今日已更新 305 条资讯 | 累计 19865 条内容
关于我们

标签:#ai

找到 3505 篇相关文章

AI 资讯

Microsoft said the patches would get bigger. I measured how much bigger.

On 9 July 2026 the head of Windows published a post about AI-powered vulnerability discovery. One line in it was a warning to customers: "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release." It does not say how much higher. The post runs about 1400 words and contains no numbers at all. Five days later Microsoft shipped the July package: 1150 CVEs. The number Microsoft would not put in the blog post is sitting in Microsoft's own API. The Security Update Guide publishes every monthly package as machine-readable CVRF, acknowledgments included, no key required. So I pulled twelve months of it and did the arithmetic. What the data says I sampled eight months before the ramp and four after it. Month CVEs Month CVEs 2024-07 454 2026-04 737 2025-01 343 2026-05 991 2025-04 374 2026-06 1281 2025-07 527 2026-07 1150 2025-10 427 2026-01 310 2026-02 169 2026-03 460 The eight pre-ramp months average 383 CVEs. July 2026 is 1150, so the package is 3,0 times the old normal. The baseline broke in April and peaked in June at 1281. April to July inclusive is 4159 CVEs. At the old rate that is 10,9 months of output, delivered in four. The number I am not going to use February 2026 had 169 CVEs. It is the lowest month in two years, less than half the baseline. Divide July by February and you get 6,8 times, which is a much better number for a headline. I am not using it, because choosing your denominator is how honest people produce dishonest numbers. February is an outlier, and the only reason to anchor to it is that it flatters the story. The real multiplier is 3,0. It does not need help. It is not noise The obvious objection is that volume without quality is just a bigger pile. If AI were generating low-value findings that got patched anyway, the severity distribution would sag. It did the opposite. Measure 2025-07 2026-07 CVEs 527 1150 CVSS median 6,5 7,5 CVSS mean 6,47 7,26 CVSS 7,0 and above 48,0 % 71,

2026-07-15 原文 →
AI 资讯

Build Firebase AI Logic Application with Antigravity CLI and Stitch MCP Server [GDE]

Build Firebase AI Logic with Antigravity CLI Note: Google Cloud credits are provided for this project. In this blog post, I demonstrate how to use the Antigravity CLI (an agentic AI assistant integrating directly with development workflows via skills and servers) to build an image analysis demo using Angular, the Firebase Hybrid & On-device Inference Web SDK, and Gemini models. Users upload an image and use a Gemini model to analyze it to generate a few alternative texts, tags, recommendations, and CSS tips to enhance the image quality. When the demo is running in Chrome 148+, the Hybrid & On-device SDK leverages the Prompt API of the on-device Gemini Nano model to perform the image-to-text tasks, and the token usage is 0. When other browsers, such as Safari or Firefox, execute the same tasks, the SDK falls back to Cloud AI (Gemini 3.5 Flash model), which consumes tokens. Next, I describe how to install the skills in my Angular project and register the Angular and Stitch MCP servers in the Antigravity CLI to develop the infrastructure, services, and UI design of my demo. 1. Workflow This is my entire workflow from implementing features, generating UI screens, and mapping the screens to Angular components. 2. Skills I installed the grill-with-docs , angular , and firebase skills in my project for the following reasons: grill-with-docs: Conduct a rigid Q&A session to generate a specification for a feature, refactor, or critical fix. AI is responsible for performing thorough analysis, and putting in more efforts to generate code to achieve the task. domain-modeling: The skill is referenced in the SKILL.md of the grill-with-docs skill, so a copy of it is required. code-review: Spawn two sub-agents to review changes to detect code smells and verify that the changes align with the specification. angular: Provide the best practices of modern Angular architecture, such as using signals and signal forms. firebase: Provide the skills for Firebase AI Logic, Firebase Remote, et

