Tyler Williams PRO

unmodeled-tyler

https://quantaintellect.com

AI & ML interests

AI research engineer & solo operator of VANTA Research/Quanta Intellect

Recent Activity

repliedto omarkamali's post about 6 hours ago

I just might have cracked tokenizer-free LLMs. No vocab, no softmax. I'm training a 22M params LLM rn to test this "thing" and it's able to formulate coherent sentences 🤯 Bear in mind, this is a completely new, tokenizer-free LLM architecture with built-in language universality. Check the explainer video to understand what's happening. Feedback welcome on this approach!

reacted to karstenskyt's post with 🔥 about 6 hours ago

🚀 𝗟𝗮𝘂𝗻𝗰𝗵𝗶𝗻𝗴 𝘁𝗵𝗲 𝗔𝗜/𝗠𝗟 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀 𝗗𝗮𝘀𝗵𝗯𝗼𝗮𝗿𝗱 Now that our Taipy architecture is humming along on Hugging Face Spaces, we just shipped the most complex feature of the (𝘙𝘪𝘨𝘩𝘵! 𝘓𝘶𝘹𝘶𝘳𝘺!) 𝘓𝘢𝘬𝘦𝘩𝘰𝘶𝘴𝘦 to date: the 𝗔𝗜/𝗠𝗟 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀 𝗗𝗮𝘀𝗵𝗯𝗼𝗮𝗿𝗱. Managing 16 different machine learning pipelines (from Expected Goals to Space Creation) across Databricks Serverless and HF Jobs is a logistical challenge. To solve this, we built a dynamic operations center (the 13th page in our app). It features: • 𝗔𝗻 𝗶𝗻𝘁𝗲𝗿𝗮𝗰𝘁𝗶𝘃𝗲 𝗱𝗲𝗽𝗲𝗻𝗱𝗲𝗻𝗰𝘆 𝗗𝗔𝗚: Powered by Cytoscape.js, it visually maps exactly how our models and data grids feed into each other. • 𝗥𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴: Tracks run volumes and data freshness SLAs across the entire platform. • 𝗔 𝟯-𝘁𝗶𝗲𝗿 𝗵𝘆𝗯𝗿𝗶𝗱 𝗰𝗼𝘀𝘁 𝗲𝗻𝗴𝗶𝗻𝗲: Merges "cold" Databricks billing data with "warm/hot" live HF Jobs estimates to give a unified view of pipeline expenses. Check out the live interactive graph here: https://huggingface.co/spaces/luxury-lakehouse/soccer-analytics-app

posted an update about 17 hours ago

PSA: LiteLLM has been compromised on PyPI - if you have it installed, CHECK NOW. LiteLLM is used as a dependency in A LOT of AI tooling, so there's a pretty good chance that you have it installed somewhere on your machine (my instance was part of Hermes Agent, but I was unaffected by the hack) Versions 1.82.7 & 1.82.8 on PyPI have been compromised with a multi-stage credential stealer. - Version 1.82.8 uses a .pth file that executes on EVERY python process startup. You don't even need to import litellm. Just having it installed is enough. - The payload harvests SSH keys, .env files, AWS/GCP/Azure credentials, Kubernetes configs, database passwords, crytpo wallets, shell history - basically every secret on your machine. - Stolen data is encrypted with a hardcoded RSA key and exfiltrated to a domain that is NOT part of a legitimate litellm infrastructure. - If you're running Kubernetes, it attempts lateral movement across the entire cluster. - The C2 is hosted on the Internet Computer blockchain, making it essentially impossible to take down. This is part of a coordinated campaign by a threat actor called TeamPCP who have also hit Trivy (Aqua Security), Checkmarx KICS, and multiple npm packages in the last week ALONE. What to do: 1. Run 'pip show litellm' in every environment you have 2. If you're on 1.82.7 or 1.82.8 - rotate EVERY secret on that machine immediately. 3. Check for persistence artifacts ~/.config/sysmon/sysmon.py & ~/.config/systemd/user/sysmon.service I was lucky in this case that my litellm version was out of date, but if you've installed litellm as a dependency in ANY package within the last 24ish hours, you're gonna want to check. SOURCES https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/ Same group, different attack a couple of days ago: https://www.stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem

View all activity

Organizations

Posts 40

Post

PSA: LiteLLM has been compromised on PyPI - if you have it installed, CHECK NOW.

LiteLLM is used as a dependency in A LOT of AI tooling, so there's a pretty good chance that you have it installed somewhere on your machine (my instance was part of Hermes Agent, but I was unaffected by the hack)

Versions 1.82.7 & 1.82.8 on PyPI have been compromised with a multi-stage credential stealer.

- Version 1.82.8 uses a .pth file that executes on EVERY python process startup. You don't even need to import litellm. Just having it installed is enough.
- The payload harvests SSH keys, .env files, AWS/GCP/Azure credentials, Kubernetes configs, database passwords, crytpo wallets, shell history - basically every secret on your machine.
- Stolen data is encrypted with a hardcoded RSA key and exfiltrated to a domain that is NOT part of a legitimate litellm infrastructure.
- If you're running Kubernetes, it attempts lateral movement across the entire cluster.
- The C2 is hosted on the Internet Computer blockchain, making it essentially impossible to take down.

This is part of a coordinated campaign by a threat actor called TeamPCP who have also hit Trivy (Aqua Security), Checkmarx KICS, and multiple npm packages in the last week ALONE.

What to do:

1. Run 'pip show litellm' in every environment you have
2. If you're on 1.82.7 or 1.82.8 - rotate EVERY secret on that machine immediately.
3. Check for persistence artifacts ~/.config/sysmon/sysmon.py & ~/.config/systemd/user/sysmon.service

I was lucky in this case that my litellm version was out of date, but if you've installed litellm as a dependency in ANY package within the last 24ish hours, you're gonna want to check.

SOURCES
https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/

Same group, different attack a couple of days ago: https://www.stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem