AI 资讯
Generative AI vs Agentic AI vs AI Agents [2026 Compared]
Originally published at kunalganglani.com — read it there for inline code, hero image, and live links. Generative AI vs agentic AI vs AI agents. Three terms, used interchangeably by people who should know better, burning engineering budgets across the industry in 2026. Generative AI refers to models that produce new content — text, images, code — from a prompt. AI agents are software systems that wrap those models with planning, memory, and tool use to pursue goals autonomously. Agentic AI is the broader paradigm: orchestrated systems of agents, workflows, and decision-making that operate with minimal human oversight. Getting these distinctions wrong doesn't just lose you a Twitter argument. It determines whether your production system costs $500/month or $50,000. Every quarter, someone on a leadership team says "we need to go agentic." What they usually mean is one of three completely different things. And the architecture you pick for each one has wildly different implications for cost, latency, reliability, and maintenance burden. I've watched teams burn entire quarters building autonomous agent systems when a well-tuned prompt engineering pipeline would have shipped in a week. That's not a hypothetical. I watched it happen twice in 2025. This post cuts through the buzzword soup. I'll define all three paradigms with concrete technical distinctions, show you how they map to real production architectures, and give you a decision framework for picking the right one. What Is Generative AI? The Engine, Not the Vehicle Generative AI is the foundation layer. It's a large language model (or image model, or audio model) that takes an input and produces new output. GPT-4, Claude, Gemini, Llama — these are all generative AI. You send a prompt, you get a completion. That's it. The critical thing to understand: generative AI is stateless by default . Each API call is independent. The model doesn't remember what you asked five minutes ago. It doesn't plan a sequence of steps.
AI 资讯
Embedding Forbidden Text in Spyware to Discourage AI Analysis
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details : The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips it. The real malware begins after the comment with a try{eval(…)} wrapper around a large character-code array and a ROT-style substitution function. This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware...
AI 资讯
Step 3.7 Flash is a drop-in — except for one endpoint detail
Step 3.7 Flash shipped on May 29, 2026 as a structural upgrade to 3.5 Flash: same OpenAI-compatible SDK, new vision encoder, new runtime escalation, and a compute-control flag you can set per request. The migration from 3.5 is two environment variables. One of them has to be exactly right — or every call returns a silent 401. What 3.7 brings that 3.5 didn't Step 3.7 Flash adds three net-new capabilities over 3.5 Flash: a native 1.8B-parameter ViT encoder that injects image representations directly into the language backbone without a separate model call , an automatic Advisor Mode that routes failure-prone subtasks to a larger model at runtime, and a reasoning_effort parameter (low / medium / high) as a first-class API flag rather than a prompt-engineering convention. The production-relevance number is variance: 3.5 Flash scores ranged from 43% to 73% across different harnesses ; 3.7 narrows that to 64.5–71.5% , which matters more for production scheduling than the raw score improvement. Quick Answer: Step 3.7 Flash is an OpenAI-SDK-compatible model — model string step-3.7-flash , base URL https://api.stepfun.ai/v1 (global) or https://api.stepfun.com/v1 (China region). New over 3.5: native vision input, automatic Advisor Mode escalation, and a reasoning_effort flag. The only breaking change from 3.5: base URL must match your account region exactly, or you get a 401 with no error body. The architecture is a 198B sparse MoE model with roughly 11B parameters active per forward pass — dense-10B compute cost at much larger capacity. SWE-Bench Pro improved to 56.3% from 51.3% ; Terminal-Bench 2.1 improved to 59.5% from 53.4% , suggesting the planning and shell-operation gains that matter for coding agents are consistent across benchmarks. Advisor Mode carries the headline cost claim from StepFun's internal harness: 97% of Claude Opus 4.6's coding performance at $0.19 vs. $1.76 per task . That's a vendor figure on a first-party SWE-Bench Verified run — treat it as directio
AI 资讯
llama-bench skipped FA on capable GPUs — b9437 corrects it
