• ByteSize
  • Posts
  • Vibe Coding Backfires, Billions Lost to Wires, Microsoft's Token Expires

Vibe Coding Backfires, Billions Lost to Wires, Microsoft's Token Expires

PLUS: WS CEO laughs at AI doubters, Stack Overflow kills its redesign, and Anthropic's Mythos is too dangerous to release

April 14, 2026 • Estimated Reading Time: 11 minutes

Hey there, ByteSize crew.

Almost half a century ago, the Space Shuttle Columbia touched down at Edwards Air Force Base in California, wrapping up STS-1, the first orbital test flight of NASA's Space Shuttle program. Commander John Young and pilot Robert Crippen spent two days in orbit proving that a reusable spacecraft could actually work. Columbia's heat shield tiles held up (mostly), the orbiter made it home in one piece, and NASA got the green light to keep flying.

The shuttle program would go on for another 30 years, 135 missions, and one really awkward question nobody wants to answer: "What did we find on the Moon to make us stop landing there?" Anyway, let's get into it.

Bluesky's "Vibe Coding" Feature Has Users Asking: Who Asked For This?

Bluesky—the Twitter alternative where people fled to escape algorithmic manipulation—just unveiled Attie, an AI-powered app that lets you "vibe code" your social feed using natural language prompts. Instead of manually tweaking filters and feeds, you just tell Claude what you want to see, and the app builds your timeline for you. Convenient? Sure. Ironic? Absolutely.

The tool launched in closed beta last week, with interim CEO Toni Schneider pitching it as a way to give users more control without needing to write code. Powered by Anthropic's Claude, Attie interprets commands like "show me timely sports updates with fewer repetitive links" and adjusts your feed accordingly.

But a lot of Bluesky users explicitly joined the platform to get away from AI-curated feeds. One user put it bluntly: "We don't want or need AI systems or suggestions. It's a waste of resources and will sour your user base on the platform." Bluesky crossed 40 million users specifically because it didn't do what Facebook and X were doing. Now it's launching a feature that automates the thing people came there to avoid.

Attie will eventually roll out to the main Bluesky app, but for now it's standalone. If the backlash keeps up, it might stay that way.

The FBI Reports Americans Lost A Record $21 Billion to Cybercrime, AI Isn’t Helping That

The FBI's Internet Crime Complaint Center just dropped its 2025 report, and the numbers are brutal: Americans lost nearly $21 billion to cybercrime last year, up from $16.6 billion in 2024. That's a 26% jump, and for the first time, the report includes a dedicated section on AI-enabled scams because apparently, fraud needed an upgrade.

The IC3 received over 1 million complaints in 2025, with investment scams responsible for 49% of all fraud-related losses. Cryptocurrency scams alone accounted for $11 billion across 181,565 complaints, with an average individual loss of around $62,000. People over 60 got hit the hardest, losing $7.7 billion—a 37% increase from 2024.

AI showed up in 22,364 complaints, totaling $893 million in losses. Scammers are using voice cloning, deepfake videos, and AI-generated documents to impersonate family members, forge bank statements, and create fake transaction receipts. The FBI noted that AI makes scams scalable and hyper-personalized, great!

If your grandma calls asking for bail money, maybe FaceTime her first.

Microsoft's MFA Meets Its Match: Phishing-as-a-Service

Since mid-March, a phishing campaign has been compromising hundreds of Microsoft 365 organizations every day using AI-generated lures and a clever exploit of OAuth's device code authentication flow. Microsoft says 10 to 15 distinct campaigns launch every 24 hours, each targeting hundreds of orgs with unique payloads.

The attack works by sending victims a phishing email with a malicious link disguised behind legitimate security vendor redirects. Click through the redirect chain and you land on a fake page prompting you to verify your identity at the real Microsoft.com/devicelogin page. Once you authenticate, the attacker gets your access token. Password reset? Doesn't matter, the token stays valid.

The campaign exploits EvilTokens, a phishing-as-a-service kit sold since mid-February that bypasses MFA. Post-compromise, attackers target finance roles, exfiltrating emails and monitoring anything involving money. Microsoft's advice: block device code flow wherever possible and don't trust login prompts that appear after clicking sketchy links. Hey, what’s this?

⚙️ TOOL TIME

Unidentified devices continue to create visibility gaps across networks. 

Auvik helps IT teams map everything in under an hour, surfacing hidden assets automatically. 

Until May 1: Map your network with a free Auvik trial and pick your prize

Brought to you by Auvik, the tool that automatically discovers, maps, and monitors your entire network so you can see everything and fix issues faster.

👨‍💻 JOB OPPORTUNITIES

Must be able to convince "the business needs it yesterday" people that "IT can prioritize it next quarter." Partner with leadership to align technology with goals, manage cybersecurity compliance, and bridge PowerPoint people with Python people. Requires 12+ years surviving enterprise IT politics.

Keep IT running while aircraft get repaired. Support GOLDesp manufacturing systems, provide high-urgency support to minimize production downtime, and explain why turning it off and back on works. Requires 3-5 years manufacturing IT experience, SQL skills preferred.

Audit AI-powered parking infrastructure so it doesn't crumble under regulatory scrutiny. Evaluate SOX controls, assess AWS cybersecurity, and explain why misconfigured S3 buckets matter. Requires 4+ years IT audit experience, deep AWS knowledge, CISA/CISSP preferred.

Be the Batman of IT when production needs help and everyone's gone home. Maintain servers, troubleshoot shop floor systems, manage network infrastructure. Requires 3-5 years manufacturing experience and willingness to fix barcode scanners at 11 PM.

🛩 INDUSTRY MOVES

  • AWS CEO Matt Garman thinks asking if AI is overhyped is "one of the funnier questions" he gets. At the Human[X] conference (yes, we see the irony), he polled the audience—claiming 70% see positive ROI or expect it soon—and compared AI to the internet bubble. Shockingly confident stance from the guy literally selling the shovels in this gold rush.

  • Stack Overflow abandoned its beta redesign after the community tore it apart for looking too much like Reddit and burying plans to retire close votes halfway through the announcement. VP of Community Philippe Beaudette confirmed the beta is being pulled—probably for the best, considering traffic has cratered thanks to AI-driven IDE answers.

  • Anthropic dropped Claude Mythos Preview, a frontier model so good at finding security vulnerabilities they refused to release it publicly. That’s not concerning at all. Mythos identified thousands of zero-day flaws in every major OS and browser, with an 83.1% success rate creating exploits. Anthropic launched Project Glasswing, giving 12 partners access with $100 million in credits.

  • Cloudflare accelerated its post-quantum security timeline to 2029, joining Google in setting the industry deadline for quantum-resistant encryption. The move follows breakthroughs showing cracking current cryptography could happen by 2030. Cloudflare's plan: post-quantum authentication for origin connections by mid-2026, full deployment by 2029. If quantum computers forge credentials first, it's game over.

Hey folks, Chip here. The EE community's been busy this week wrestling with the kinds of problems that make you question your life choices. Let's see what kept everyone up at night:

That's it for this week. Stay curious, stay caffeinated, and remember: if your code works and you don't know why, don't touch it.

Got news to share or topics you'd like us to cover? Send ‘em our way by responding to this email. We can’t wait to hear from you. Really.