2026-07-15 原文 →
AI 资讯

LingoBridge-AI: Simplifying Complex Medical Reports for Rural Patients

Body: ​Hi everyone! 👋 ​I am excited to share my latest project, LingoBridge-AI, which I have been building to solve a critical problem in rural healthcare. ​The Problem 🩺 ​In many rural areas, patients receive medical reports that are complex and filled with technical jargon. Due to this, they often struggle to understand their own health conditions, which leads to confusion and delayed medical care. ​The Solution: LingoBridge-AI 💡 ​I developed LingoBridge-AI, an AI-powered tool designed to: ​Simplify complex medical reports into easy-to-understand language. ​Translate information into local languages to ensure better accessibility for patients. ​Bridge the gap between healthcare providers and patients who have limited medical literacy. ​Tech Stack 🛠️ ​Built using Python and AI frameworks. ​Focuses on accuracy, simplicity, and user-friendly output. ​Check it out! 💻 ​You can view the source code and documentation here: 👉 [ https://github.com/cherukuriLakshmi/LingoBridge-AI ] ​I am still working on improving this, and I would love to get some feedback from this amazing community! If you have any suggestions on how to improve the AI or the user experience, please let me know in the comments below. ​Thanks for your support! ​Tags (Add these at the bottom): ai #healthtech #opensource #python #beginners

2026-07-15 原文 →
AI 资讯

The Bug That Kept Coming Back

The first sign something was wrong wasn't a crash. It was a pattern. blockly-platform was the first real thing I built with Claude Code end to end — a Blockly-based platform for university programming exercises, driven entirely through Claude Code's Telegram channel. No editor open, no repo checked out on my machine, just a chat thread. I'd describe what I wanted, Claude Code would build it on a box I never looked at directly, and I'd judge the result by clicking around the deployed app. On March 22nd, the home page came up empty. GET /api/exercises/published was returning 403. I said so in the chat; a few messages later, Claude Code said it was fixed — the endpoint hadn't been added to Spring Security's permitAll() list. I moved on, tried the category filter. Also empty, also 403, also missing from the same permitAll() list — same file, same class of fix, different line. Then the exercise detail page. Same story, third time, same day. Three days later, the like button stopped working — root cause, again: POST /api/exercises/*/like had never been whitelisted either. Four times, one file, one recurring gap. None of these were hard bugs. Each one, in isolation, is a one-line fix a competent engineer makes without thinking twice. What bothered me, once I noticed the pattern, was that I hadn't noticed it as it happened. I had no diff to scroll through, no file to glance at and think "wait, didn't we just fix this exact class of thing twice already?" I had a chat log and a live app to poke at. The fourth fix looked, from where I sat, exactly like the first: a message telling me it was resolved. That was the moment I started to suspect the problem wasn't the model. It was that nobody — not the model, not me — had anything to look at. Why chat-only vibe coding breaks down Here's what makes that pattern more interesting than "the AI made a mistake": every one of those four fixes was correct. Claude Code read the error, found the missing permitAll() entry, added it, and move

2026-07-15 原文 →
AI 资讯

What a Vibe Coding Security Scanner Can (and Cannot) Tell You

AI-assisted builders can take an idea from prompt to production in a weekend. That speed is useful, but it also compresses the part of the process where someone normally reviews deployment settings, browser-visible secrets, authorization boundaries, and recovery plans. A public security scanner is a good first pass for that problem. It is also easy to misunderstand. A clean public scan does not mean an application is secure, and a warning does not always mean a vulnerability is exploitable. The useful question is not “Did the scanner pass my app?” It is “What evidence could this scanner actually observe?” Layer 1: the public deployment surface A passive scanner can request the same resources that a normal visitor can reach. Depending on its scope, it may inspect: HTTP security headers such as Content-Security-Policy and Strict-Transport-Security HTTPS behavior and redirect consistency Public JavaScript bundles for credential-shaped strings Public source maps that expose original source structure Common sensitive paths such as environment files or repository metadata Cookie attributes and other response-level deployment signals These checks are valuable because they test the deployed result, not the configuration you intended to ship. For example, a repository may contain a CSP configuration while the CDN response does not. A source map may be disabled in one build configuration but still appear in production. A key may be stored safely on the server in most code paths while one client bundle accidentally contains a privileged token. The deployed surface is where those mistakes become observable. Layer 2: source-code review A public URL cannot reveal every control behind an application. Source review or SAST can inspect code paths, configuration, data flow, and dangerous implementation patterns that never appear in a normal response. This is where you can answer questions such as: Is authorization enforced on the server? Can a user change an object ID and read anothe