What flipped in b9437 Build b9437 , published on May 30, 2026 at 20:56 UTC , ships two targeted default-value corrections to llama-bench . Flash attention ( -fa ) shifts from a hard-coded off to auto ( LLAMA_FLASH_ATTN_TYPE_AUTO ), and the GPU-layer count ( -ngl ) changes from the legacy sentinel 99 to -1 . Both values now match what llama-server and llama-cli already used — the bench tool was simply never updated to track them until this build. Quick Answer: Before b9437 (published May 30, 2026) , llama-bench hard-coded -fa off , silently skipping flash attention even on CUDA, Metal, and Vulkan hardware. Build b9437 sets the default to -fa auto and -ngl -1 , matching llama-server and llama-cli . Any pre-b9437 baseline on FA-capable hardware needs a flag-matched re-run to remain valid. PR #23714 , reviewed and merged by maintainers JohannesGaessler and pwilkin, adds the same -fa auto|off|on tri-state flag to llama-bench that the rest of the toolchain already supported. With LLAMA_FLASH_ATTN_TYPE_AUTO as the new default, flash attention activates automatically when the runtime detects a capable backend (CUDA, Metal, Vulkan); on CPU-only hosts it stays off with no error and no output change. Parameter Before b9437 After b9437 Behavioral impact -fa off (hard-coded) auto ( LLAMA_FLASH_ATTN_TYPE_AUTO ) GPU-capable hosts bench with FA active by default; pre/post comparisons require explicit flag-matching -ngl 99 (offload-all sentinel) -1 (runtime decides) CPU-only builds no longer attempt full GPU offload; eliminates spurious CUDA errors when no GPU is present The following verified script (executed successfully, exit 0) demonstrates the behavioral gap in concrete terms — on a capable GPU, the pre-b9437 defaults schedule zero FA rows while b9437 defaults schedule one: def old_llama_bench ( device ): # Before b9437, the default bench matrix used FA=0, so FA rows were skipped. return [{ " device " : device [ " name " ], " ngl " : 0 , " fa " : 0 }] def b9437_llama_bench ( de
AI 资讯
LLM Prompt Injection & Guardrail Security
A recall reference built from working through a 7-layer prompt-injection challenge. Focus: how each defense layer works, where it breaks, and most importantly how to defend. The one idea underneath everything LLMs have no hard boundary between instructions and data . Everything in the context window — system prompt, user message, retrieved documents — is one stream of tokens the model interprets. Prompt injection exploits exactly this: attacker-controlled data gets read as instructions . You cannot fully filter your way out of it; you manage it with defense-in-depth , knowing each individual layer is bypassable. The defense layers (and where each cracks) A progression of controls from weakest to strongest, each with the lesson it teaches. 1–2. No / weak guardrails Baseline: the model just answers. Lesson: an LLM holding secrets in its context with no controls will leak them on request. 3. Input filtering — block words in the user's message Defense: scan the incoming prompt for banned terms ("code", "secret", "reveal") and block. Weakness: keyword blocklists are trivially evaded — synonyms, misspellings, split words, leetspeak, another language, oblique references. Filtering strings doesn't filter intent . What actually helps: prefer allowlists to blocklists; classify intent semantically rather than matching keywords; treat all input as untrusted; rate-limit and log probing. 4. Output filtering — catch the secret in the response Defense: string-match the known secret in the model's output and redact. Weakness: substring matching only catches the contiguous secret. Fragmenting or transforming it (separators, per-character, encodings) means the literal string never appears, so there is nothing to match. What actually helps: don't put secrets where the model can emit them in the first place; minimize sensitive data in context; treat output filtering as a brittle last line, never a primary control. 5. Input + output filtering combined Defense: both of the above, stacked.
AI 资讯
The Quantization Audit: Why Leaderboard Scores Lie About Local Agent Capabilities
There is a dangerous trap in the local AI world: picking the smallest quantization that fits into your VRAM just because it "runs." We see developers doing this all the time, completely unaware that they’ve crippled their agent's ability to reason. It’s easy to look at a leaderboard, see a model rank high, and assume it’s good to go. But leaderboard scores are a poor proxy for real-world agent behavior. A model might pass a static benchmark at a lower quantization, but when you put it in an agentic loop, its tool-calling accuracy can fall off a cliff. We built the "Quant Audit" feature in QuantaMind because we were tired of this silent failure. It systematically measures the performance drop-off as you move through different compression levels. The goal shouldn’t be to find the smallest quant that loads; it should be to identify the largest quant that actually retains the reasoning integrity your app requires. Stop guessing, start measuring, and stop letting leaderboard hype dictate your architecture.
AI 资讯
Stop telling your RAG bot not to hallucinate. Make it impossible.
