AI 资讯
AI Security Audit Checklist: 15 Vulnerabilities Claude Found in Production Code
Most web applications contain at least one vulnerability from the OWASP Top 10. A typical security audit takes 2-3 weeks and costs upward of $10,000. An LLM can compress the initial audit down to a few hours because it scans code for patterns rather than specific CVEs. Below are 15 vulnerabilities found while auditing production code with Claude. Each includes the vulnerable code, the fixed version, and a prompt to reproduce the finding. Classification follows OWASP Top 10 (2021). Order reflects frequency of occurrence: most common first. Methodology: how to run an AI security audit The audit consists of three passes. First, a broad scan: the LLM receives the entire project and looks for vulnerability patterns. Second, deep analysis: each identified pattern is verified in context (middleware, ORM, framework). Third, verification: manual review of every finding, because LLMs produce false positives. Prompt for the broad scan: Perform a security audit of this code. For each finding, include: 1. CWE ID and name 2. OWASP Top 10 category 3. Severity (Critical/High/Medium/Low) 4. The vulnerable code snippet 5. Attack vector -- exactly how an attacker would exploit this 6. Fixed code Ignore stylistic comments. Focus on security only. Start with injection attacks, then broken access control, then the rest. This prompt works because it defines the output structure and prioritizes categories. Without explicit instructions, the LLM mixes critical vulnerabilities with remarks about email validation. More on structured AI code review: AI Code Review Checklist . A03:2021 -- Injection 1. SQL Injection via string concatenation The most common finding. Shows up even in projects using an ORM, because developers switch to raw queries for complex filters. Vulnerable code: // API endpoint for user search app . get ( ' /api/users ' , async ( req , res ) => { const { search , sortBy } = req . query ; const query = ` SELECT id, name, email FROM users WHERE name LIKE '% ${ search } %' ORDER
开发者
Bigger Context Windows Didn't Make Our RAG Smarter
We stopped measuring retrieval quality by how many tokens we could fit into the prompt. When...
AI 资讯
Why Serverpod? One Language for Your Entire Stack
Why this series I love writing clean architecture . Not because it looks nice in a diagram, but because it survives change — new requirements, new team members, and now, AI-assisted development , where you want boundaries an AI can respect and tests that catch it when it wanders. The problem in most Flutter stacks is the seam between app and backend. You write Dart on the client, then switch to a different language, a hand-written REST layer, DTOs that drift out of sync, and serialization bugs nobody notices until production. Serverpod removes that seam. You write Dart on the server too, and the client-server communication code is generated for you — type-safe, end to end. What is Serverpod? Serverpod is an open-source backend framework that lets you build the entire stack in Dart. Instead of context-switching between languages, your models, your API, and your database logic all live in one language. What you get out of the box: Endpoints — server methods your Flutter client calls directly. The communication code is generated, so there's no hand-written REST/JSON glue. An ORM — type-safe, statically analyzed database access with migrations and relationships. No raw SQL required. Code generation — define a model once; get serialization and client bindings on both sides automatically. Real-time data — streaming over WebSockets, managed for you. Auth — integrations for Google, Apple, and Firebase. The extras enterprises actually need — file uploads, task scheduling, caching, logging, and error monitoring. And on the "is this serious enough for production?" question: Serverpod says it's battle-tested in real-world apps and secured by over 5,000 automated tests, scaling from hobby projects to millions of users without code changes. That's exactly the property you want in an enterprise foundation. The architecture at a glance Here's how the pieces fit. A Serverpod project is generated as three packages: myapp_server → your backend: endpoints, models, business logic, DB my
AI 资讯
Memory Engineering Is a Promotion Pipeline, Not a Pile of Notes
