On June 12, 2026, at least five of the top 30 stories on Hacker News were about the same thing:

  • #1 “Twenty One Zero-Days in FFmpeg”
  • #5 “First iOS app to use technique that finds latest variants of spyware”
  • #7 “AMD Stiffs Researcher $10k Bug Bounty”
  • #15 “Show HN: Astra – Autonomous Pentest”
  • #20 “I Think They [Anthropic] Are Lying to You”

Add to that CloakBrowser and RuView on GitHub monthly charts, addyosmani/agent-skills on daily charts gaining 2,656 stars in a single day, and Astra Autonomous Pentest at #17 on Product Hunt monthly. Same day, three platforms, five overlapping signals.

That is not a coincidence. That is the first time the “anti-AI-detection + AI security” category is visible as its own tool stack.

A new map

Lay it all out and four layers show up:

┌─────────────────────────────────────────────┐
│  L4  Autonomous pentest / offensive agents   │
│      Astra Autonomous Pentest               │
│      + pentest agent / red team frameworks  │
├─────────────────────────────────────────────┤
│  L3  Agent skills / safety guardrails        │
│      addyosmani/agent-skills (57k⭐)         │
│      Anthropic / OpenAI official skills     │
│      + community security skills, inj defense│
├─────────────────────────────────────────────┤
│  L2  WiFi sensing / environmental sidechan  │
│      ruvnet/RuView (73k⭐)                   │
│      CSI for pose, breathing, fall detect   │
│      "vision without a single pixel"        │
├─────────────────────────────────────────────┤
│  L1  Stealth browser / anti-fingerprinting  │
│      CloakHQ/CloakBrowser (25k⭐)            │
│      Playwright drop-in, source-level patch │
│      30/30 bot detection tests pass         │
└─────────────────────────────────────────────┘

The bottom layer is what actually lets AI agents “go online” on your behalf.

L1: Stealth browsers — taking Cloudflare’s lunch

CloakBrowser is a stealth Chromium fork. The job is direct: patch fingerprints at the source level so Cloudflare, reCAPTCHA, DataDome, and PerimeterX cannot tell that you are a headless browser.

The README brags — “30/30 bot detection tests pass.” That means Playwright does not need to change, but the browser kernel is no longer stock Chromium. It is a build with dozens of fingerprint patches.

The point is not whether the tool is good. The point is that it confirms something: in the browser-fingerprint war, the community has decided Cloudflare did not win.

I wrote earlier about open-source anti-AI-detection tools crawling everywhere in 2026. CloakBrowser pushes that one step further. It does not just evade. It rewrites. Source-level patches versus behavioral mimicry are two completely different adversarial logics.

L2: WiFi sensing — seeing you without a camera

RuView is ruvnet’s 73k-star Rust project. It turns your home WiFi signals into the ability to “see” where you are.

It uses Channel State Information (CSI). When a person walks, breathes, or falls, CSI changes. RuView trains a model to read those changes and output pose, position, fall events, breathing.

Sounds sci-fi. The commercial angle runs the other way: it does not need a camera. That means nursing homes, hospitals, bedrooms — places where cameras are absolutely not allowed — now have a “vision without vision” option.

But flip it: if an attacker gets your home WiFi signal, they can “see” your floor plan, when you get up at night, which room you spend the most time in.

L1 plus L2 is the full picture. The browser layer is a stealth suit for the digital world. The WiFi layer is a stealth suit for the physical world. AI security is extending into the physical layer.

L3: Agent skills — guardrails going open source

addyosmani/agent-skills at 57k stars is the layer with the ugliest numbers but the heaviest strategic weight in this map.

It treats “how an AI coding agent is used” as engineering. A skill is a carefully designed prompt plus context plus tool-call template that makes an agent behave predictably on a specific task. Addy’s repo packages these as reusable assets.

Security skills are a chunk of that. How to keep the agent from prompt injection. How to sandbox before running a shell command. How to audit code the agent wrote. How to add rate limits and circuit breakers around LLM output.

The counter-intuitive part of L3: guardrails are not Anthropic’s or OpenAI’s job. They are the community’s job. In the LLM era, guardrails are an engineering problem, not a product problem. The community writes sturdier guardrails than the vendors because builders see real incidents. Vendors see PR reports.

I covered what skills are in the personal agent infrastructure piece earlier. June’s number is 57k, up 20k-plus from May. The abstraction is being treated as “npm for AI coding.”

L4: Autonomous pentest — the offense-defense AI arms race

Astra Autonomous Pentest hit #17 on Product Hunt monthly.

The logic is simple. Traditional pentesting is expensive, slow, and human. Tools like Astra agentify the workflow: target asset discovery, vulnerability scanning, exploitation attempts, report generation. No security engineer chained to a screen required.

HN #1 the same day, “Twenty One Zero-Days in FFmpeg,” is reverse evidence for this layer. Even multimedia processing — software that “looks safe” — yields 21 zero-days. The attack surface is outpacing human security teams.

The AMD “$10k bounty” story is the same thread. A researcher reported a critical vulnerability. AMD took 124 days to “fix” (or not), and ended up offering $10k instead of the originally promised $30k-plus. HN score 73. Community anger at “vendor stiffing” is real.

Connect the L4 dots and a picture emerges: the offense is going AI (agents scanning for vulns), the defense is going AI (agents hardening code), and bounty economics still run on 2010 rules. That is the real L4 problem.

A few counter-intuitive points

  • “Anti-AI-detection” is not anti-LLM. It is anti the identity-verification infrastructure the LLM era birthed. Cloudflare and reCAPTCHA are infrastructure. Whoever builds the new infrastructure wins the next round.
  • WiFi sensing deserves more regulatory attention than face recognition. It is invisible. Harder for the subject to notice, harder to audit, harder to refuse.
  • The growth rate of agent skills repos (one month, +20k stars) tells you the next competition in AI coding is not models. It is who has the better skills library. Same story as npm fighting over package management.
  • Security tools are splitting into open-source and closed-source trust models. CloakBrowser: closed binary with source-level patches (trust from “I can read the diff”). Astra: closed source (trust from “I have customer references”). Guardrail skills: fully open (trust from “the community is watching”). The trust model is changing.

Notes for builders

If you are building AI agents:

  • Stop using bare Playwright for browser automation. Source-level patches like CloakBrowser are now table stakes. Without them, Cloudflare blocks 90 percent of agents.
  • If your product’s data path touches WiFi, re-evaluate the privacy model. CSI is research-grade today, but it will be production-grade in 2-3 years.
  • Treat your own skills library as personal capital. Community versions (addyosmani) lead vendor versions (Anthropic / OpenAI) by 6x. The guardrail knowledge is in the community. Fork it, change it, send PRs. That is a free guardrail upgrade.
  • If you are building SaaS security products, redesign bounty economics. The AMD 124-day case will get cited over and over until the industry is forced to change.

References