The suggestion every RAG app ignores If you've shipped a retrieval-augmented assistant, you've written some version of this line in your system prompt: "If the answer isn't in the provided context, say you don't know. Do not make things up." And you've watched the model cheerfully ignore it under pressure. A confident-sounding question comes in, retrieval returns something adjacent , and the model stitches together an answer that's plausible, fluent, and wrong. Telling a language model not to hallucinate is a suggestion — and suggestions lose to the model's overwhelming prior toward being helpful. I got tired of fighting this with prompt wording, so I tried a different framing while building MCP SDK Docs Assistant , an assistant for the Model Context Protocol TypeScript SDK. The framing: don't ask the model to refuse — remove its ability to fabricate. Refusal as code, not as a prompt The core idea is that the model can only hallucinate if you hand it material to hallucinate from. So the refusal decision lives in the retrieval tool, before the model ever sees anything. If nothing clears a confidence bar, the tool returns an empty result set, and the model is left with no source text to spin into an answer. In practice, the tool looks roughly like this: const candidates = await hybridSearch ( query , { version , limit : 12 }); if ( ! hasConfidentMatch ( candidates )) { // best cosine sim < 0.45 return { relevant : false , results : [] }; // model has nothing to work with } const results = await rerank ( query , candidates , 6 ); return { relevant : true , results }; The model isn't asked to behave. The system is shaped so that the only coherent next move, when results come back empty, is to say "the docs don't cover this." Refusal stops being a personality trait you're hoping for and becomes a property of the architecture. Why this particular SDK needed it There's a second failure mode this assistant had to solve, and it's specific to fast-moving libraries. The MCP Ty
AI 资讯
What an LLM Actually Does: Predicting the Next Word, Explained
"How does ChatGPT think ?" It doesn't. The entire mechanism behind every chatbot is almost anticlimactic: it predicts one next word , adds it, and repeats. I built a tiny interactive predictor so you can be the model — and it explains both the magic and the flaws. 🔮 Be the model: https://dev48v.infy.uk/ai/days/day6-next-token.html This is Day 6 of AIFromZero — AI literacy, one concept a day, no code to follow. 1. It only predicts the NEXT word Given everything so far, the model outputs a probability for every possible next word, picks one, appends it, and runs again with the longer text. Paragraphs, code, poems — all of it is this one step on repeat. "the cat sat on the ___" → P(mat) high, P(bird) low 2. It's a probability over the WHOLE vocabulary The output isn't one word — it's a number for every word it knows (100,000+ for a real model). Most are near zero; a handful are plausible. The bars in the demo are that distribution, over a tiny vocabulary. 3. Autoregression: feed the output back in After picking a word, it becomes part of the input for the next prediction. Predict → append → predict again. Because each new word conditions on all the previous ones, short local choices add up to coherent long text. 4. Temperature = the creativity dial Once you have probabilities, how do you choose? Temperature reshapes them before sampling: Near 0: the top word always wins — safe, repetitive. High: the odds flatten, so rarer words get a real chance — creative, error-prone. p = p ** ( 1 / temperature ); // then renormalise and sample Drag the slider in the demo and watch the bars sharpen or even out. That one knob is what an API calls "creativity." 5. Where do the probabilities come from? In my toy, from counting which word followed which in a few sentences (a "bigram" with 1-word memory). A real LLM replaces the counting with a giant neural network trained on much of the internet, and its memory spans thousands of words. The mechanism is identical — only the quality of th
AI 资讯
The Slot-Machine Was the Point
Lars Faye's Agentic Coding Is a Trap — published Sunday, May 3, picked up on Hacker News at 398 points and 316 comments — is the best single compendium of the cognitive-debt evidence base anyone has put together in 2026. It catalogues the studies. It names the trade-offs. It lands on a personal-discipline conclusion. The receipts are now collected; the careful reader will have spent the weekend nodding through them. Buried in Faye's second paragraph, almost in passing, is the line that does the actual analytical work. Faye describes the agentic workflow as a process in which "someone defines the project's requirements ... generates a plan, and then pulls the slot machine lever over and over, iterating and reiterating with often multiple agent instances until it's done." The link goes to a March post by Quentin Rousseau, CTO and co-founder of Rootly, titled One More Prompt: The Dopamine Trap of Agentic Coding. The metaphor isn't Faye's. Rousseau got there first, in clinical language: the workflow runs on "variable ratio reinforcement — the same psychological mechanism that makes slot machines the most addictive form of gambling" . That is the framing the rest of Faye's piece is downstream of, and it is the framing this article is about. What the receipts add up to Faye's catalogue, briefly. Anthropic's own research note on internal use names what it calls the "paradox of supervision" : effective use of Claude requires the very skills that sustained Claude use atrophies. MIT Media Lab's Your Brain on ChatGPT measured the cognitive impact and labelled it cognitive debt . A Microsoft study covered by 404 Media reached parallel findings for knowledge workers more broadly. A separate Anthropic study on coding skills reported a 47% drop-off in debugging skills among engineers leaning heavily on AI-assisted workflows. Sandor Nyako, the LinkedIn engineering director who oversees fifty engineers, has reportedly asked his team not to use these tools for "tasks that require cri
AI 资讯
AI Use by the US Government
On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published in the final year of the Biden administration, and includes many disturbing-seeming plans to hand over sensitive governmental functions to AI. Scanning this list, many readers may find many causes for alarm. It represents a transfer of decision processes from human to machine on a massive scale over matters of individual freedom, public health and well-being, nuclear reactor safety and more...