A lot of AI memory systems start with the same temptation: "Just save the useful thing." That sounds harmless until the knowledge base becomes a junk drawer. Half the notes are too specific, a few are duplicates, some are obsolete, and nobody knows which ones the agent should trust. In ai-assistant-dot-files , the memory system is deliberately slower. It uses a promotion lifecycle: Capture -> Candidate -> Audit -> Approve -> Index -> Retrieve -> Expire That lifecycle is documented in docs/runbooks/memory-engineering.md , and the important word is not "capture." It is "candidate." Nothing writes directly to memory The framework has a durable memory layer: Knowledge Items in shared/knowledge/ , ADRs in docs/adrs/ , the domain dictionary, team topology, a feature archive, and a registry at shared/memory-registry.json . But a lesson from a delivery does not jump straight into shared/knowledge/ . It first becomes a Candidate Record. That record has required fields: Source Type Evidence Tags Expiration condition Then memory-engineer audits it: Is it reusable? Is it already covered? Is it too speculative? Does it belong as a Knowledge Item, or should it become a rule change, prompt edit, or ADR instead? Only after that does a human approve the destination. The design is intentionally similar to code review. Durable memory changes future behavior, so they deserve a paper trail. Rejection is a feature One of my favorite parts of the memory runbook is that it has explicit rejection rules. Do not promote a memory when it is: a one-off already covered too speculative That makes "zero candidates promoted this cycle" a healthy result, not a failure. This is where memory engineering starts to look less like note-taking and more like gardening. The point is not to preserve every leaf. The point is to keep the soil useful. Expiration matters The lifecycle also includes expiration. A Knowledge Item can become stale when the underlying code, agent, or pattern changes. It can be supers
AI 资讯
Why your agent benchmarks are lying to you
We deployed a coding agent that hit 94% on the industry benchmark. It failed in production on the first real edge case because the benchmark measured single-turn success and our actual work was multi-turn refinement. The model could not update its beliefs correctly when new evidence arrived, something no single-turn eval would catch. This is not a hypothetical. I have watched agents shine in demo and disintegrate on the messy input that production actually serves. The gap between what we measure and what ships is real, and it is where reliability lives or dies. The benchmark misses the point FutureBench evaluates agents by asking them to predict events that occurred after their training cutoff. This removes the possibility of correct answers coming from memorized training data rather than genuine reasoning. The design matters because it tests whether an agent can reason, not whether it can recall. BayesBench showed that standard LLM evaluations score only final-turn answers in single-turn format, leaving multi-turn belief updating entirely unexamined. Across seven models, scaling improves latent inference and evidence accumulation but LLMs do not match rational Bayesian updating. In production, your agent runs many turns. The benchmark that stops at turn one is not measuring the thing that actually breaks. KINA identified three systematic flaws in knowledge benchmarks: scaling-driven designs that ignore disciplinary representativeness, flat-payment annotation that permits lazy consensus among annotators, and unaudited ranking instability under bounded test budgets. The top model reached 53.17% on an 899-item benchmark across 261 disciplines. That is not saturation. That is headroom. The demo lied I worked with a team that deployed an agentic document processing system. The demo on ten handpicked cases was flawless. The first week of production, it hit an input format the training data never saw, and the system failed silently. No error was raised. The output looked
安全
Meta’s glasses will turn off the camera if you tamper with the privacy light
Amid public backlash over its smart glasses, Meta announced that it will be updating its glasses with a new feature that will disable the camera when it detects that someone has tampered with or destroyed the glasses' privacy LED light. The update is meant to address modders who have taken actions such as physically drilling […]
产品设计
Final extension: Startup Battlefield Australia applications now close July 20
If you're building something ambitious, this is a fast track to the people who can move your startup forward.
AI 资讯
Meta Now Lets Anyone Use Your Instagram Photos in AI Images—Unless You Opt Out
As part of Meta’s Muse Image model rollout, Instagram users with public accounts need to opt out to block AI generations of their content.
AI 资讯
Dev Log: 2026-07-07
TL;DR Collapsed a billing model from à-la-carte features to plans-only, in four safe phases. Unified authorization across web, API, and MCP so all three obey one permission layer. Fixed a legacy Oracle password-sync writing to the wrong column. Four repos moved today. Here's the thread that ties most of them together: one source of truth beats two. Billing: plans-only Spent most of the day migrating a SaaS off per-feature à-la-carte subscriptions and onto plans-only entitlements. The interesting part isn't the model — it's doing it without a billing outage: seed plans, switch reads to plans, backfill every org, then delete the old machinery. Expand/contract, four deployable phases. Full write-up in the focused post. One permission layer for three surfaces An ops tool exposed the same actions three ways — web UI, API, and an MCP server for agent access. The bug: each surface checked authorization slightly differently, so an MCP tool could allow something the web UI blocked. The fix was to make the MCP tools gate on the same permission layer as everything else, so: web ─┐ API ─┼─► one permission check ─► allow / deny MCP ─┘ TL;DR: web ≡ API ≡ MCP — three doors, one lock. Also added a dedicated support-engineer role scoped for debugging without handing over the keys to everything, plus identity/diagnostics/SLA read tools so an agent can answer "why didn't this notification send?" without shell access. Before After Each surface authorizes its own way Single permission check, shared MCP tool could out-permission the UI MCP bound to the same guard No debug-scoped role support_engineer role, read-only diagnostics Legacy Oracle password sync Smaller but sharp: a password reset was writing to the wrong Oracle column and also touching a date_modified field it had no business updating. Routed the student reset to the correct password column and dropped the stray write. Lesson with legacy schemas — the column that looks right and the column the app actually reads from are not a
AI 资讯
Killing à-la-carte: migrating a feature-gating model to plans-only
TL;DR Moved a SaaS from à-la-carte feature subscriptions (pay per feature) to plans-only (pay for a tier, get its features). Did it in four phases so nothing broke mid-flight: seed plans → gate on plans → migrate orgs → delete the old machinery. Lesson: model migrations are safest as expand → migrate → contract , not a big-bang swap. The problem The old billing let an org subscribe to individual features à la carte. Flexible on paper, painful in practice: entitlement logic had two sources of truth (per-feature subscriptions and an implicit plan), and every gate had to check both. Time to collapse it into one model — you buy a plan , the plan carries the features. The trap with this kind of change is the temptation to rip out the old columns and ship. Do that and every in-flight subscription, every gate check, and every webhook that still speaks the old language breaks at once. The phased plan I ran it as four ordered migrations. Each phase is deployable on its own and leaves the app working. Phase What it does Why this order F1 Seed Plans into the prerequisite chain New model must exist before anything reads it F2 Gate features on the plan, not the feature-sub Reads switch over while writes still dual-run F3 Deploy op migrates existing orgs onto a plan Backfill — nobody left on the old model F4 Remove the à-la-carte machinery Contract — safe only after F3 This is the expand/contract pattern applied to a domain model, not just a schema. Expand (F1) adds the new thing alongside the old. Migrate (F2–F3) moves reads then data. Contract (F4) deletes the old thing once nothing points at it. F1 seed F2 gate on plan F3 backfill orgs F4 drop features ┌────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ plans │ --> │ reads: plan │ -> │ every org on │ -> │ delete a-la- │ │ exist │ │ writes: both │ │ a real plan │ │ carte code │ └────────┘ └──────────────┘ └──────────────┘ └──────────────┘ safe safe safe safe Gating on the plan The gate collapses to a single question
AI 资讯
Vector Strike: Semantic Search Database Defender
Have you ever wondered how vector databases like Pinecone, Milvus, Qdrant, or pgvector search through billions of high-dimensional documents in milliseconds? Under the hood, they map semantic concepts into dense numerical vectors, calculate multidimensional cosine similarity angles, and traverse proximity graphs to locate nearest neighbors without scanning the entire database. To help you visualize how vector databases and embeddings actually operate, I built a retro-vector arcade game: 🛰️ Vector Strike: Database Defender Play in Fullscreen Mode (if the embed sizing is tight) 🛠️ Choose Your Database Optimizations Your mission as a Vector Database (VDB) administrator is to configure your query settings and index structures to defend your index nodes: 📏 Similarity Threshold (τ): Tweak the match threshold slider. High thresholds require near-identical semantic matches but protect your index, whereas lower thresholds act like a splash-damage laser but risk matching incorrect clusters. 🪐 Embedding Dimensions (2D $\rightarrow$ 8D $\rightarrow$ 32D): Higher dimensions isolate categories and guarantee precise hits. Lowering dimensions collapses the projection space, causing spatial overlap that results in false deflections and friendly-fire query failures. ⚡ Proximity Indexing (Flat Scan $\rightarrow$ HNSW Graph): Flat Scan: Runs a brute-force linear search over all targets. It causes computation latency spikes as more query objects arrive. HNSW (Hierarchical Navigable Small World): Dynamically builds proximity links between adjacent node targets. The turret traverses vectors along the nearest-neighbor graph, snap-locking onto targets with zero lookup latency. 🧬 Playable ML Concepts Explained Here is how the arcade mechanics map to production vector databases: 1. 🔀 Multidimensional Projections (Dimension collapse) In-Game: You can toggle between 2D, 8D, and 32D space. In 32D space, the categories are cleanly separated. In 2D space, the database collapses, and you'll find sp
AI 资讯
OpenAI’s Chief Futurist Is Leaving the Company
Joshua Achiam spent nearly nine years at OpenAI researching AI safety and made a memorable appearance in the Musk v. Altman trial.
