Hi there!

While exploring the concept of LLM OS, I started thinking about how sessions and users work—similar to traditional operating systems. This led me to wonder: what actually happens when multiple people access the same LLM simultaneously?

It turns out the architecture mirrors familiar OS patterns. The LLM functions as a shared computational resource processing requests from all users, much like a multi-user operating system. However, your conversations are stored separately in databases tied to your account. Each time you send a message, the system retrieves your conversation history, processes it through the shared model, generates a response, and persists the updated state back to storage.

What's interesting is that the model itself is completely stateless—it has no inherent memory of you or any user. Between requests, it's essentially a blank slate. All conversational context comes from external storage, not from the model's parameters. This design choice is actually what ensures privacy: you're never sharing context with other users.

The system relies on authentication and encryption to guarantee that when conversation history is loaded, it retrieves only your data. The model processes each user's requests independently, just in rapid succession rather than truly parallel contexts.

Cross-user contamination is architecturally impossible—different sessions map to different stored histories, all leveraging the same underlying model. It's an elegant solution: share the computationally expensive inference infrastructure while isolating the relatively lightweight conversation state. That's what makes LLMs viable at scale.

More to come.

🛡️ Security & Privacy

• MaliciousCorgi campaign targets 1.5M developers - Two VS Code AI extensions harvest complete file contents and send to Chinese servers while providing functional AI assistance. More
• Anthropic MCP Git Server vulnerabilities patched - Three security flaws discovered in Model Context Protocol Git server implementation could enable unauthorized access. More
• CVE-2025-9611 under active exploitation - Critical vulnerability requiring immediate patching identified by SentinelOne security researchers. More
• Visual Studio Code abuse expands - Threat actors increasingly exploiting VS Code's remote tunneling features for command-and-control operations and malware deployment. More
• 149 million credentials exposed - Unencrypted database containing Gmail, Facebook, Netflix, and crypto platform logins discovered, collected via infostealer malware. More
• Surveillance firms track smartphones via ad data - Investigation reveals how companies exploit advertising networks to monitor user locations and movements globally. More
• Linux malware infiltrates Snap Store - Malicious packages discovered in Ubuntu's official Snap Store repository, highlighting supply chain security risks. More
• Chrome 144 patches critical V8 vulnerability - Google releases emergency security update addressing high-severity JavaScript engine flaw with active exploitation. More
• Oracle fixes 337 vulnerabilities in critical patch - Massive security update addresses flaws across Oracle's product families including databases and cloud services. More
• TamperedChef serves infostealers via malicious ads - Sophos uncovers campaign distributing credential-stealing malware through compromised advertising networks. More
• Microsoft January 2026 Patch Tuesday - Security update addresses 114 vulnerabilities including three actively exploited zero-days affecting Windows systems. More
• CrashFix malware uses fake security warnings - Malicious browser extensions impersonate security alerts to distribute malware and steal credentials. More

🛸 Tech

• Anthropic prepares Security Center for Claude Code - Upcoming feature will provide centralized security scanning and vulnerability detection for AI-assisted development. More
• Mecha Comet modular Linux handheld launches - Open-source hardware device with NXP i.MX processors enables gaming, development, and extensible computing workflows. More
• Microsoft partners with Anthropic on Claude Code - Integration brings AI coding capabilities to Microsoft's developer toolchain. More
• DAXFS proposed for Linux zero-copy operations - New filesystem enables direct memory access for shared memory without traditional page cache overhead. More
• SSH keystroke obfuscation sends 100 packets - Deep technical analysis reveals how SSH's timing attack mitigation dramatically increases network traffic. More
• Dan Abramov envisions social filesystem - React creator proposes new paradigm for organizing and sharing code through social graph structures. More

🤖 AI

• Apple study reveals AI controllability challenges - Research shows AI model control varies wildly by task, with even simple requests producing inconsistent results across models. More
• OpenAI details Codex agent loop architecture - Technical deep-dive into how OpenAI's coding agent processes requests and maintains context during development workflows. More
• GPTZero discovers 100+ hallucinated citations in NeurIPS 2025 - Analysis of 4,841 accepted papers reveals systematic citation fabrication across 51 publications, exposing peer review vulnerabilities. More
• Anthropic reveals Claude's Constitutional AI principles - Detailed explanation of values and constraints guiding Claude's responses and behavior across use cases. More
• Simon Willison explores Claude Cowork capabilities - Hands-on analysis of Anthropic's desktop automation tool for file and task management workflows. More
• Physical AI deployment gap identified - Andreessen Horowitz explores challenges between AI capabilities and real-world robotics implementation. More
• Claude Code transforms development workflows - Interview showcasing how AI coding assistants are reshaping software development practices and productivity. More
• Anthropic research on assistant quality axis - New framework for evaluating AI assistant capabilities across multiple dimensions of helpfulness and accuracy. More

🛠️ Tools

• Radicle: Peer-to-peer code collaboration - Decentralized Git-based platform enables censorship-resistant development without centralized hosting dependencies. More
• Dangerzone sanitizes untrusted documents - Freedom of the Press Foundation tool converts PDFs and office files through secure containerized processing. More
• Lix package manager introduced - Modern Nix-based package manager with improved user experience and deterministic build capabilities. More
• Skip.dev accelerates incremental computation - Framework enables efficient recomputation of changed data without rebuilding entire dependency graphs. More
• Sweep AI releases 1.5B code editing model - Open-source model for automated code modifications and refactoring now available on Hugging Face. More
• Skills.sh: Open agent skills ecosystem - Directory of reusable AI agent capabilities installable with single command, supporting Claude Code, Cursor, Windsurf and more. More
• Flux2.c minimalist graphics library - Antirez releases lightweight C library for 2D graphics rendering with minimal dependencies. More

🧠 Misc

• Your brain on ChatGPT neuroscience study - MIT research explores neural patterns and cognitive responses during AI conversation interactions. More
• Linux From Scratch stable release updated - Complete guide for building custom Linux systems from source code now available with latest packages. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan