今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#governance

找到 30 篇相关文章

AI 资讯

Article: Governing AI in the Cloud: A Practical Guide for Architects

In this article, the author outlines a practical approach to AI governance in the cloud, covering discovery of shadow AI, data classification at creation, IAM-based enforcement, policy-as-code, and operational controls. The article shows how organizations can embed governance into delivery pipelines, balancing security, compliance, and developer productivity without relying on manual processes. By Dave Ward

2026-06-15 原文 →
AI 资讯

My AI System Logged 35,669 LLM Calls. It Still Couldn’t Tell Me What They Cost.

CORE had telemetry. That was the comforting part. Every LLM exchange was being logged. Prompt tokens. Completion tokens. Duration. Cognitive role. Model snapshot. Timestamp. Privacy level. Enough information to reconstruct what the system had asked, which model had answered, and how the autonomous loop had used the result. Then I asked the obvious question: What did the last month of LLM work cost? The database had no answer. Not a bad answer. Not an approximate answer. No answer. The cost_estimate column existed. It was even part of the log model. But across 35,669 recorded LLM calls, it was populated exactly zero times. Every row was NULL. That is the kind of bug that looks small until you understand what kind of system CORE is trying to become. CORE is not just a wrapper around LLM calls. It is a governance runtime for AI-assisted software development. The point is not that an AI writes code. The point is that every AI-produced change must be traceable, authorized, constrained, audited, and defensible. So when cost attribution was missing, this was not just a FinOps bug. It was a governance blind spot. The System Could Explain the Work, But Not the Bill The strange thing was that most of the telemetry was already there. CORE knew which cognitive role made the call. It knew whether the call came from an architect, coder, reviewer, coherence analyst, or some other internal role. It knew which model handled the request. It knew the token counts. It knew when the call happened. That meant I could ask questions like: Which cognitive roles are consuming the most tokens? Which models are being used by which part of the system? Which workflows are driving LLM activity? How much autonomous reasoning happened during a given period? But I could not ask: Which cognitive role costs the most? Did routing this role to a stronger model actually change the cost profile? Did a model swap increase operational cost? Is local inference replacing paid inference in the places where it

2026-06-13 原文 →
AI 资讯

Coding-Agent Misalignment: Turn Failure Taxonomies into QA Checks

Coding agents are no longer just autocomplete with a longer prompt. GitHub describes Copilot cloud agent as software that can research a repository, create an implementation plan, make code changes on a branch, run in an ephemeral GitHub Actions-powered environment, and let a developer review or create a pull request afterward. OpenAI's Codex GitHub integration similarly positions code review as a repository-aware review pass that follows AGENTS.md guidance and focuses comments on serious issues. That shift changes the buyer question. The useful question is not "does the agent usually write code?" It is "can the team detect when the agent drifts away from the developer's intent before the change reaches production?" A May 2026 arXiv paper, "How Coding Agents Fail Their Users" , gives teams a better vocabulary for that review. The authors studied 20,574 real IDE and CLI coding-agent sessions across 1,639 repositories and define misalignment as a breakdown that becomes visible through developer correction or pushback. The paper reports seven recurring symptom categories: wrong project diagnosis, misread developer intent, developer constraint violation, self-initiated overreach, faulty implementation, operational execution error, and inaccurate self-reporting. Effloow Lab also ran a bounded OpenAI API check using three synthetic, non-confidential coding-agent transcript snippets. The run did not measure real-world incidence, compare vendors, or reproduce the paper. It produced a small rubric that maps visible symptoms to review gates such as diff-scope checks, evidence-before-edit checks, acceptance-criteria coverage, and verification-output requirements. The public lab note is available at /lab-runs/coding-agent-misalignment-failure-taxonomy-poc-2026 . This guide turns that research and lab output into a practical QA checklist for teams buying, piloting, or packaging coding-agent workflows. Why This Matters for Agent Buyers Coding-agent procurement often starts with p

