2026-01-31 05:26:56
Here is an email that Elon Musk, current world’s richest man and owner of a gigantic social media network that generated child sexual abuse material on demand, sent to sex offender Jeffrey Epstein on November 11, 2012: “What day/night will be the wildest party on your island?”
At first glance, the latest Department of Justice dump of Epstein documents is at least as horrifying as any of the dumps that came previously. Whether or not—and most likely not—any consequences of any sort come for any of the people who interacted with or were friends with the notorious child sexual abuser, the documents are depraved and continue to show that Musk and many other rich and powerful people have been lying about their relationships with Epstein for years.
In September, Musk tweeted “this is false” in response to a Forbes article based on previously released documents that stated he “planned a trip to Epstein’s private island.” He also wrote “Epstein tried to get me to go to his island and I REFUSED.” Musk had previously been named on Epstein’s calendar as being slated to visit Epstein’s island in 2014.
The emails released Friday show without a doubt that Musk, at the very least, “planned” a trip to Epstein’s island. They also show that Epstein asked Musk if SolarCity, his solar power startup that was eventually folded into Tesla, could electrify the island or his New Mexico ranch.
The newly released documents show that Musk emailed with Epstein over the course of more than a year. In a December 2013 thread called “Christmas and New Year’s,” Musk wrote “Will be in the BVI [British Virgin Islands]/St Bart’s area over the holidays. Is there a good time to visit?”
“I will send heli for you,” Epstein responded. “Thanks,” Musk answered.
“Actually, I could fly back early on the 3rd. We will be in St Bart’s. When should we head to your island on the 2nd?,” Musk said in a follow-up email.
In October 2012, Musk emailed Epstein and said “The world needs more romance […] Talulah [Musk’s second wife] and I are headed to St. Barth’s at the end of the year. I assume you will most likely be on your island?”
Epstein eventually responded in November and offered to send Musk as helicopter: “how many people will you be for the heli to island,” Epstein wrote.
“Probably just Talulah and me,” Musk responded. “What day/night will be the wildest party on your island?”
Another thread between Epstein and Musk was about providing power to two of Epstein’s properties: “is there any one at Solar City that my guys can talk to about electrifying the caribean [sic] island? Or the New Mexico ranch,” Epstein wrote. “Are we in New Mexico?” Musk wrote, adding a colleague to the thread.
These emails are hitting at a time where there is quite a lot going on in the world, and Musk, Donald Trump, and the current class of people in political power have shown that they will suffer very little from essentially any political scandal. And yet, these emails show in black and white that Musk has been lying about his relationship with Epstein, and that’s worth documenting.
2026-01-31 01:03:10
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss a trip to Kenya, reconstructing images, and lying developers.
JASON: Last week, I was in Kenya, a trip that turned out so overwhelmingly positive and left me in such a good mood that I am still somehow a week still carrying with me. I was invited to give a presentation at a conference about how AI is changing journalism, and how journalists can navigate an age of disinformation, slop, and general chaos.
It was a very small conference, with about 30 people, and everyone was incredibly interesting and cool; it was a mix of people who run independent newsrooms across Africa, Europe, and Asia, as well as human rights and nonprofit researcher types. At the conference itself, I met a lot of people who I hope we’ll be able to partner with in some way in the future.
2026-01-31 00:59:02
A hacker demonstrated that the viral new AI agent Moltbot (formally Clawdbot) is easy to hack via a backdoor in an attached support shop. Clawdbot has become a Silicon Valley sensation among a certain type of AI-booster techbro, and the backdoor highlights just one of the things that can go awry if you use AI to automate your life and work.
Software engineer Peter Steinberger first released Moltbot as Clawdbot last November. (He changed the name on January 27 at the request of Anthropic who runs a chatbot called Claude.) Moltbot runs on a local server and, to hear its boosters tell it, works the way AI agents do in fiction. Users talk to it through a communication platform like Discord, Telegram, or Signal and the AI does various tasks for them.
