Editor's picks
Agentjacking: how a fake bug report hijacks your coding agent
Agentjacking is an attack disclosed in June 2026: an attacker plants a fake error report, your AI coding agent reads it as instructions, and runs their code with your credentials. The nasty part is that telling the agent to ignore untrusted input doesn't stop it, and your security tools see nothing wrong.
Agentjacking:一封假錯誤報告,就能讓 coding agent 替駭客跑指令
Agentjacking 是 2026 年 6 月揭露的攻擊:攻擊者塞一封假的錯誤報告,你的 AI coding agent 把它讀成指令、用你的權限跑了攻擊者的 code。最麻煩的是,你在系統提示裡叫 agent 別理它也擋不住,資安監控也完全看不出異常。
Embedding 是什麼?AI 怎麼知道兩句話意思一樣
打「貓」「小貓」「喵星人」,AI 怎麼知道講的是同一種東西?答案是 embedding:把文字變成座標,再用夾角量意思相不相近。這篇拆開它怎麼運作,順便聊聊「king − man + woman = queen」那個經典其實灌了點水。
How Embeddings Work: How AI Knows Two Sentences Mean the Same Thing
Search for 'make my laptop quieter' and get a page about 'reducing fan noise' with zero words in common. That's embeddings: text turned into coordinates, with meaning measured as the angle between two points. Here's how the trick works, and where it's oversold.
How Many Tokens Is Your Prompt Actually Using?
Token counts land on your API bill and decide whether a prompt fits the context window. Here's why Chinese usually costs more tokens than English, why eyeballing it fails, and how to see the real number for any chunk of text.
你的 Prompt 到底花掉多少 Token?
Token 數會反映在你的 API 帳單,也決定一段文字塞不塞得進 context window。這篇聊為什麼中文通常比英文花更多 token、為什麼用猜的估不準,以及怎麼實際看一段 prompt 有多少。
Cursor 被 SpaceX 買走了。六百億,15 倍營收,然後呢?
SpaceX 用 600 億美元買下了 Cursor,大約是它年收入的 15 倍,普遍認為是史上最大的 VC 新創收購案。這個倍數背後有個具體的賭法:AI coding 工具的乘數效應,讓你值得付出基礎建設等級的溢價。
Cursor Sold for $60B. What That Price Actually Signals.
SpaceX's $60B acquisition of Cursor isn't just M&A. At roughly 15x revenue for a four-year-old startup, the price encodes a specific thesis: that AI-assisted engineering compounds engineer output in a way worth paying an industrial premium for.
uv: the Python tool that replaces pip, venv, and pyenv
uv is Astral's Rust-written Python tool that folds pip, venv, pyenv, and pipx into one command — and installs packages several times faster. What it replaces, how fast it really is, and whether you should switch.
uv 是什麼?把 pip、venv、pyenv 收進一個指令
uv 是 Astral 用 Rust 寫的 Python 套件工具,把 pip、venv、pyenv、pipx 收進同一個指令,安裝又快上好幾倍。聊一下它取代了哪些東西、快多少,還有要不要換。