2026-06-13 原文 →
AI 资讯

The Person, Not the Cards

In December 2025, Anthropic acquired Bun , the JavaScript runtime written in Zig. In April 2026, the Bun team announced a 4× compile-time improvement on their fork of the Zig compiler — "parallel semantic analysis and multiple codegen units to the llvm backend" , in their phrasing. They also announced they would not be upstreaming the work, "as Zig has a strict ban on LLM-authored contributions." The framing landed badly with Zig observers, for two reasons. The first was that the framing made Zig's contribution policy the obstacle. The second, pointed out shortly afterwards by a Zig core contributor in the Ziggit thread, was that the patch had separate engineering reasons it would not have been merged regardless: "Parallel semantic analysis has been an explicitly planned feature of the Zig compiler for a long time" , with "implications not only for the compiler implementation, but for the Zig language itself" . The AI-ban explanation was, on a closer read, a tidy way of declining to litigate the engineering disagreement in public. Both readings are useful. They are also both downstream of the actual rationale, which is one of the most carefully argued OSS-governance documents to appear in 2026. What the policy actually says The relevant clauses, in the Zig code of conduct under the section heading Strict No LLM / No AI Policy , are three: No LLMs for issues. No LLMs for pull requests. No LLMs for comments on the bug tracker, including translation. English is encouraged, but not required. You are welcome to post in your native language and rely on others to have their own translation tools of choice to interpret your words. The translation clause is the surprising one. It is also the one that disambiguates the policy from a code-quality rule. A blanket ban on LLM-mediated communication, including translation, is not a heuristic about whether agentic tools produce good code. It is a stance about what the project's communication channels are for . Contributor poker Lor

2026-06-12 原文 →
AI 资讯

Cursor Developer Habits Report 2026: Why AI Coding Needs Governance Infrastructure

Cursor's Developer Habits Report is one of the clearest signals yet that AI coding has crossed from individual productivity into software-delivery infrastructure. The headline numbers read as a story about speed: more code per week, larger PRs, deeper agent sessions, more changes committing without manual review. The deeper implication is governance -- whether teams can preserve architectural intent while generation, review, automation, and commit flows all accelerate at once. The velocity curve is now measured, not anecdotal. For two years the claim that AI coding is accelerating rested mostly on vibes and vendor decks. Cursor's data turns it into telemetry. And read as an operations document rather than a marketing one, that telemetry describes a structural shift: software delivery is getting harder to govern, not just faster to produce. This is not a critique of Cursor. The report is strong validation. Cursor proves the velocity curve with numbers most of the industry only gestured at. The point of this essay is what sits on the other side of that curve. What the Cursor Developer Habits Report Shows The inaugural Cursor Developer Habits Report (Spring 2026 edition), published by Cursor (Anysphere, Inc.), draws on Cursor usage data rather than survey responses. It captures the transformation across five themes -- developer acceleration, the economics of intelligence, the power user gap, the rise of context, and the shift to automation. The headline figures: 3.6K -> 8.6K lines added per developer per week -- the per-developer code volume rose from 3.6K (Jan 2025) to 8.6K (May 2026), with growth accelerating since the start of 2026. 125.86 -> 345.02 lines per PR at p75 -- lines added per pull request at the 75th percentile rose roughly 2.5x year over year (Jan 2025 to May 2026). Developers are taking on larger units of work in a single PR. 8% -> 13.8% mega PRs -- the share of PRs with at least 1,000 changed lines grew from 8% (Jan 2025) to 13.8% (May 2026). ~30% mor

2026-06-04 原文 →
AI 资讯

Microsoft's Agentic Transformation Playbook Shows Why AI Agent Governance Is Now Infrastructure

Microsoft's Agentic Transformation Patterns Playbook is a useful signal because it does not treat AI agents as another productivity tool. It frames agentic AI as an enterprise operating-model shift: agents are moving from assisting humans to executing work across processes, systems, and teams. The implication for software teams is sharper than it looks -- coding agents are on the same trajectory, and architectural governance becomes part of the infrastructure stack the moment agents start executing. Microsoft's playbook describes six transformation patterns and emphasizes that each pattern requires different ownership, governance, and operating discipline. That is the move worth paying attention to. It reframes agentic AI from a model question into an enterprise operating-model question. That shift matters for software teams because coding agents are following the same path. They are moving from autocomplete to execution. Once agents edit files, open PRs, modify infrastructure, or coordinate multi-step changes, architectural governance becomes infrastructure. What is Microsoft's Agentic Transformation Playbook? Microsoft's playbook is a practical guide for choosing, scaling, and operating AI agents across the enterprise. Public summaries describe it as a 52-slide guide covering six transformation patterns, from employee productivity to core business processes and customer-facing agents. The throughline is that agents are not a single category -- they are a family of patterns with different ownership models, different risk surfaces, and different requirements for governance. That framing matters because it cuts against the dominant adoption narrative. Most enterprises are still treating AI as a per-team productivity story: this team gets Copilot, that team gets an internal assistant, another team is piloting an agent for support tickets. Microsoft is arguing that the pattern of deployment determines the operating discipline required, and that ad-hoc deployment does n

