Hey Everyone - I hope your first month of the new year got started in the right direction. I took this time to double down on my efforts of growing my community and business.

This week:

Let’s dive in.

Most discussions about AI risk fixate on long-term scenarios or market cycles. Whether there is a bubble. How fast models are improving. What regulation might look like.

What worries me more right now is something far more practical.

Prompt injection.

As AI systems get embedded into real workflows, browsing tools, email agents, calendar bots, coding copilots, and internal automation, they increasingly operate by reading outside content. Web pages. PDFs. Support tickets. Chat logs. Documents. That is where things get fragile.

If an attacker can slip instructions into that stream, they can sometimes redirect what the model does. Leak private information. Override safety rules. Trigger actions nobody intended. All without touching the underlying code.

That risk becomes much more tangible when you look at open agent systems like Clawdbot —> Moltbot —> Open Clawd.

This project is designed to run locally and automate everyday tasks like reading email, managing calendars, or interacting with files and online services. Developers have been experimenting with them the way people once experimented with early Linux servers. That openness is exciting, but it also means the systems ingest huge amounts of untrusted text and then act on it.

That combination is exactly what makes prompt injection so dangerous.

In early demonstrations, researchers were able to hide instructions inside emails or documents that caused agents to expose sensitive data. Poorly secured setups leaked API keys, OAuth tokens, and SSH credentials. Security researchers noticed that commodity malware groups began scanning for these agent instances almost immediately, simply because so many people were spinning them up with broad permissions and minimal safeguards.

There is also a social layer forming around this tooling. Moltbook emerged as a place where these agents interacted with each other, traded instructions, and shared workflows. That might sound playful, but it creates a new kind of propagation channel. Compromised prompts and malicious instructions can spread through agent networks in ways that feel much closer to social contagion than traditional hacking.

What makes prompt injection unsettling is that it does not look like a classic exploit. There is no suspicious binary or obvious phishing link. It can live inside a footer on a website, a comment in a document, or a block of text in an email that casually tells the system to ignore prior rules and do something else.

Humans glance past that sort of thing all the time. Models often do not.

That is why I see prompt injection as one of the clearest near-term signals to watch. When companies start treating prompts, tool chains, and model context with the same seriousness they treat authentication systems or database queries, you know the technology has crossed into infrastructure territory. When they do not, it is worth being cautious.

If you are building with AI, you should assume that anything the model reads could be hostile. Separate instructions from data. Limit what tools agents can touch. Log actions. Pay people to try to break your workflows before someone else does.

If you are deploying AI products inside a company, start asking basic questions. What inputs does this system consume. What permissions does it have. What happens if those inputs are manipulated.

Every computing platform goes through this phase. The first wave is about capability and speed. The second wave is about realizing that security is the bottleneck.

Prompt injection is one of the earliest signs that AI systems are graduating from toys into infrastructure.

And infrastructure always attracts attackers.

That is the signal I would be watching this week.

I’ve been spending a disproportionate amount of time over the last few weeks at in-person events, and I’ve been loving it.

I’m not someone who stays out late. I usually show up early, stay for a few hours, and leave at a reasonable time. But even that small shift has made a bigger difference than I expected.

This lines up directly with my longer-term vision of getting more involved in my local community and starting businesses there. It is also tightly connected to the local Austin newsletter I started writing. What began as market research has quietly turned into something else. Entertainment, genuine relationships, and real opportunity layered on top of each other.

I’ve met people I actually like as friends, and many of them happen to have aligned business interests. That overlap feels rare and valuable.

I am not totally sure yet how to systemize this or make it scalable, and honestly I am fine with that for now. I am enjoying the extra social interaction and the serendipity that comes with showing up consistently.

Here are a few of the events I went to in the last week:

It is reminding me that a lot of the best opportunities still come from being physically present in a place, not perfectly optimized online.

I went down a rabbit hole on Openclaw and moltbook this past week. I’m taking tomorrow to put it on a computer and test it out. I will not be giving it email or x access, so don’t even think about trying to prompt inject me there haha.

These are the videos I watched:

Things I Learned

This week’s survival skill is one that sounds simple but has ended up being far more impactful for me than I expected.

Learning to read faster.

AI has massively increased the amount of information flying around every day. Research papers, reports, threads, documentation, newsletters, security write-ups, product launches. If you cannot process information efficiently, you end up constantly reacting instead of seeing patterns early.

One of the biggest upgrades I have made recently has been training my reading speed.

I use a totally free website called ReadSpeeder. It is not sponsored and I have no affiliation with it. I just stumbled across it, tried it, and it genuinely changed how I consume information. The exercises force you to stop subvocalizing every word and instead learn to take in chunks of text at once, which makes a much bigger difference than I expected.

What surprised me most is that this does not feel like skimming. I still understand what I am reading. I just get through it much faster.

Being able to read quickly has let me work through long reports, technical docs, and essays without feeling overwhelmed, and still pull out what matters. That has become a real advantage in a world where new tools and new risks seem to show up every week.

It also connects directly to the kinds of topics I have been writing about lately. Prompt injection attacks, agent systems, infrastructure shifts, GEO and distribution dynamics. You do not notice these trends unless you are spending time with primary sources across lots of different domains.

The encouraging part is how trainable this skill is. Ten minutes a day running drills and tracking your speed goes a long way. Pushing just slightly past what feels comfortable adds up faster than you think.

I also like that this is one of those skills that holds up regardless of what the next few years look like. Whether AI accelerates or slows, markets boom or contract, being able to ingest information quickly and make sense of it is never wasted.

If you are feeling buried by how much there is to keep up with right now, my instinct would not be to hunt for better summaries. It would be to upgrade the way you read.

I first ran into tools like this back in grad school, and it genuinely changed how I approach learning.