AI 资讯
[Boost]
The Log Is the Agent AI Engineer World's Fair Coverage Ishaan Sehgal Ishaan Sehgal Ishaan Sehgal Follow for Daily Context Jun 30 The Log Is the Agent # aie # agents # ai 48 reactions 89 comments 5 min read
AI 资讯
Switching from PostgreSQL to ClickHouse for Improved Performance and Scalability
Momentic, the company behind an AI-driven software testing platform, recently rearchitected its caching system to handle over 2 million queries per day across 20 billion total entries, while maintaining an average response latency of around 250 ms. This improvement was made possible by transitioning from PostgreSQL to the column-oriented database ClickHouse. By Sergio De Simone
AI 资讯
Stratagems #8: Alex Watched an AI Dashboard Take Over. He Kept the Keys Under the Table.
Deceive the enemy with an obvious approach that will take a very long time, while ambushing them...
开源项目
Bethesda, id Software reportedly hit hard by Microsoft layoffs
As much as 50 percent of some teams affected by reductions, and more could be coming.
AI 资讯
What We Learned Rewriting an Interactive Map Editor: Fabric.js, CORS, and 20,000 Lines of Legacy TypeScript
A story about how migrating an interactive office map editor turned into an engineering investigation involving Fabric.js, tainted canvas , and an architecture that's finally easy to extend. In most software projects, one sentence usually makes every developer nervous: "Let's rewrite this module from scratch." It often means months of development, regression risks, and endless architecture discussions. Our project was no different. We develop, a workspace management platform that allows companies to manage office spaces and book desks. One of its core features is an interactive office map editor, where administrators upload floor plans, place desks and meeting rooms, and publish maps for employees. Over the years, this editor slowly evolved into a real monolith. And the problem wasn't simply the number of lines of code. Where It All Started The editor dated back to the AngularJS era. The main component had gradually grown into a single file responsible for almost everything: loading maps working with Fabric.js CRUD operations keyboard shortcuts dialogs saving event handling The main editor component alone contained nearly 2,270 lines of code . Behind it lived another codebase — the map engine itself. Almost 20,000 lines of TypeScript spread across more than 230 files. One of the biggest architectural issues was an infinite rendering loop. fabric . util . requestAnimFrame (() => this . tick ()); Even when the user wasn't interacting with the editor, rendering continued forever. It worked. But every new feature became more expensive to build. Why We Decided to Rewrite It The motivation wasn't AngularJS itself. The real reason was business requirements. The product needed completely new capabilities: map drafts safe publishing high-quality printing multiple workspace modes easier support for new object types Every new feature pushed harder against the existing architecture. Eventually it became obvious: We weren't fighting individual bugs anymore. We were fighting the
AI 资讯
Async Error Handling — Async Route
