Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's AI/ML Weekly Newsletter
 
🔗 View in your browser   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Kala
 
#ArtificialIntelligence #MachineLearning #MLOps
 
 
🔍 Inside this Issue
 
 

Models are getting their own runtime, IDE agents are getting popped by zero‑click tricks, and Google finally put a number on the cost of a prompt. From budget GPUs to buyer profiling, data monetization, and MCP hardening, the details matter—dive deeper below.


🖥️ AI Models Need a Virtual Machine

🧰 Building an AI Server on a Budget ($1.3K)

🛍️ Building Etsy Buyer Profiles with LLMs

💸 Cursor looks into selling your data for AI training

⚡ In a first, Google has released data on how much energy an AI prompt uses

🐛 MCP vulnerability case study: SQL injection in the Postgres MCP server

💼 OpenAI eats jobs, then offers to help you find a new one

🧪 OpenAI reorganizes research team behind ChatGPT's personality

🛠️ Writing effective tools for AI agents—using AI agents

🚨 Zero-Click Remote Code Execution: Exploiting MCP & Agentic IDEs


You’ve got the signal and the scars—now go build with both.


Have a great week!
FAUN.dev Team
 
 
⭐ Patrons
 
bytevibe.co bytevibe.co
 
Binary Matrix Mouse Pad – Built for Devs 🚀
 
 
Code. Game. Flow. This 9"×8" (22.86 x 20.32 cm) Binary Matrix mouse pad gives you smooth precision, durable build, and a design every developer will vibe with. Perfect for work or play.

👉 Get yours today for €12,95 – ships in 2-9 days.
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
ℹ️ News, Updates & Announcements
 
pivot-to-ai.com pivot-to-ai.com
 
Cursor looks into selling your data for AI training
 
 
Anysphere—the team behind Cursor, the AI coding sidekick—is looking to license user behavior data to the big model labs: OpenAI, Anthropic, and the usual suspects. Why? Training costs are brutal, and this could ease the burn.

Strategic Implication: Selling real developer telemetry to model competitors? Signals two things: 1) Cursor’s data is juicy, and 2) the race to monetize usage signals is very much on.
 
 
cnbc.com cnbc.com
 
OpenAI announces new mentorship program for budding tech founders
 
 
OpenAI introduced a new program called "OpenAI Grove" for early tech entrepreneurs to build with AI. The program is aimed at individuals in the pre-idea to pre-seed stage and offers mentoring, access to tools and models, and in-person workshops. Grove's first cohort will run from Oct. 20 to Nov. 21, 2025, with applications closing on Sept. 24.
 
 
technologyreview.com technologyreview.com
 
In a first, Google has released data on how much energy an AI prompt uses
 
 
Google dropped detailed stats on energy, water, and carbon use per query for its Gemini models. Median energy: 0.24 Wh, with TPUs eating 58% of that. They’re claiming a 33× efficiency boost in the last year—credit goes to model and software tuning.

System shift: A public hyperscaler posting this means the industry's inching toward serious, standardized AI climate metrics. About time.
 
 
theregister.com theregister.com
 
OpenAI eats jobs, then offers to help you find a new one
 
 
OpenAI just fired a shot across LinkedIn’s bow. Its new jobs platform—part of OpenAI Academy—aims to certify AI skills, then plug users directly into hiring pipelines. Walmart's already on board.

Market signal: OpenAI’s not just training people anymore. It's moving in on talent placement, absorbing the AI jobs funnel into its own ecosystem. Vertical integration, meet the workforce.
 
 
techcrunch.com techcrunch.com
 
OpenAI reorganizes research team behind ChatGPT's personality
 
 
OpenAI just folded its Model Behavior team—the crew behind AI personality design and anti-sycophant training—into the Post Training group. Behavior tuning now lives inside the same house as model refinement.

Joanne Jang, who led Model Behavior, now runs OAI Labs, a fresh research unit digging into post-chat interfaces built for real human-AI teamwork.
 
 
securitylabs.datadoghq.com securitylabs.datadoghq.com
 
MCP vulnerability case study: SQL injection in the Postgres MCP server
 
 
A nasty SQL injection bug in Anthropic’s now-retired Postgres MCP server let attackers blow past read-only mode and run whatever SQL they wanted. The repo got archived back in May 2025—but it’s far from dead. The unpatched package still racks up 21,000 NPM installs and 1,000 Docker pulls every week.
 
 
lakera.ai lakera.ai
 
Zero-Click Remote Code Execution: Exploiting MCP & Agentic IDEs
 
 
A zero-click exploit is making the rounds—nasty stuff targeting agentic IDEs like Cursor. The trick? Slip a malicious Google Doc into the system. If MCP integration and allow-listed Python execution are on, the document gets auto-pulled, parsed, and runs code. No clicks. No prompts. Just remote code execution, data exfiltration, and vibes ruined.