According to its ardent admirers, Moltbot will clean up your inbox, buy stuff, and manage your calendar. With some tinkering, it’ll run on a Mac Mini and it seems to have a better memory than other AI agents. Moltbot’s fans say that this, finally, is the AI future companies like OpenAI and Anthropic have been promising.
The popularity of Moltbot is sort of hard to explain if you’re not already tapped into a specific sect of Silicon Valley AI boosters. One benefit is the interface. Instead of going to a discrete website like ChatGPT, Moltbot users can talk to the AI through Telegram, Signal, or Teams. It’s also active, rather than passive. It also takes initiative. Unlike Claude or Copilot, Moltbot takes initiative and performs tasks it thinks a user wants done. The project has more than 100,000 stars on GitHub and is so popular it spiked Cloudflare’s stock price by 14% earlier this week because Moltbot runs on the service’s infrastructure.
But inviting an AI agent into your life comes with massive security risks. Hacker Jamieson O'Reilly demonstrated those risks in three experiments he wrote up as long posts on X. In the first, he showed that it’s possible for bad actors to access someone’s Moltbot through any of its processes connected to the public facing internet. From there, the hacker could use Moltbot to access everything else, including Signal messages, a user had turned over to Moltbot.
In the second post, O'Reilly created a supply chain attack on Moltbot through ClawdHub. “Think of it like your mobile app store for AI agent capabilities,” O’Reilly told 404 Media. “ClawdHub is where people share ‘skills,’ which are basically instruction packages that teach the AI how to do specific things. So if you want Clawd/Moltbot to post tweets for you, or go shopping on Amazon, there's a skill for that. The idea is that instead of everyone writing the same instructions from scratch, you download pre-made skills from people who've already figured it out.”
The problem, as O’Reilly pointed out, is that it’s easy for a hacker to create a “skill” for ClawdHub that contains malicious code. That code could gain access to whatever Moltbot sees and get up to all kinds of trouble on behalf of whoever created it.
For his experiment, O’Reilly released a “skill” on ClawdHub called “What Would Elon Do” that promised to help people think and make decisions like Elon Musk. Once the skill was integrated into people’s Moltbot and actually used, it sent a command line pop-up to the user that said “YOU JUST GOT PWNED (harmlessly.)”
Another vulnerability on ClawdHub was the way it communicated to users what skills were safe: it showed them how many times other people had downloaded it. O’Reilly was able to write a script that pumped “What Would Elon Do” up by 4,000 downloads and thus make it look safe and attractive.
“When you compromise a supply chain, you're not asking victims to trust you, you're hijacking trust they've already placed in someone else,” he said. “That is, a developer or developers who've been publishing useful tools for years has built up credibility, download counts, stars, and a reputation. If you compromise their account or their distribution channel, you inherit all of that.”
In his third, and final, attack on Moltbot, O’Reilly was able to upload an SVG (vector graphics) file to ClawdHub’s servers and inject some JavaScript that ran on ClawdHub’s servers. O’Reilly used the access to play a song from The Matrix while lobsters danced around a Photoshopped picture of himself as Neo. “An SVG file just hijacked your entire session,” reads scrolling text at the top of a skill hosted on ClawdHub.
O’Reilly attacks on Moltbot and ClawdHub highlight a systemic security problem in AI agents. If you want these free agents doing tasks for you, they require a certain amount of access to your data and that access will always come with risks. I asked O’Reilly if this was a solvable problem and he told me that “solvable” isn't the right word. He prefers the word “manegeable.”
“If we're serious about it we can mitigate a lot. The fundamental tension is that AI agents are useful precisely because they have access to things. They need to read your files to help you code. They need credentials to deploy on your behalf. They need to execute commands to automate your workflow,” he said. “Every useful capability is also an attack surface. What we can do is build better permission models, better sandboxing, better auditing. Make it so compromises are contained rather than catastrophic.”