2026-06-04 原文 →
AI 资讯

Agent Runtime Governance: The Next AI Infrastructure Layer

Google's Managed Agents announcement is one of the clearest signals yet that the AI industry is moving beyond stateless tool calling toward persistent execution environments and long-running agent systems. That shift expands what models can do. It also expands the governance surface -- from prompt and PR review into the runtime itself. We spent two years building brains in jars For most of the current AI cycle, the system around the model has been thin. Models could reason, propose commands, and orchestrate small tool calls. But they ran in short sessions, against narrow APIs, under human supervision, with ephemeral state. The model was a brain; the body was a few HTTP requests and a JSON tool schema. That assumption is ending. The frontier is not just better reasoning. It is a body for the brain. The brain finally has a body. Now it needs governance. The runtime layer for AI agents is arriving Google Managed Agents (and the parallel motion across the ecosystem -- OpenAI's containerized execution work, Claude Code's persistent sessions, MCP-based tool ecosystems, hosted agent harnesses) formalizes the runtime as a product: Sandboxed execution Persistent state across sessions Orchestration loops Infrastructure-native agents Agent-as-a-service lifecycle Long-running sessions Mid-session tool injection Managed runtime lifecycle This resembles the transition from scripts -> applications -> cloud platforms. Agents are no longer just calling tools. They are beginning to inhabit programmable environments . Why persistent agent systems change governance Once agents can continuously modify filesystems, maintain state across sessions, autonomously remediate, inject tools dynamically, operate against production systems, and coordinate across workflows, governance failures stop being one-off review misses. They compound over time . What that compounding looks like: Architectural drift -- small deviations accumulate across long-running sessions Policy propagation failures -- con

2026-06-04 原文 →
AI 资讯

The Acceleration Whiplash and the Governance Gap

The Faros AI Engineering Report 2026 is not a survey of developer sentiment. It is two years of telemetry from 22,000 developers across 4,000 teams, measuring what AI adoption actually produces downstream. The findings have a name: the Acceleration Whiplash. The structural explanation has one too. What the telemetry actually shows The output numbers in the Faros report are real and worth stating plainly. Epics completed per developer are up 66.2%. Task throughput per developer is up 33.7%. PR merge rate per developer is up 16.2%. These represent genuine delivery acceleration, and dismissing them would be dishonest. AI coding tools are producing real productivity gains at the business level. The production quality numbers are also real: Metric Change Incidents per PR under high AI adoption +242.7% Median time in code review +441.5% Code churn (lines deleted to lines added) +861% PRs merged with no review at all 31.3% Source: Faros AI Engineering Report 2026: The Acceleration Whiplash . Telemetry from 22,000 developers across 4,000+ teams. Figures represent metric change from lowest to highest AI adoption periods within each organization. Both sets of numbers are true simultaneously. That is the whiplash. Throughput accelerated. The downstream systems built to validate that throughput did not. Plotted together, generation throughput rises steeply while control capacity stays nearly flat -- and the gap between the two curves is the governance debt. Why the systems did not scale Code review, incident response, and architectural validation were all designed for a world where development velocity was human-paced. A senior engineer could review the meaningful PRs in a sprint. An incident postmortem could trace a failure to a specific change and a specific decision gap. Architectural drift was visible because it moved slowly enough to catch. AI-generated code broke these assumptions quietly. Not because the code was obviously bad, but because it was often superficially conv

2026-06-04 原文 →
AI 资讯

Inside Swift's plan to modernize thousands of Ansible Playbooks - and govern automation at scale

At Red Hat Summit 2026, SWIFT shared the approach they’re rolling out — including the pilot results that informed it, and the scale they’re targeting next. Imagine running automation that touches roughly one third of global GDP every day. Tens of thousands of VMs, network devices in production, elevated privileges across production systems — and every playbook you run is, effectively, a software supply chain. That is the everyday reality at SWIFT, the secure financial messaging backbone connecting 11,000+ financial institutions across more than 200 countries. At Red Hat Summit 2026, Suvasish Ghosh , Product Owner for CI/CD Engineering and DevOps Engineering Services at SWIFT, joined Gregor Berginc , CEO of XLAB Steampunk, on stage to talk about how SWIFT is using Steampunk Spotter to govern Ansible automation at this scale. Why automation at SWIFT scale needs governance by design For SWIFT, security, availability and auditability are not features added on top — they are baseline engineering requirements. Regulatory frameworks (including DORA) codify the expectations, but as Suvasish made clear on stage, governance is by design at SWIFT, not driven solely by regulation. That stance reflects a simple truth that more and more platform teams are arriving at: automation is production infrastructure, and it must be governed as such. When you run an Ansible playbook, you are executing a software supply chain — collections, modules, roles, Python packages, system packages, the execution environment, the operating system underneath. The playbook itself is just the tip of the iceberg. Errors propagate fast. The blast radius is large. And yet, until recently, most of the security and compliance attention in IT organizations went to the applications shipping to production. The automation that built and configured everything around them often slipped through. Suvasish put it directly during the session: “We spent a lot of time being compliant and secure in our application, but w

2026-06-03 原文 →