Simon Willison

Creator of Datasette, co-creator of Django · Independent

Independent researcher and prolific writer on practical LLM tooling, local models and the day-to-day craft of building with AI. Essential reading for anyone running models themselves.

Local Models LLM Tooling Open Source Blog ↗ X ↗

Simon Willison co-created the Django web framework and builds Datasette, an open-source tool for exploring and publishing data. Since 2022 his blog has become one of the most widely-cited running commentaries on large language models — particularly the practical, hands-on end: running models locally, prompt-engineering in the open, tool use, and the security pitfalls (he popularised the term “prompt injection”). For RunAgentRun’s audience he is the canonical example of the “run it yourself” ethos.

What They're Saying Now

The lethal trifecta for AI agents ↗

Willison's framework for why agents turn dangerous: combine access to private data, exposure to untrusted content, and the ability to communicate externally, and an attacker can quietly exfiltrate your data. Essential reading before you let an agent near client files.

New prompt injection papers: Agents Rule of Two and The Attacker Moves Second ↗

His running coverage of the latest prompt-injection research and the defensive design patterns now emerging to secure LLM agents against untrusted input.

On RunAgentRun

Standards · Interop

MCP Hits 97M Downloads and Goes Stateless — Why It Matters for Your Tools

The Model Context Protocol has scaled faster than React, and its next release rewrites the core to be stateless. Here is what that unlocks for a small team wiring agents to its own systems.

8 Jun 2026/7 min read