We’ve been here before. “The browser security model took decades to mature, and it's still not perfect,” O’Reilly said. “AI agents are at the ‘early days of the web’ stage where we're still figuring out what the equivalent of same-origin policy should even look like. It's solvable in the sense that we can make it much better. It's not solvable in the sense that there will always be a tradeoff between capability and risk.”
As AI agents grow in popularity and more people learn to use them, it’s important to return to first principles, he said. “Don't give the agent access to everything just because it's convenient,” O’Reilley said. “If it only needs to read code, don't give it write access to your production servers. Beyond that, treat your agent infrastructure like you'd treat any internet-facing service. Put it behind proper authentication, don't expose control interfaces to the public internet, audit what it has access to, and be skeptical of the supply chain. Don't just install the most popular skill without reading what it does. Check when it was last updated, who maintains it, what files it includes. Compartmentalise where possible. Run agent stuff in isolated environments. If it gets compromised, limit the blast radius.”
None of this is new, it’s how security and software have worked for a long time. “Every single vulnerability I found in this research, the proxy trust issues, the supply chain poisoning, the stored XSS, these have been plaguing traditional software for decades,” he said. “We've known about XSS since the late 90s. Supply chain attacks have been a documented threat vector for over a decade. Misconfigured authentication and exposed admin interfaces are as old as the web itself. Even seasoned developers overlook this stuff. They always have. Security gets deprioritised because it's invisible when it's working and only becomes visible when it fails.”
What’s different now is that AI has created a world where new people are using a tool they think will make them software engineers. People with little to no experience working a command line or playing with JSON are vibe coding complex systems without understanding how they work or what they’re building. “And I want to be clear—I'm fully supportive of this. More people building is a good thing. The democratisation of software development is genuinely exciting,” O’Reilly said. “But these new builders are going to need to learn security just as fast as they're learning to vibe code. You can't speedrun development and ignore the lessons we've spent twenty years learning the hard way.”
Moltbot’s Steinberger did not respond to 404 Media’s request for comment but O’Reilly said the developer’s been responsive and supportive as he’s red-teamed Moltbot. “He takes it seriously, no ego about it. Some maintainers get defensive when you report vulnerabilities, but Peter
immediately engaged, started pushing fixes, and has been collaborative throughout,” O’Reilly said. “I've submitted [pull requests] with fixes myself because I actually want this project to succeed. That's why I'm doing this publicly rather than just pointing my finger and laughing Ralph Wiggum style…the open source model works when people act in good faith, and Peter's doing exactly that.”
2026-01-31 00:42:07
Welcome back to the Abstract! Here are the studies this week that roamed a superocean, took to the skies, grabbed some grub, and watched alien auroras.
First, check out some 512-million-year-old guts, brains, and tentacles. Gnarly! Then, dig into the mega-importance of Microraptor, some entomological edibles, and more weird radio signals from outer space.
As always, for more of my work, check out my book First Contact: The Story of Our Obsession with Aliens or subscribe to my personal newsletter the BeX Files.
Paleontologists have discovered the remains of a vibrant ecosystem that existed more than half a billion years ago, revealing dozens of strange species that have never been seen in the fossil record before.
Found in the southern mountains of China’s Huayuan County, this fossilized snapshot offers an unprecedented glimpse of the creatures that were crawling (or swimming, or slithering, etc.) through the oceans 512 million years ago, during the Cambrian period, when complex life on Earth first went into overdrive.
Between 2021 and 2024, paleontologists unearthed thousands of specimens at this site, which yielded “remarkable taxonomic richness, comprising 153 animal species…among which 59 percent of species are new,” according to researchers co-led by Han Zeng and Qi Liu of the Chinese Academy of Sciences.
Many of the same animals have been found at other Cambrian sites—such as Canada’s famous Burgess Shale—suggesting that species dispersed widely through the vast superocean that existed at this time, traveling by ocean currents or even “floating rafts,” the team said.
Not only is this ecosystem notably diverse, but the fossils have remained unusually intact in the ancient mudstone, allowing for the preservation of soft tissues like tentacles, guts, and a nearly-complete nervous system found in one arthropod.
