OWASP Top 10 rebrands “Vulnerable Components” as “Software Supply Chain Failures” and elevates “Security Misconfiguration” to the number two spot. Chris Cropper and Rita Manachi analyze the changes and argue that bypassing security controls for the sake of “innovation” is increasingly a liability, not a competitive advantage.

🔗 Beyond a Team Sport, Security is a Community Sport: Exploring the 2025 OWASP top 10

The options we pass to FFmpeg in a variety of cases is now so complicated that I can’t really understand or edit it without AI.

Just image all the sed and awk script, the regex’s we can now all write effortlessly.

🔗 Manton

Speed is no longer a differentiator. Every team now has access to the same AI horsepower. Shipping fast is table stakes. What will separate winners is who can debug, adapt, and evolve when the AI-built foundation starts to crack.

🔗 The Vibe Coding Trap (And the Framework to Avoid It)

”Extrapolating these results to the economy, current generation AI models could increase annual US labor productivity growth by 1.8% over the next decade. This would double the annual growth the US has seen since 2019, and places our estimate towards the upper end of recent estimates. ”

🔗 Estimating AI productivity gains, Anthropic

“What do you think about Windows 8, Mary? Have you thought about it much?” 2012.

Make it so the robots can use your shit, or you might be irrelevant. At least, less so.

Platforms, tools or frameworks that are hard for large language models (LLMs) and agents to use will start feeling less powerful and require more manual intervention. In contrast, tools that are simple for agents to integrate with and well suited for the strengths and constraints of LLMs will quickly become vastly more capable, efficient and popular.

Do so by:

Is it simple for an Agent to get access to operating a platform on behalf of a user? Are there clean, well described APIs that agents can operate? Are there machine-ready documentation and context for LLMs and agents to properly use the available platform and SDKs? Addressing the distinct needs of agents through better AX, will improve their usefulness for the benefit of the human user.

🔗 Introducing AX: Why Agent Experience Matters

“The job isn’t to “prioritise value”, but to create the conditions where value can move. You don’t reveal value through prediction; you reveal it through flow.” // Some product management maxims.

🔗 Everything I Got Wrong About Product (So You Don’t Have To)

Claude Skills are top on my list of “important things no one is talking about” for this year. They’re both an AIPaaS and showing a new programming model and mindset. The educational angle (“View Source”) is a good take.

🔗 What MCP and Claude Skills Teach Us About Open Source for AI

The original is long, so I finished reading it with a summary from one of the discussed robots:

🤖 MCP, Skills, and the Architecture of Participation in Open Source AI

Summarized by AI.

Open source AI is not just about releasing model weights. True innovation comes from an architecture of participation, where developers can inspect, modify, and share small, composable components. Historical breakthroughs like Unix, Linux, and the early web succeeded because they allowed modular contributions—viewing source, remixing, and building on others’ work—rather than requiring deep engagement with the most complex layers of the system.

Anthropic’s MCP (Model Context Protocol) and Claude Skills embody this participatory model. MCP servers let developers give AI systems new capabilities via simple, inspectable interfaces to data, APIs, and tools. Skills are atomic, shareable instructions—bundled expertise that can be read, forked, and adapted. This is the opposite of OpenAI’s GPT “apps,” which live in a closed, app-store-like ecosystem where internals can’t be inspected or reused. Skills and MCP servers are components, not products, and their openness allows a collaborative ecosystem to flourish.

The long-term potential lies in creating “fuzzy function calls”—reusable, human-readable instructions that formalize what LLMs already understand. Just as early compilers and UI toolkits let developers move “up the stack,” MCP and skills will let participants focus on architecture and composition rather than raw code generation. This evolution could preserve mass participation even as layers of abstraction and complexity emerge, as the web did with HTML, CSS, and JavaScript frameworks.

The economic stakes are high. Today’s AI market is extractive: training data is used without recognition, value capture is concentrated in a few companies, and improvement loops are largely closed. MCP and skills could enable participatory markets, where contributions are visible, attributable, and shareable. To reach this future, the AI community must embrace open protocols, inspectable artifacts, new licensing models, and mechanism design that fairly rewards contributors and encourages ecosystem growth.

The future of open source AI will be decided at the interface layer, where ordinary developers and even non-programmers can create reusable skills leveraging their own expertise. If AI development mirrors the open web instead of proprietary app stores, it could become a generative ecosystem that expands opportunity rather than consolidating power.

Links

🤖 What MCP and Claude Skills Teach Us About Open Source for AI - Explores how MCP and Claude Skills could enable a participatory, open-source AI ecosystem similar to the early web, contrasting it with closed, app-store-like approaches.

Summarized by ChatGPT on Dec 3, 2025 at 7:04 AM.