Daily Archives: February 11, 2026

Studying Genes that existed before all life on Earth (LUCA – Last Universal Common Ancestor)

Posted on by

Every organism alive today traces its lineage back to a single shared ancestor that lived about four billion years ago. Scientists refer to this organism as the “last universal common ancestor,” and it represents the earliest form of life that can currently be examined using established evolutionary methods.

Research on this ancient ancestor shows that many features seen in modern life were already in place at that time. Cells already had membranes, and genetic information was stored in DNA. Because these essential traits were already established, scientists seeking to understand how life first took shape must look even further back in time, to evolutionary events that occurred before this shared ancestor existed.

Studying Life Before the First Common Ancestor

In a study published in the journal Cell Genomics, researchers Aaron Goldman (Oberlin College), Greg Fournier (MIT), and Betül Kaçar (University of Wisconsin-Madison) describe a way to explore that earlier period of evolution. “While the last universal common ancestor is the most ancient organism we can study with evolutionary methods,” said Goldman, “some of the genes in its genome were much older.” The team focuses on a special group of genes called “universal paralogs,” which preserve evidence of biological changes that took place before the last universal common ancestor.

A paralog is a group of related genes that appear multiple times within a single genome. Humans provide a clear example. Our DNA contains eight different hemoglobin genes, all of which produce proteins that carry oxygen through the blood. These genes all originated from a single ancestral globin gene that existed around 800 million years ago. Over long periods of time, repeated copying errors produced extra versions of the gene, and each copy gradually developed its own specialized role.

What Makes Universal Paralogs Unique

Universal paralogs are much rarer. These gene families appear in at least two copies in the genomes of nearly all living organisms. Their widespread presence suggests that the original gene duplication occurred before the last universal common ancestor emerged. Those duplicated genes were then passed down through countless generations and remain present in life today.

Because of this deep evolutionary reach, the authors argue that universal paralogs are a critical yet often overlooked resource for studying the earliest history of life on Earth. This approach is becoming more practical as new AI-based techniques and AI-optimized hardware make it easier to analyze ancient genetic patterns in detail.

“While there are precious few universal paralogs that we know,” says Goldman, “they can give us a lot of information about what life was like before the time of the last universal common ancestor.” Fournier adds, “The history of these universal paralogs is the only information we will ever have about these earliest cellular lineages, and so we need to carefully extract as much knowledge as we can from them.”

Clues to the First Cellular Functions

In their analysis, Goldman, Fournier, and Kaçar reviewed all known universal paralogs. Every one of these genes plays a role in either building proteins or moving molecules across cell membranes. This finding suggests that protein production and membrane transport were among the first biological functions to evolve.

The researchers also emphasize the importance of reconstructing the ancient forms of these genes. In one study from Goldman’s lab at Oberlin, scientists examined a universal paralog family involved in inserting enzymes and other proteins into cell membranes. Using standard methods from evolutionary biology and computational biology, they reconstructed the protein produced by the original ancestral gene.

Their results showed that this simpler, ancient protein could still attach to cell membranes and interact with the machinery that makes proteins. It likely helped early proteins embed themselves into primitive membranes, offering insight into how the earliest cells may have operated

[…]

Source: Scientists find genes that existed before all life on Earth | ScienceDaily

Claude agent allows allows Google Calendar zero click exploits

Posted on by

LayerX, a security company based in Tel Aviv, says it has identified a zero-click remote code execution vulnerability in Claude Desktop Extensions that can be triggered by processing a Google Calendar entry.

Informed of the issue – worthy of a CVSS score of 10/10, LayerX argues – Anthropic has opted not to address it.

Claude Desktop Extensions, recently renamed MCP Bundles, are packaged applications that extend the capabilities of Claude Desktop using the Model Context Protocol, a standard way to give generative AI models access to other software and data. Stored as .dxt files (with Anthropic transitioning the format to .mcpb), they are ZIP archives that package a local MCP server alongside a manifest.json file describing the extension’s capabilities.

The Claude Desktop Extensions hub webpage claims the extensions are secure and undergo security review. “Extensions run in sandboxed environments with explicit permission controls, and enterprise features include Group Policy support and extension blocklisting,” the FAQs explain.

LayerX argues otherwise. According to principal security researcher Roy Paz, Claude Desktop extensions “execute without sandboxing and with full privileges on the host system.”

Paz told The Register, “By design, you cannot sandbox something if it is expected to have full system access. Perhaps they containerize it but that’s not the same thing. Relative to Windows Sandbox, Sandboxie or VMware, Claude DXT’s container falls noticeably short of what is expected from a sandbox. From an attacker’s point of view it is the equivalent of setting your building code to 1234 and then leaving it unlocked because locking it would prevent delivery people from coming in and out.”

Paz says that the vulnerability arises from the fact that Claude will process input from public-facing connectors like Google Calendar and that the AI model also decides on its own which installed MCP connectors should be used to fulfill that request.

The result is that when extensions with risky capabilities like command line access are present, extensions with less concerning capabilities can present an attack vector. In this instance, a Google Calendar event was used to make malicious instructions available to Claude, which the model then used to download, compile, and execute harmful code.

“There are no hardcoded safeguards that prevent Claude from constructing a malformed or dangerous workflow,” Paz claims. “Consequently, data extracted from a relatively low-risk connector (Google Calendar) can be forwarded directly into a local MCP server with code-execution capabilities.”

What Paz is describing is a form of indirect prompt injection – AI models that read webpages, other documents, or interface elements may interpret that content as instructions. This is a known, unresolved problem, which may explain Anthropic’s apparent disinterest in the LayerX report.

[…]

Source: Claude add-on turns Google Calendar into malware courier • The Register