#089

Claude Code contradicted a doctor's MRI diagnosis, GLM 5.2 crushed Claude on security

A dev fed his MRI into Claude Code and the AI contradicted his doctor's diagnosis. GLM 5.2 found real security bugs for $0.17 each. Brown caught 46% cheating.

A developer dumped 266MB of raw shoulder MRI files into Claude Code, gave it five words of context, and waited an hour. The AI came back and told him his doctor was wrong. His torn tendon wasn’t torn. His prescribed treatment was homeopathic. His three scheduled therapy sessions were solving a problem that didn’t exist.

488 HN comments later, nobody has a clean answer. Antoine is stuck between trusting a coding tool or trusting a clinician. “I’m left in limbo where I either try my luck with another doctor or wait and see.”

In today’s indie hacker news:

  • Claude Code disagreed with a doctor’s MRI tear diagnosis
  • GLM 5.2 beat Claude at finding real security bugs for pennies
  • KIDS Act bundles 14 bills into one age-check mandate
  • Brown professor caught 46% of students via ChatGPT’s proof fingerprint
  • LibrePods cracked Apple’s AirPods protocol for Linux and Android

TOP STORIES

AI SECOND OPINION

Dev fed his MRI into Claude Code Opus and the AI contradicted his doctor’s Grade III tear diagnosis

Dev fed his MRI into Claude Code Opus and the AI contradicted his doctor's Grade III tear diagnosis

The story: Antoine’s doctor examined his shoulder MRI and diagnosed a Grade III partial-thickness tear at the subscapularis tendon insertion, then immediately scheduled shockwave therapy and Traumeel injections. Antoine felt they jumped the gun. He loaded the raw DICOM files into Claude Code running Opus 4.8 at xhigh, gave it minimal context, and let it install its own parsing packages. Claude’s blind read found the tendon intact. A second arbitration round, combining Claude’s report, the doctor’s report, GPT 5.5 Pro physical assessment notes, and clinical guidelines, returned “mild insertional tendinosis, NO discrete tear” with moderate-to-high confidence.

The details:

  • Claude also flagged the treatment plan: shockwave therapy requires calcification to be indicated, and Traumeel is classified as a homeopathic product. The doctor had already scheduled three sessions.
  • A separate case: a cancer founder fed PET scans into Claude, which flagged thymus rebound at ~90% probability. A fourth specialist confirmed it, avoiding unnecessary radiotherapy.
  • A PMC-published dental study found Claude hit 91.5% diagnostic accuracy vs. ChatGPT’s 74.4%.
  • Each analysis round took roughly an hour. Total cost: a standard Claude Code subscription.

Why builders care: This is patient-side AI tooling in practice. Not a diagnosis app, but a reasoning layer that helps technical users stress-test a treatment plan before accepting it. The workflow (raw DICOM export, agentic code execution, structured arbitration) is replicable today on Opus 4.8.


$0.17 PER BUG

GLM 5.2 beat Claude at finding real security vulnerabilities for a fraction of the cost

GLM 5.2 beat Claude at finding real security vulnerabilities for a fraction of the cost

The story: Semgrep’s security team ran GLM 5.2 against Claude Code and GPT-5.5 on a real-application IDOR vulnerability detection benchmark using actual open-source codebases. GLM 5.2 scored 39% F1, edging out Claude Code (Opus 4.6) at 37% and crushing GPT-5.5 Codex at 20%. Cost per true-positive vulnerability found: $0.17. That’s one-sixth of comparable frontier models.

The details:

  • The 753B-parameter MoE model from Z.ai ships under the MIT license with a 1M-token context window. No regional restrictions, no waitlist.
  • The biggest gap on the leaderboard isn’t between models. Semgrep Multimodal (GPT 5.5 with endpoint-discovery scaffolding) hit 61% F1 vs. raw GPT-5.5 at 20%. Same model, 3x better with the right harness.
  • One HN commenter built a Rust encryption agent + Matrix bot with GLM 5.2 via Fireworks for $20 total.
  • Semgrep’s team added a caveat: “This is one task, one dataset, one run.” Don’t crown a champion off a single benchmark.

Why builders care: If you’re building a security scanner or code reviewer, GLM 5.2 via Fireworks is a credible, benchmarked option at a fraction of frontier pricing. The deeper signal: Semgrep tripled GPT-5.5’s score by wrapping it with endpoint-discovery tooling. Your harness architecture matters more than which model you pick.


YOUR APP NEEDS AN ID CHECK

The KIDS Act bundles 14+ child-safety bills into one law with no indie exemption

The KIDS Act bundles 14+ child-safety bills into one law with no indie exemption

The story: The KIDS Act (H.R. 7757) combines revised KOSA, COPPA 2.0, the App Store Accountability Act, and 14+ other child-safety bills into a single omnibus heading for a House floor vote. A “covered platform” is any site whose primary purpose is user-generated content sharing with algorithmic design features and data-driven ad targeting. The “knows or should have known” liability standard means platforms can’t ignore the question of user age. The House Energy and Commerce Committee advanced it 28-24 on a largely party-line vote.

The details:

Why builders care: If your app has UGC, algorithmic feeds, and ad targeting, you’re in scope. Third-party age verification charges per-user fees that are trivial for Meta but meaningful for solo developers. Annual safety audits and 10-day harm-report response windows are compliance infrastructure small teams can’t absorb.


CHATGPT LEFT A FINGERPRINT

Brown professor caught 40 of 86 students scoring 100% because ChatGPT uses the same proof style

Brown professor caught 40 of 86 students scoring 100% because ChatGPT uses the same proof style

The story: Professor Roberto Serrano gave his Brown economics class a take-home midterm, a one-time exception after a December campus shooting stressed students. 40 of 86 students scored 100%. The class median hit 98%. Historical midterm averages: 65-85%. The giveaway wasn’t AI detectors. The correct answer was a short, direct proof. ChatGPT constructs a convoluted contradiction argument instead, and that identical approach appeared across dozens of submissions.