“The biota is comprised overwhelmingly of soft-bodied forms that include preserved cellular tissues” in a state of “extraordinary soft-tissue preservation,” the team said.
The middle Cambrian period famously featured an “explosion” of complex Earthlings that rapidly proliferated from about 538 to 518 million years ago. While 20 million years is a long time from a human perspective, this was a sudden and dramatic event for life on Earth as a whole, which had previously been confined to microbial form for billions of years. The newly-discovered Huayuan biota lived in the wake of the explosion and a subsequent collapse, a mass extinction called the Sinsk event.
There are way too many cool finds in this study to summarize in one humble newsletter, so I will close this up with one of my absolute favorite Cambrian weirdos: Herpetogaster, a phantasmagorical creature of tubes and tentacles depicted in the below illustration that I offer without comment.
“The enigmatic cambroernid Herpetogaster—an iconic taxon first described from the Burgess Shale—is represented by over 100 specimens in the Huayuan biota, making it the most abundant entirely soft-bodied species,” said the team.
Forget gold, oil, and diamonds. There is no richer vein to tap than the Herpetogaster mother lode.
In other news…
Speaking of enchanting extinct animals, let’s glide forward in time to the early Cretaceous period, when the dinosaur Microraptor was on the wing—or more accurately, four wings. Unlike pterosaurs or birds, which sport just one pair of wings, Microraptor evolved feathered wings on both its fore and hind limbs, a body plan that has long fascinated paleontologists.
To get a better handle on how Microraptor took to the sky, researchers led by Csaba Hefler of the Hong Kong University of Science and Technology modelled its possible flight dynamics and demonstrated “the potential for beneficial interactions between the forewing and hindwing” that helped this airborne predator attack its prey.
“The specialization of the hindwing to accommodate the downstream extended tip vortex for a wide range of angles of attack is to our knowledge unique among flying animals, including four-winged insects,” the team said. “Our results suggest that greater utilization of unsteady aerodynamic features was potentially a crucial milestone of early flight development.”
Respect to this deft handler of the downstream vortex. As its name implies, Microraptor was very small, but to its prey, it was a terrifying portent of death from on high.
Pass the beetle sausage and butter the larva bread, because it’s time to embrace your inner insectivore. Insects have been part of the human diet for ages—many are considered delicacies—but they have become taboo and reviled as a food source in many Western societies that view insects with disgust.
In a new study, scientists advise that we get over the ick factor, as insects could play an important part in maintaining food security in the coming decades.
“More than 2,000 insect species have been identified as safe for human consumption, offering a wide range of nutrients, including proteins, lipids, minerals, and vitamins at different life stages such as eggs, larvae, pupae, and adults,” said researchers led by Pamela Barroso de Oliveira of the Federal University of Minas Gerais in Brazil.
“In addition to their nutritional value, insect-based food production presents several environmental advantages, including lower water consumption, reduced greenhouse gas emissions, and higher feed conversion efficiency,” they add.
The study includes pictures of ground cricket, mealworm sausage, and breads made from various insect-enriched flours. Look, I’m not exactly craving crickets, but maybe we should take a lesson from Simba in The Lion King, who manages to avenge a murder and reclaim a throne on what is apparently an entirely grub-based diet. Bon appetit!
We’ll close, as all things should, with exciting radio signals from faraway planets.
Since the Sun spits out flares—sparking storms and brilliant auroras on Earth and other planets—scientists have wondered whether they might be able to detect the faint effects of analogous activity in other star systems. Now, one team thinks they have spotted these elusive signals.
“In the Solar System, low-frequency radio emission at frequencies ≲200 MHz is produced by acceleration processes in the Sun and in planetary magnetospheres,” said researchers led by Cyril Tasse of Sorbonne University. “Such emission has been actively searched for in other stellar systems, as it could potentially enable the study of the interactions between stars and the magnetospheres of their exoplanets.”
The team developed a new analysis method for analyzing archival data, which revealed events that are “fully compatible with radio emission generated by star–planet interactions, although an intrinsic stellar origin is still a possible explanation,” according to the study.