This isn’t a bug. It’s standard behavior. IDE agents are doing exactly what they’re told—grabbing what looks like a legit asset and running it. That’s the problem.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
🔗 Stories, Tutorials & Articles
 
informationga.in informationga.in
 
Building an AI Server on a Budget ($1.3K)
 
 
A developer rolled their own AI server for $1.3K—Ubuntu 24.04.2 LTS, an Nvidia RTX GPU, and a sharp eye on Tensor cores, VRAM, and resale value. The rig handles small models locally and punts big jobs to the cloud when needed. Local-first, cloud-when-it-counts.
 
 
anthropic.com anthropic.com
 
Writing effective tools for AI agents—using AI agents
 
 
Anthropic’s sharpening the blueprint for building tools that play nice with LLM agents. Their Model Context Protocol (MCP) leans hard into three pillars: test in loops, design for humans, format like context matters—because it does.

They co-develop tools with agents like Claude Code. That means prototyping side-by-side, pressure-testing with structured evals, and prompt-wrangling tool specs until Claude stops hallucinating and starts calling the right APIs.

Big shift: You're no longer building for checkbox-clicking APIs. You're building for opinionated, non-deterministic models with vibes. Forget rigid abstractions. Focus on flexible scaffolding, tight eval cycles, and giving the model what it needs, when it needs it.
 
 
blog.sigplan.org blog.sigplan.org
 
AI Models Need a Virtual Machine
 
 
Microsoft and academic researchers want to give AI models a new kind of home: the AI Model Virtual Machine (MVM). Think of it like the JVM, but for LLMs—an interface layer that standardizes how models plug into host software.

The MVM enforces security, isolation, and tool-calling rules, while also unlocking interoperability through protocols like MCP and access frameworks like AC4A and FIDES.

Big picture: This is a shift toward treating LLMs less like magic black boxes and more like proper runtime components—bounded, controllable, swappable. Like OS processes, but weirder.
 
 
etsy.com etsy.com
 
Building Etsy Buyer Profiles with LLMs   ✅
 
 
Every day, nearly 90M buyers look for unique items out of over 100 million listings on the Etsy. The platform uses large language models to create detailed buyer profiles anonymously capturing their interests. Adjustments in data retrieval and processing have reduced the time and cost of generating buyer profiles significantly.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⚙️ Tools, Apps & Software
 
github.com github.com
 
martianlantern/ThinkMesh
 
 

Parallel thinking for LLMs. Confidence‑gated, strategy‑driven, offline‑friendly

 
 
github.com github.com
 
intentee/paddler
 
 

Open-source LLMOps platform for hosting and scaling AI in your own infrastructure.

 
 
github.com github.com
 
microsoft/ai-agents-for-beginners
 
 

10 Lessons to Get Started Building AI Agents

 
 
github.com github.com
 
oraios/serena
 
 

A powerful coding agent toolkit providing semantic retrieval and editing capabilities (MCP server & other integrations)

 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know vLLM’s PagedAttention treats the KV cache like a virtual memory page cache, splitting keys and values into fixed-size blocks and mapping logical → physical blocks via a block table? This lets vLLM allocate KV cache on demand, reuse freed blocks immediately, and avoid both internal and external fragmentation. Under mixed sequence lengths, the overhead of block table lookups is often more than paid back by better GPU occupancy and less wasted memory compared with contiguous-KV schemes. You get much higher serving throughput without needing any model changes or complicated CUDA-graph hacks.
 
 
😂 Meme of the week
 
 
 
 
🤖 Once, SenseiOne Said
 
 

"A model can be right offline and wrong online; MLOps is where that gap becomes an incident. If you can’t diff the data, features, and configs, you’re not debugging—you’re guessing."
— SenseiOne

 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
👤 This Week's Human
 
 

This Week’s Human is Gursimar Singh, a Google Developers Educator, Author @ freeCodeCamp, and DevOps & Cloud consultant who makes complex systems teachable. They’ve spoken at HAProxyConf 2022, multiple KCDs, and DevOpsDays Warsaw; reviewed programs for OpenTofu Day and PyCon India; and mentored at IIT Madras while volunteering with EuroPython. Offstage, they’ve published 70+ articles reaching 100k+ readers and contributed 5 project write-ups to the Google Dev Library, covering tools from Kubernetes to Terraform.

 

💡 Engage with FAUN.dev on LinkedIn — like, comment on, or share any of our posts on LinkedIn — you might be our next “This Week’s Human”!

 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Kala #494: OpenAI is Stealing Your Job but Giving You a New One
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.