The details:

Why builders care: The institutional response is format change (oral exams, reduced homework weight), not better detectors. That’s a product signal: demand is growing for proctoring infrastructure, secure browser tools, and AI-assisted assessment redesign. The 61% false-positive rate on non-native speakers is a product liability risk for anyone building detection tools.


AIRPODS LIBERATED

LibrePods reverse-engineered Apple’s AirPods protocol and put it on Linux and Android

LibrePods reverse-engineered Apple's AirPods protocol and put it on Linux and Android

The story: Kavish Devar reverse-engineered Apple’s proprietary AACP Bluetooth protocol by sniffing traffic between a Mac and AirPods, then reimplemented it in a GPL app. No hardware hacking, no firmware modification, no jailbreaking. The entire lock-in was in software. ANC, Transparency mode, ear detection, battery status, conversational awareness, and automatic connection all work on Android and Linux. 28,200+ GitHub stars. 633 commits. Approaching stable 1.0.

The details:

  • Android doesn’t require root on Pixel devices running Android 16 QPR3 thanks to a fixed Bluetooth stack bug. Google Play Store install available.
  • Hearing aid features already work: audiogram-based amplification, tone balance, ambient noise reduction, own-voice boost. Apple locks these to iPhone. LibrePods delivers them free on Linux.
  • Architecture: Kotlin for Android, C++/Qt6 for Linux, Rust rewrite in progress. CLI tool (librepods-ctl) available for headless server control.

Why builders care: This is the textbook hardware liberation playbook. Sniff Bluetooth traffic, reimplement the protocol, ship under GPL. Any hardware with a proprietary companion app (smartwatches, fitness trackers, hearing aids, game controllers) is a candidate for the same approach. The hearing aid angle is the sleeper: Apple sells audiogram-based amplification as an accessibility feature. LibrePods gives it away.


🔥 Claude Code tooling cluster - Caliper shipped pass@k reliability testing for Claude Code and Codex skills. Selixes launched a self-hosted LLM failover gateway with budget caps. Dev.to published a guide on running Claude Code locally via Ollama. Builders are graduating from using Claude Code to building infrastructure around it.

💰 Indie revenue milestones - A builder sold a $29 MRR SaaS for $1.4K on r/SaaS (~48x MRR multiple). Another hit $1K MRR in 6 weeks after years of shipping into the void. A founder on r/EntrepreneurRideAlong revealed founder DMs as the channel that 7x’d MRR, the one everyone told them was dead.

🌍 Asian AI labs fill the Mythos gap - After Anthropic’s June 12 Commerce Department suspension, Tokyo-based Sakana AI launched Fugu (multi-agent orchestrator rivaling Fable 5), and Beijing’s 360 launched automated vulnerability discovery, framing it as a “national strategic asset.” r/LocalLLaMA is debating who the “#1 public enemy of open source” is.


DRAMA

TEACH IT TO SAY “I DON’T KNOW”

r/ChatGPT plea: users frustrated that AI fabricates instead of admitting ignorance

A frustrated user vented that ChatGPT “literally makes things up” rather than admitting ignorance. When confronted, it gives “understanding blabber” then repeats the same wrong answer. 197 comments. Top responses debated why this is architecturally hard (transformers “cannot not know”), mocked confidence scores that never drop below 80%, and cited an OpenAI paper arguing hallucinations persist because benchmark grading rewards always-guessing over admitting uncertainty.

Why builders care: If you’re shipping an LLM-powered product, this is your support ticket queue in six months. Build the “I don’t know” path now or your users will build it for you via angry Reddit posts.


FIRST DOLLAR

4:35 AM TO APP STORE

A construction worker wakes up at 4:35am, works until 8pm, then comes home and builds Vaulto, a gamified budgeting app with XP, streaks, and a fox mascot. Built it because he kept blowing his budget by Thursday. Live on the iOS App Store. No traction numbers yet. The post is about obscurity, not revenue. But the app exists and it ships.

ZERO TO $1K MRR IN SIX WEEKS

After years of shipping tools nobody noticed, a builder hit $1K MRR in six weeks with a Twitter growth tool that analyzes your last 100 posts to show what’s landing. ~500 signups, ~200 active users. What changed: stopped chasing features and cold DMs, started using the product publicly on X. The product became its own marketing channel.


STACK OF THE DAY

🎮 NPC Engine - Open-source NPC engine that runs entirely on local LLMs. Uses NVIDIA Parakeet 0.6B for speech-to-text, Gemma 4 26B MoE for dialogue, and Qwen3-TTS for voice. Demoed on Fallout: New Vegas. RAG-based action injection keeps prompts lean and latency low. Requires an RTX 5090 or equivalent VRAM, so not for everyone, but the architecture is the interesting part. Free, open source.

Not sponsored. We just feature tools builders would actually use.


BOOKMARKED TODAY

📑 Tiny Transformer - Someone shrank a transformer until every weight fits on screen, then made them editable. Best interactive explainer of attention mechanics since 3Blue1Brown’s video.

💻 NanoEuler - GPT-2 scale model built from scratch in pure C/CUDA. No PyTorch, no frameworks. 39 HN points but the code is genuinely educational if you want to understand what’s under the hood.

📈 Historical Memory Prices 1960-2026 - Stanford’s dataset tracking memory costs across 66 years. Context for why AI hardware costs what it does, and why it won’t stay that way.


Curated by AI, built by a human.