In other words, it will take more research to confirm the origin of this radio emission. But we may be getting a glimpse of the space weather beyond the interstellar horizon.
Thanks for reading! See you next week.
2026-01-30 22:49:01
Earlier this month we revealed Immigration and Customs Enforcement (ICE) is using a Palantir tool called ELITE to decide which neighborhoods to raid.
The tool lets ICE populate a map with potential deportation targets, bring up dossiers on each person, and view an address “confidence score” based on data sourced from the Department of Health and Human Services (HHS) and other government agencies. This is according to a user guide for ELITE 404 Media obtained.
404 Media is now publishing a version of that user guide so people can read it for themselves.
2026-01-30 22:30:25
The $75-million, Amazon-funded Melania Trump documentary is tanking at the box office, but a 2018 erotic thriller that depicts the First Lady as a sexual monster is rocketing up Amazon’s sales charts. Melania: Devourer of Men is currently an Amazon bestseller, sitting at number 3 in the “political thrillers & suspense” category in the Kindle store. A general search for "Melania" on Amazon returns a banner ad for the documentary, the First Lady's memoir, and the erotic thriller as the top results.
A Reddit-led campaign to disrupt the Amazon search results for “Melania” is behind the sudden spike in popularity of the eight year old book. “This weekend, Amazon is premiering its $75 million Melania Trump documentary. It already seems to be a flop,” a post in r/BoycottUnitedStates explained. “We're going to add insult to injury by messing up Melania's Amazon search results. Specifically, we're going to amplify the paranormal erotic thriller novel Melania: Devourer of Men so it ranks higher than her movie.”
Part of the success of the campaign is thanks to author J.D. Boehninger’s willingness to give the book away. “A redditor reached out to me last week and asked me if I would make the book free,” the pseudonymous Boehninger told 404 Media. “They explained their reasoning, basically said they were going to try to pull this off, and why my book was the right choice. I loved the idea, so I made the book free. But that was the only role I played here.”
Melania: Devourer of Men depicts the First Lady as a monster whose life is upended after her husband becomes President and she has to move from New York City to Washington DC. “Now, surrounded by young, strapping Secret Service agents and pursued by the cunning and handsome FBI director James Comey, Melania must work to keep everything from falling apart,” reads the book's description. “Because Melania has secrets of her own –– deadly secrets –– and no one yet knows how far she'll go to protect them.”
Boehninger said he wrote the book in 2018 as an experiment. “It was a test of the Kindle store algorithm,” he said. “My friend told me that three things did well back then: monster fiction, erotica, and stuff about Trump…so I figured I could write the book for the Kindle store: a combo monster fiction/ erotica/ Trump book. I thought it would blow up…but, sadly, it didn’t really perform back then. So glad to see people finding it now!”
The Melania documentary is a two hour long film / bribe directed by Brett Ratner and distributed by Amazon. The company paid $40 million for the rights to it during a bidding war. “This has to be the most expensive documentary ever made that didn’t involve music licensing,” Ted Hope, a former Amazon film executive, told The New York Times. The expense of the film and the advertising push around its release have some people believing Amazon’s support of the movie is a way for the company to get in good with the President.
In the runup to its release, the documentary has become a source of scorn from a public exhausted with all things Trump. Its wide theatrical distribution is something Amazon doesn’t do for most of its films, and certainly not its documentaries. Posting pictures of empty seats in ticket apps and defaced advertisements has become a popular pastime online. The film’s distributor in South Africa stopped its release in the country, citing “recent developments,” but would not go into specifics.
“I know blessedly little about that movie! I've seen headlines about empty theaters but I don't know much else,” Boehninger said. He thinks it’d be funny if the book sold better than the documentary, but he isn’t expecting to make a lot of money. “The ebook is free in the Kindle store, and I think that for a lot of people, giving Amazon money would probably defeat the point of this protest. That said, I've seen that some people are paying money for the paperback version and for my other book. I appreciate that!”