2026-07-15 原文 →
AI 资讯

LLM Latency Budget: Make AI Workflows Feel Fast Without Guessing

A slow AI feature rarely fails all at once. It starts with a longer prompt, then a bigger retrieval result, then one more tool call, then a retry path nobody measured. The demo still works, but users feel the delay before your dashboard explains it. That is why small AI product teams need an LLM latency budget before they start optimizing. Not a vague goal like “make it faster.” A budget says how much time each stage is allowed to spend, what happens when it exceeds that limit, and which user experience is still acceptable when the model, retrieval layer, or tool chain slows down. The payoff is practical: you stop guessing where the delay lives, stop overpaying for wasted work, and make AI workflows feel reliable even when traffic, context, and providers are messy. Why latency budgets matter now Recent AI platform news points in one direction: AI workflows are becoming longer, more tool-heavy, and more expensive to run without discipline. A current news scan showed several signals builders should notice: Production LLM cost and latency guidance is shifting from “add more compute” to “remove wasted work.” Agent environments are being designed for long-running background tasks, persistent state, and cheaper idle time. New model releases emphasize tool use, computer use, multimodal context, subagents, and larger context windows. AI gateways and enterprise platforms are adding cost controls, routing, caching, audit trails, and usage limits. Developers are asking more practical questions about why AI coding and agent workflows interrupt flow with repeated prompt-wait-evaluate loops. For AI SaaS builders, this means latency is no longer just a model selection problem. It is a workflow design problem. A simple chat completion might have one bottleneck. A real AI workflow may include: request queueing auth and tenant checks prompt assembly memory lookup vector search reranking model routing tool calls browser or API actions structured output validation fallback attempts str

2026-07-15 原文 →
AI 资讯

An Introduction to Neural Networks

Hi guys ! I'm a new developer who's interested in data science and artificial intelligence. To showcase what I learnt thus far, I've started writing articles, with my first one being published here ! One of the most difficult parts of getting into machine learning was the overload of terminology that tutorials had, even when explaining basic concepts such as how a neural network itself would function. Because of this, I've written an article (see above) that simplifies it while ensuring the main concepts are sufficiently explained; it requires no mathematical background and will only take less than 5 minutes to read ! I hope you find it informative and well written, and I highly welcome any suggestions or corrections that might be suggested to improve my future articles !

2026-07-15 原文 →
AI 资讯

Knowledge-and-Memory-Management v0.0.2: Portable Knowledge Collection and Memory Management

Knowledge-and-Memory-Management v0.0.2 is out, delivering a clean release that prioritizes portability and modularity. This version shifts from hardcoded personal paths to $AGENT_HOME , making your knowledge pipelines reproducible across environments. If you’re building autonomous systems that need to ingest web content, video transcripts, or articles, this is the update you’ve been waiting for. The core design separates collection from memory management. The knowledge_collector module handles ingestion, while memory_manager handles storage, retrieval, and decay. The $AGENT_HOME environment variable anchors all runtime paths—no more hardcoded /home/user strings. Set it once, and your agents can carry their knowledge base anywhere. Knowledge Collection: Web, Video, Articles The collector supports three primary sources: Web : Scrapes and parses HTML, extracting body text and metadata. Handles rate limiting and retry logic. Video : Takes a YouTube URL, downloads captions (if available) or generates transcripts via Whisper integration. Articles : Parses RSS feeds or direct PDF links, chunking content by sections. All sources normalize into a KnowledgeEntry dict: {source, timestamp, content, embeddings} . The collector writes raw entries to $AGENT_HOME/knowledge/raw/ and passes them to the memory manager for processing. Memory Management with $AGENT_HOME The memory manager is where the clean release shines. Previous versions used os.path.expanduser("~/knowledge") , which broke across systems. v0.0.2 requires $AGENT_HOME to be set, then constructs all paths relative to it: $AGENT_HOME/memory/ stores persistent memories. $AGENT_HOME/knowledge/ holds raw and processed collections. $AGENT_HOME/config/ contains source definitions and memory decay rules. This design lets you ship a single agent.env file with AGENT_HOME=/opt/myagent or %AGENT_HOME%\data —no platform-specific configuration. The memory manager indexes entries by semantic embeddings (via a pluggable model provider

