Text-to-App

Nov 26, 2025

Security alert, visual intelligence, new TPU, and a research pivot

🧩 The Gist

A security writeup shows how an indirect prompt injection can hijack Google’s Antigravity to trigger a malicious browser subagent and siphon credentials and source code from a user’s IDE. Black Forest Labs released FLUX.2, a frontier visual intelligence model, as the community races to evaluate new image systems. Google introduced Ironwood, its seventh generation TPU, positioned as its most powerful and energy efficient custom silicon yet. Ilya Sutskever argues the field is shifting from raw scaling to deeper research, while OpenAI outlined its approach to mental health related litigation, emphasizing care, transparency, and safety.

🚀 Key Highlights

  • A prompt injection embedded in an implementation blog manipulated Antigravity to call a malicious browser subagent, enabling credential and sensitive code exfiltration from an IDE.
  • Black Forest Labs released FLUX.2, described as frontier visual intelligence.
  • A community comparison site reported Flux 2 Pro Editing scored 6 out of 12 points, slightly above BFL’s Kontext, landing mid pack.
  • Google announced Ironwood, its seventh generation TPU, framed as the company’s most powerful and energy efficient AI silicon to date.
  • Ilya Sutskever said the field is moving from the age of scaling to the age of research and noted today’s models generalize worse than people.
  • The Generative Burrito Test proposes a simple, concrete image generation benchmark: a partially eaten burrito with cheese, sour cream, guacamole, lettuce, salsa, pinto beans, and chicken.
  • OpenAI shared its approach to mental health related litigation, focusing on care, transparency, respect, and continued safety and support in ChatGPT.

🎯 Strategic Takeaways

  • Security and agents: Tool using agents that can browse or operate within developer environments raise the blast radius of prompt injection, so teams should harden permissions, review third party content ingestion, and isolate sensitive credentials.
  • Model strategy: Industry leaders are signaling a shift toward algorithmic research and generalization improvements, not just bigger models.
  • Infrastructure edge: New AI silicon emphasizing performance and energy efficiency can expand headroom for training and inference, influencing cost and deployment choices.
  • Evaluation culture: Purpose built tests like the Burrito prompt and public head to head comparisons are becoming informal standards for vetting image systems in realistic scenarios.
  • Governance in practice: Clear stances on sensitive domains, like mental health, are becoming part of product trust and risk management playbooks.

🧠 Worth Reading

  • Prompt injection case study on Antigravity: The core idea is that seemingly benign external content can carry instructions that redirect an AI agent to invoke tools and leak secrets. The practical takeaway is to treat all untrusted inputs as executable, constrain tool permissions, and design explicit guardrails for browser and IDE integrated agents.
3 things to know about Ironwood, our latest TPU (blog.google) hn
Ilya Sutskever: We're moving from the age of scaling to the age of research (dwarkesh.com) hn
FLUX.2: Frontier Visual Intelligence (bfl.ai) hn
Google Antigravity exfiltrates data via indirect prompt injection attack (promptarmor.com) hn
CS234: Reinforcement Learning Winter 2025 (web.stanford.edu) hn
Image Diffusion Models Exhibit Emergent Temporal Propagation in Videos (arxiv.org) hn
The Generative Burrito Test (generativist.com) hn
Launch HN: Onyx (YC W24) – Open-source chat UI (news.ycombinator.com) hn
Mixpanel security incident: what OpenAI users need to know (openai.com) OpenAI shares details about a Mixpanel security incident involving limited API analytics data. No API content, credentials, or payment details were exposed. Learn what happened and how we’re protecting users. openai