WEBVTT NOTE The Rundown — nextbig.dev daily audio edition, 2026-03-25 1 00:00:00.000 --> 00:00:08.287 Good morning and welcome to the Builder's Briefing for March 25th, 2026. I'm Alex, joined as always by Sam, and we've got a packed show — a major supply-chain attack hitting one of the most popular AI libraries out there, GPT-5.4 solving open math problems, Kubernetes getting first-class agent sandboxing, and more. 2 00:00:08.287 --> 00:00:11.644 Yeah, it's one of those days where the security story alone is worth stopping everything to pay attention to. Let's get into it. 3 00:00:11.644 --> 00:00:21.164 So the big story today — LiteLLM, the Python proxy that basically lets you swap between OpenAI, Anthropic, Gemini, and dozens of other LLM APIs with a single interface — was hit with a supply-chain attack. A malicious payload was injected into the package. The GitHub issue blew up, over six hundred fifty points and two hundred fifty-six comments on Hacker News. 4 00:00:21.164 --> 00:00:28.297 This one's scary because LiteLLM isn't some random library. It's literally sitting in the critical path of thousands of AI products. Teams use it as their LLM gateway in production. If you did a fresh pip install in the affected window, you could be compromised right now. 5 00:00:28.297 --> 00:00:34.434 Exactly. And the immediate advice is straightforward — pin your LiteLLM version, check your lockfiles, verify package hashes. If you're running it in production, go audit your deployment logs for any unexpected outbound network calls. 6 00:00:34.434 --> 00:00:42.695 Right, and what's wild is the Python packaging ecosystem still doesn't enforce signatures by default. We treat these AI middleware packages like they're casual dev tools, but they're load-bearing infrastructure now. You should be treating a compromised LLM proxy the same way you'd treat a compromised auth library. 7 00:00:42.695 --> 00:00:48.281 Hundred percent. Use pip-audit, enforce hash-checking mode, consider vendoring critical dependencies. Attackers are watching GitHub trending — they know what's popular in the AI ecosystem and they're targeting it. 8 00:00:48.281 --> 00:00:53.841 Alright, shifting gears to AI news. The big headline — Epoch confirmed that GPT-5.4 Pro solved an open problem in frontier math. Specifically a Ramsey hypergraph problem that had not been solved by humans before. 9 00:00:53.841 --> 00:01:02.705 That's a genuine milestone. We've gone from "LLMs are bad at math" to "they're solving open research problems." If you're building anything that chains LLM reasoning for formal verification or mathematical tasks, the frontier just moved. Start benchmarking your hardest problems against the latest models instead of assuming they'll fail. 10 00:01:02.705 --> 00:01:10.573 There's also this cool project called Autoresearch — a developer fed an old shelved research idea into an automated pipeline and got meaningful results back. Literature review, related work, even draft experiment designs. The activation energy for revisiting old ideas just dropped to basically zero. 11 00:01:10.573 --> 00:01:15.766 I love that. Everyone's got that folder of 'someday' hypotheses collecting dust. Now you can just throw them at an AI pipeline and see what comes back. That's a real shift in how research gets done. 12 00:01:15.766 --> 00:01:21.509 And one more I want to flag — Gemini now does native video embeddings, and someone already built sub-second video search on top of it. No more frame extraction pipelines. You can index video semantically as a primitive. 13 00:01:21.509 --> 00:01:28.013 That's interesting because it collapses what used to be a whole janky pipeline — extract frames, run them through CLIP, build an index — into just one API call. If you're building media search or content moderation, that's a massive simplification. 14 00:01:28.013 --> 00:01:33.966 Okay, developer tools. Two things stood out to me. First, Kubernetes now has an official agent sandbox — kubernetes-sigs slash agent-sandbox — giving you first-class primitives for running isolated, stateful AI agent workloads. 15 00:01:33.966 --> 00:01:41.572 Finally. So many teams have been hacking together pod isolation for agents with duct tape and prayers. Having an official path with proper lifecycle management for singleton agent workloads — that's a sign the ecosystem is maturing from 'make agents work' to 'make agents production-grade.' 16 00:01:41.572 --> 00:01:47.840 And Mozilla launched Cq — think of it as Stack Overflow but designed specifically for AI coding agents to query when they get stuck. It's infrastructure for reducing hallucination loops — agents look up known solutions instead of guessing. 17 00:01:47.840 --> 00:01:52.980 That pairs really nicely with the K8s sandbox story. You've got isolation on one side, knowledge retrieval on the other. Those are the two pillars of making agents actually reliable in production. 18 00:01:52.980 --> 00:01:57.858 Also, there's a fascinating deep dive making the rounds about how finding all regex matches is actually O of n-squared in practice across most engines, and basically nobody has fixed it. 19 00:01:57.858 --> 00:02:05.122 Wait, seriously? So if you're doing large-scale text processing and wondering why it's slow, you might be hitting a quadratic performance cliff and not even know it. That's the kind of thing that's been silently burning CPU cycles everywhere. Link in the briefing for that one. 20 00:02:05.122 --> 00:02:09.476 Quick security roundup — the Resolv hack is a jaw-dropper. One single compromised private key led to twenty-three million dollars being minted in the Resolv protocol. 21 00:02:09.476 --> 00:02:17.501 One key. Twenty-three million. And this isn't just a crypto lesson — if you're building anything with privileged signing keys, this is a case study in why key management architecture matters way more than key strength. Doesn't matter how long your key is if one compromise gives someone the printing press. 22 00:02:17.501 --> 00:02:21.959 And NIST dropped their updated 2026 Secure DNS Deployment Guide if you're managing infrastructure. Good reference for DNSSEC, DNS over HTTPS, DNS over TLS configurations. 23 00:02:21.959 --> 00:02:26.365 Quick hits before we wrap — there's a Linux distro that installs itself via curl pipe to dev sda, which is either brilliant or terrifying depending on your perspective. 24 00:02:26.365 --> 00:02:28.017 I physically winced reading that. That's, uh — that's a choice. 25 00:02:28.017 --> 00:02:33.498 Also, ripgrep benchmarks from 2016 resurfaced — still faster than everything for code search. And there's Dune 3D, an open-source parametric 3D CAD app gaining traction. Links for all of those in the briefing. 26 00:02:33.498 --> 00:02:45.038 Alright, takeaway for the week. The LiteLLM compromise is your wake-up call — AI middleware is critical infrastructure now, and the Python packaging ecosystem hasn't caught up on security. Pin versions, verify hashes, audit your dependency tree this week. And zoom out — Kubernetes getting agent sandboxes, Mozilla building knowledge bases for agents — the industry is moving past prompt engineering into real production tooling for agents. 27 00:02:45.038 --> 00:02:50.938 If you're building agent infrastructure, the message is clear — focus on isolation and knowledge retrieval. The prompting part is almost table stakes at this point. The hard problems are deployment, security, and reliability. 28 00:02:50.938 --> 00:02:54.662 That's the briefing for March 25th, 2026. Go check your LiteLLM installs, bookmark those Claude Code cheat sheets, and we'll see you tomorrow. 29 00:02:54.662 --> 00:02:55.1000 Stay safe out there, builders. Catch you next time.