2026-07-15 原文 →
AI 资讯

i've been building platforms first for 25 years. i think it's wrong now.

i've been that person. standing in front of leadership with an 18-month architecture diagram, explaining why we need six months of infrastructure before a user touches a single feature. and it made sense. for 25 years it made sense. writing boilerplate was expensive. every feature came with a tax — database migrations, routing config, auth wiring. build a shared platform first, pay that tax once. the roadmap justified the investment. then i saw a stat that wouldn't leave me alone. roughly 60% of features on a six-month roadmap are obsolete by launch. not slightly off. obsolete. the customer's problem shifted. the market moved. you spent six months building a precise answer to a question nobody asks anymore. the longer you invest before showing something real, the more expensive it is to admit you were wrong. so you don't. you ship the wrong thing and call it "on schedule." i've done it. i've watched it happen. AI didn't create this problem. but agents are making it impossible to ignore. the 82-point gap mckinsey's 2025 survey: 88% of organizations use AI. only 6% see real bottom-line impact. that 82-point gap isn't about tools. everyone has the same tools. but something shifted in their may 2026 report. they describe agents working overnight — enriching requirements, generating code, packaging outputs for morning review. they call it the "24-hour sprint." leading organizations see 3-5x productivity with 60% smaller teams. a product owner logs in at 9am and finds a feature went from requirements to tested code overnight. nobody worked late. agents did. that's not autocomplete. that's a different delivery model. and here's what most teams miss: it only works when the work is small, bounded, and complete. agents need to know where a task starts and ends. horizontal platform architectures don't give them that. the codebase is the prompt jeremy d. miller built wolverine for .NET. in june 2026 he wrote: "the structure of your codebase is now, effectively, part of the prom

2026-07-15 原文 →
AI 资讯

i tested an ai incident commander against 15 real outages — 88% pass rate

i've been the incident commander who forgot to write down the first 20 minutes of the timeline because i was too busy reading logs. more than once. the war room is chaos — five engineers pasting logs, someone asking if the deploy from 30 minutes ago is related, nobody documenting anything. you start logging events in a doc while reading error logs while drafting a stakeholder update while deciding whether to rollback. you're the bottleneck. not because you're bad at your job — because you're doing four jobs at once. i got tired of watching smart people spend their incident energy on documentation instead of decisions. so i built ai-incident-commander — a CLI tool that handles the mechanical parts. timeline, updates, remediation research, postmortem draft. you make the calls. it does the paperwork. runs on your laptop with a local LLM. no API keys, no cloud, no docker. github.com/deghosal-2026/ai-incident-commander — MIT licensed. what it does one command: pip install git+https://github.com/deghosal-2026/ai-incident-commander.git incident-commander simulate --scenario db-connection-pool --auto-approve 8 pre-built scenarios ship with it. database connection pool, bad deploy, memory leak, cert expiry — the usual suspects. no real data needed to try it. for actual incidents, you point it at a directory with your alert, logs, messages, and github PRs. it outputs 10 markdown files: timeline, stakeholder updates, comms blocks you can paste straight into slack, remediation suggestions, a blameless postmortem, and a cost report. the safety part was the real engineering. three points in the pipeline where the graph pauses and waits for you to say yes — stakeholder update, remediation, postmortem. the AI never ships anything without approval. every remediation comes with a citation. suggestions below 0.7 confidence get suppressed. the postmortem prompt enforces blameless language. all AI content gets labeled [AI-GENERATED — review carefully] . and it never executes anything. i