Async route: vì sao Promise reject trong Express 4 không tới error middleware, và cách Fastify tự bắt lỗi Một async route handler trông giống một handler bình thường, nhưng cơ chế truyền lỗi của nó khác hẳn. Express 4 bọc lời gọi handler bằng try/catch đồng bộ; một hàm async return về một Promise trước khi Promise đó settle, nên try/catch đồng bộ không bắt được rejection. Kết quả: lỗi rơi ra khỏi handler dưới dạng unhandledRejection , không tới error middleware, không được gửi thành 500 JSON , và từ Node 15 mặc định làm process crash. Fastify đi hướng khác — pipeline hook tự await handler, rejection được framework bắt và chuyển tới setErrorHandler . Hiểu điểm khác biệt này giải thích vì sao cùng một dòng code await db.query(...) lại có hai hệ quả production hoàn toàn khác nhau giữa hai framework. Cơ chế hoạt động Trong Express 4, Layer.handle_request gọi handler đồng bộ trong một khối try/catch . Nếu handler ném exception đồng bộ, catch được, forward qua next(err) . Nhưng handler async không ném — nó return về một Promise. Đến khi Promise reject, control đã ra khỏi khối try/catch từ lâu: // Đây là bản giản lược của cách Express 4 gọi handler: try { const ret = handler ( req , res , next ) // với async handler, ret là Promise (đã pending) // handler đã "return" — try/catch không còn hiệu lực với reject xảy ra sau } catch ( err ) { next ( err ) // chỉ chạy khi handler ném đồng bộ } Vì Express 4 không await ret và cũng không ret.catch(next) , một Promise reject không có bên nào bắt. Node emit unhandledRejection ở tầng process. Cách sửa chuẩn là wrapper: // asyncHandler: bọc handler async, forward reject vào next(err) export const asyncHandler = ( fn ) => ( req , res , next ) => Promise . resolve ( fn ( req , res , next )). catch ( next ) app . get ( ' /orders/:id ' , asyncHandler ( async ( req , res ) => { const order = await db . orders . findById ( req . params . id ) if ( ! order ) { res . status ( 404 ). json ({ error : ' not_found ' }); return } res . json ( order
AI 资讯
End-to-end Design Walkthrough — Full System Design
Full system design walkthrough: vì sao quy trình 5 bước quan trọng hơn thuật ngữ, và cái bẫy nhảy thẳng vào deep-dive Một buổi phỏng vấn system design 45–60 phút không đánh giá xem thí sinh biết bao nhiêu tên công nghệ, mà đánh giá xem thí sinh có xử lý được một bài toán mơ hồ theo một quy trình có kỷ luật hay không. Cùng đề "thiết kế URL shortener", người thất bại thường bắt đầu bằng "dùng Cassandra vì scale tốt" ngay ở phút thứ hai — chưa hỏi scale bao nhiêu, chưa biết read/write ratio, chưa đồng ý interface. Người pass đi theo một trình tự cứng: requirements → estimation → high-level → deep-dive → tradeoff . Cùng một đề, cùng thời lượng, nhưng người thứ hai dẫn dắt được interviewer thay vì bị dí. Bài này mô tả quy trình đó ở mức thực dụng, các thất bại thường gặp khi bỏ bước, và một hands-on end-to-end trên URL shortener để tự luyện. Cơ chế hoạt động Quy trình chuẩn được nhiều tài liệu tổng hợp (Alex Xu — System Design Interview vol.1; Donne Martin — system-design-primer ; Kleppmann — Designing Data-Intensive Applications ) đều có 4–5 bước gần như trùng nhau. Đây là khung 5 bước dùng thực tế trong phỏng vấn: Requirements clarification (~5 phút). Chốt functional requirement (hệ thống làm gì — API nào, use case nào) và non-functional requirement (availability target, latency target, consistency yêu cầu, security, cost). Không đoán — hỏi lại interviewer. Output: 3–5 gạch đầu dòng functional + 3–5 gạch NFR + danh sách "out of scope" (analytics, billing, ...). Back-of-the-envelope estimation (~5 phút). Tính DAU, QPS peak/avg, read:write ratio, storage growth theo năm, bandwidth. Không cần chính xác — cần đúng order of magnitude để quyết định "cần shard hay không", "cache có ý nghĩa không", "một node đủ hay phải scale ngang". High-level design (~10–15 phút). Vẽ box diagram: client → LB → app tier → cache → primary datastore → async worker → object storage/CDN. Định nghĩa API (endpoint, request/response, status code) và data model (schema chính, index chính). Ở bước này
开发者
Google’s Pixel event is set for August 12
Google's upcoming event in August will introduce new Pixel devices.