2026-07-15 原文 →
AI 资讯

From $39/Month to $1: How I Moved 10+ Sites Off Hostinger for Free

Last month I finally did some math I'd been putting off: how much I was actually paying to keep a bunch of sites online. $39/month on Hostinger (about R$200, I'm in Brazil). For hosting 10+ sites: product landing pages, blogs, a couple of small tools. Every month, on autopilot, straight off the card. Then I asked myself the obvious question I'd been avoiding: out of those 10+ sites, how many actually need a server running 24/7? Answer: none. What these sites actually are A product landing page doesn't need PHP processing a request. A blog doesn't need a database query on every page view. A marketing site doesn't change its content every second. That's HTML, CSS, and JS you can generate once and serve from a CDN. In other words: a static site. A few real examples I migrated: eduardovillao.me → my personal blog, built with Astro formroute.dev → a SaaS landing page, plain HTML wpfeatureloop.com → a dev tool landing page, plain HTML Three different kinds of sites (blog, SaaS, dev tool), two different stacks, and none of them needed a server running around the clock just to exist. The reason I hadn't migrated sooner wasn't technical. It was inertia. "It's already paid for, it already works, leave it alone." Classic. The migration I moved everything to Cloudflare Pages . The reasoning is boring because it's so simple: it's free, global CDN, automatic SSL, Git-based deploys, custom domains at no extra cost. For static sites, there's really nothing to debate. The process, in short: Each site became a repo (or a folder inside a monorepo, depending on the case) Connected the repo to Cloudflare Pages Set up the build, mostly plain HTML, Astro for the blog where I wanted content collections and a proper writing workflow Pointed the domain, SSL came up on its own Cancelled hosting for that domain on Hostinger Repeated that site by site. No magic, just repetitive work, but each one took about 20-30 minutes. (If you want the technical deep dive on one specific migration, including

2026-07-15 原文 →
AI 资讯

How to run your first OpenAI-compatible API call with curl, Python, and Node.js

When you are testing an OpenAI-compatible API endpoint, the fastest path is not to wire it into a full app immediately. Start with one small request, confirm the base URL, API key, model name, and response shape, then move the working call into your product. I put together a compact examples repo for that exact first-call workflow: https://github.com/OriginStartAI/openai-compatible-api-examples It includes curl, Python, Node.js, streaming responses, JSON structured output, migration notes, and a small error reference. 1. Set environment variables first Keep credentials out of source code and use environment variables: ORIGINSTARTAI_API_KEY = your_api_key_here ORIGINSTARTAI_BASE_URL = https://your-api-base-url/v1 ORIGINSTARTAI_MODEL = your_enabled_model The important parts are simple: base_url or baseURL points to your OpenAI-compatible endpoint. api_key or apiKey is your provider key. model must be enabled for your account. Streaming support should be tested separately. 2. Test with curl Curl is useful because it removes SDK behavior from the equation: curl " $ORIGINSTARTAI_BASE_URL /chat/completions" \ -H "Authorization: Bearer $ORIGINSTARTAI_API_KEY " \ -H "Content-Type: application/json" \ -d '{ "model": "' " $ORIGINSTARTAI_MODEL " '", "messages": [ {"role": "user", "content": "Say hello from OriginStartAI"} ] }' If this works, your endpoint, key, and model are probably configured correctly. 3. Then test Python from openai import OpenAI import os client = OpenAI ( api_key = os . environ [ " ORIGINSTARTAI_API_KEY " ], base_url = os . environ [ " ORIGINSTARTAI_BASE_URL " ], ) response = client . chat . completions . create ( model = os . environ [ " ORIGINSTARTAI_MODEL " ], messages = [{ " role " : " user " , " content " : " Write one friendly onboarding sentence. " }], ) print ( response . choices [ 0 ]. message . content ) 4. Then test Node.js import OpenAI from " openai " ; const client = new OpenAI ({ apiKey : process . env . ORIGINSTARTAI_API_KEY , baseURL : p

2026-07-15 原文 →
AI 资讯

Stratagems #14: Leo Found an AI Leak. He Wasn't the First to Find It.

Take the opportunity to pilfer a goat. — The 36 Stratagems, Take the Opportunity to Pilfer a Goat Previously on this series: #5: Leo Walked Into a Burning House. He Walked Out With a Client. — At 1 AM, Leo received an anonymous message and drove across town to fix a competitor's outage. A second message followed — a screenshot with a name: Automated Compliance Lab. He didn't remember the acronym. He didn't delete the screenshot. #10: Lena Watched a Team Adopt Her AI Template. Leo Didn't Know the Knife Was in the Contract. — Lena joined CoreStack as a consultant and built Leo a reporting template. Leo thought she was there to help. Five weeks later the template went live. Six months later the data baseline was locked. He only then realized he'd been inside her palm the whole time. Taken down by a smile. This was a few months later. The Archive Cleanup SOC 2 Type II renewal had just passed. The auditors were gone. CoreStack's compliance team was doing the post-audit archive — classifying every record produced during the audit and tagging them with retention periods. Leo got the cleanup part. The training pipeline's cache directory. The cleanup cron job hadn't run for a week — nobody noticed. When he looked inside, the output folder had a few records with train_ prefixes mixed in among inference outputs. One of them had a model_version that wasn't CoreStack's own. model_version : " acl-train-2026q2-v3" Leo copied that line out. Didn't delete it. Didn't report it. Dropped it into a folder called _misc/ .Set a quiet keyword alert for "acl-train" before closing the terminal. He noticed the naming convention wasn't FinOptima's — FinOptima used fin-model- plus timestamps. acl- — he'd seen that prefix somewhere before. Couldn't place it. He didn't let himself try. He filed it away. Went back to archiving. The Trace Not every CTO digs through cache write logs during archive cleanup. He did. He spent two hours cross-referencing FinOptima's API call records against CoreStack's

2026-07-15 原文 →
AI 资讯

Dependabot learns to wait: version-update PRs now sit for three days by default

Every time your bot merges a two-hour-old release into main, you are trusting a stranger's freshly published tarball to be the same one everyone else is looking at. Sometimes that release is a real bugfix. Sometimes it is a maintainer who fat-fingered a token, or an attacker who did not, and either way your CI cheerfully rebases against it before anyone had a chance to notice. On 2026-07-14, GitHub added a pause. Not a big one. But a real one. The actual change Dependabot version updates now sit on their hands for three days after a package is published. According to the GitHub Changelog, a release has to have been available on its registry for at least that long before Dependabot will open a version-update pull request against your repository. The cooldown is on by default and requires no configuration. It applies across every ecosystem Dependabot supports on github.com, and GitHub Enterprise Server picks it up in GHES 3.23. Security updates are exempt. If a fix for a known vulnerability lands, Dependabot will still open the PR the moment it can, because a three-day delay on the patch defeats the entire point of shipping the patch. That single carve-out is the whole design. Why three days is doing so much work Three days is not enough time to audit a package. Nobody is pretending otherwise. What three days is enough for is someone else to notice. Most malicious releases that end up on a public registry get pulled quickly once security researchers, downstream maintainers, or the registry's own scanners spot the pattern. The typosquats, the hijacked accounts, the crypto miners buried in a postinstall script: they all rely on being pulled into build automation before the pattern is visible. Dependabot's old default was to be that automation. Its new default is to let the pattern show up first. You can read this change as GitHub quietly admitting that "always up to date" was the wrong marketing promise for a supply-chain tool. The knob, and what shifted about it Cooldo

2026-07-15 原文 →
AI 资讯

Laptop Memory Leak Story

I found a slow, insidious memory leak in a Node.js API gateway caused by lingering event listeners; I fixed it by scoping emitters per request, enforcing cleanup in finally blocks, and adding leak‑aware tests and runtime safeguards—memory usage flattened and OOM restarts stopped. The Incident The gateway handled TLS termination, auth, and request fan‑out for many microservices. Over weeks its resident set size climbed in a staircase pattern until Kubernetes began OOM‑killing pods under load. The failure was gradual —light traffic ran for days, peak traffic crashed in hours—so it escaped casual monitoring. Investigation Heap snapshots and allocation profiles showed growing counts of small objects —closures, request metadata, and event listeners—rather than one giant allocation. Tracing revealed an internal event bus where request‑scoped listeners were attached but not always removed: an early‑exit authentication path returned before the cleanup function ran, leaving listeners that held references to request state. The GC saw those objects as live and never reclaimed them. The Fix (technical details) 1. Scoped emitters per request. Replace global emitters for request‑local concerns with a short‑lived EventEmitter created at request start. When the request ends, the emitter goes out of scope and the whole closure graph becomes collectible. 2. Guaranteed teardown via try/finally . Wrap the entire request pipeline so cleanup runs on success, error, or early return; the finally detaches any remaining listeners, clears timers, and releases caches. 3. Leak‑aware CI tests and runtime metrics. A harness simulated thousands of requests across code paths, captured heap snapshots, and asserted bounded object counts. Production metrics tracked listener counts and emitted alerts when thresholds were exceeded. 4. Operational safeguards. Added backpressure on accept queues, a soft memory threshold that disabled nonessential tracing, and rollout halting on excessive crash loops. Thes

2026-07-15 原文 →
AI 资讯

Vision drift: why agentic workflows need workflow auditing

How a distributed, event-sourced issue tracker built with developer ergonomics in mind may have a role to play in the next generation of agentic workflows Vision drift Harness engineering has recently popularized the idea of containing architectural drift in agentic workflows. What might be missing in the discussion is a similar issue on a higher level - vision drift . By vision drift I mean that the implementation no longer drifts only from the architecture - it drifts from the original product intent. And it seems like the risk may be obscured by restricted tooling. As long as the project management tools only present a snapshot rather than a traceable story, there is an increased risk of undetected drift. Drift is detected via specification audits over time. However, while code history easily can be traversed via Git, issue tracking essentially lacks this capability. Issue trackers tend to be excellent at answering the question “what is going on right now?”, but fail at answering the question “how did our work in this area evolve last month?” or “what went on this time last year?”, or “how did we get from there to there?”. Workflow audits When I set off to build Epiq, this was not a concern on my radar. Agentic coding was something I had heard distant rumors of, and in fact I was just pursuing the ideal developer experience . This pursuit did however lead me down a path of unorthodox architecture, which in turn resulted in an issue tracker with some uncommon properties. One of these is the ability to inspect historical state by time-traveling, and replay sequences. I have not yet encountered another issue tracker with these capabilities. Initially I thought of it as a gimmick feature. Imagine the wow-factor of replaying the entire sprint in a retro, visualizing the past 2 weeks as a short movie. I thought it would help out with reflection of how much (or little) work had been accomplished. Not until I set out to do my own first fully agent-implemented feature did

2026-07-15 原文 →
AI 资讯

Why Pipelock Is an Egress Agent Firewall, Not an Inbound WAF

Why Pipelock Is an Egress Agent Firewall, Not an Inbound WAF The question behind the word firewall Security teams hear "firewall" and picture something inbound. A firewall, WAF, or IPS sits in front of a service. Traffic comes from the outside world toward the protected app. The control inspects requests before they reach the app and blocks malicious payloads at the door. That is outside-in protection. It fits web applications, where many attacks have recognizable request shapes: SQL injection, cross-site scripting, known exploit signatures, or malformed protocol behavior. The web server is the thing being attacked, and the attacker sends requests into it. AI agents invert that model. The agent is not only a server receiving input. It reads external content, calls tools, sends HTTP requests, invokes MCP servers, and runs with credentials. The dangerous event is rarely that a hostile packet reached the agent. The dangerous event is that the agent got talked into doing something with outbound effects. That is why Pipelock is built as an egress agent firewall, not a WAF-style inbound firewall. Why inbound filtering is the wrong primary model Prompt injection does not behave like a structured malware packet. It is natural-language instruction sitting in places the agent is supposed to read: a web page, a ticket, a search result, a tool response, an MCP server reply, or a user message. The channel is legitimate. The syntax is often normal. The attack is semantic and context-dependent. Solving that by filtering every input before it reaches the agent turns into an enumeration problem. You write patterns for "ignore previous instructions," then the attacker rephrases. You block one formatting trick, then the instruction is split across paragraphs, hidden in quoted text, encoded, or dressed up as policy text. Known phrases are worth catching, and Pipelock catches known injection markers in content it mediates, but input filtering cannot be the center of the security model.

2026-07-15 原文 →