AI 资讯
Ollama Structured Outputs in Practice — Getting Type-Safe JSON from Local LLMs with Pydantic
json.loads(response) fails at a certain point. You told the model "return JSON only," but it added a ```json markdown code fence around everything. A quick regex strips it — until that regex hits an edge case, and that edge case blows up in production. Since Ollama 0.3.0, passing a JSON schema to the format parameter eliminates this problem at the root. The model's inference itself is constrained by the schema, so no code fences, no explanatory text, no mid-thought artifacts. Just parseable JSON. I ran these tests locally with Gemma4 and Ollama 0.30.7 to see how well it holds up in practice. Why LLM Response Parsing Is Tricky The most common problem when running Ollama locally — without a cloud LLM API — is JSON parsing. Two reasons. First, text generation models are trained toward "natural text." Even if you ask for JSON only, they'll often wrap it in json ... blocks or prepend "Of course! Here is the JSON you requested:" style text. Here's what I reproduced directly: json Input: 'Give me 3 Python tips as JSON with keys: tips (array), difficulty (1-5)' Model output (no format parameter): ```json { "tips": [ "Master the fundamentals first...", ... ] } JSON parse: FAILED Python ' s `json.loads()` can ' t handle the markdown wrapper . The " JSON only " instruction is unreliable in production . Second , speed . I measured the same query both ways : 32 seconds without structured output , 5 seconds with it . More on why below . ## How the Ollama format Parameter Works Ollama ' s `/api/generate` endpoint has a `format` field. Pass a JSON schema object and Ollama applies **constrained decoding** during inference. python import json import urllib.request def ollama_structured(prompt, schema, model="gemma4:e4b"): payload = { "model": model, "prompt": prompt, "format": schema, # ← pass JSON schema object directly "stream": False, "options": {"temperature": 0} } data = json.dumps(payload).encode() req = urllib.request.Request( " http://localhost:11434/api/generate ", data=data
AI 资讯
The next bottleneck after AI writes your code is reviewing the docs it writes
Coding agents draft specs, architecture docs, changelogs, and README updates in seconds — but a human still has to judge the quality of all that output. The bottleneck shift A year ago, the typical workflow was: you write a spec, you get comments, you revise, then you implement and get code review. Humans did most of the writing and coding. Now, agents produce first drafts of design docs, API references, runbooks, and onboarding guides — and they do it in seconds. Code implementation and code review can now be handled by agents, so those are no longer the bottleneck. What surfaced instead is the step right before: document review. A human has to read 2,000 lines of generated markdown and decide what's wrong. The writing part got dramatically faster. LLMs can assist with document review too, but compared to code implementation and code review, the human judgment required is still larger. This asymmetry compounds fast. Every agent-assisted project now has a stack of "needs human review" documents growing in a shared folder. If you're running multiple agent loops in parallel — one for the spec, one for the implementation plan, one for the test strategy — review becomes a pipeline stall. GitHub PRs remain the right tool when you need third-party review. But the step before that — the fast local self-review loop where you and your agent iterate on a draft — doesn't belong in a PR. Branching, diffing, and assigning reviewers is a lot of process for a first draft the agent wrote in seconds. Why prose feedback is lossy The most common workaround today is to have the agent read the document and then fix things based on natural-language feedback: "The error handling in section 3.2 is too vague — be specific about what happens on timeout." This looks reasonable. The agent reads it, searches for something about error handling, and makes a change. But several things go wrong: Position is ambiguous. If section 3.2 has three paragraphs about error handling, which one did the revie
AI 资讯
Block the Merge if the Model Isn't Ready": Shifting Local AI Evaluations Left with CI Gates
We’ve all heard "it works on my machine," but when it comes to AI-driven features, that phrase is a recipe for disaster. You can have a perfectly tested agent today, but if you upgrade your base model or change your quantization strategy tomorrow, you might inadvertently kill your agent's reliability. You can’t afford to wait for production to find out your agent is hallucinating or failing its tool calls. This is why we built the headless QuantaMind CLI—to shift AI evaluation left into your CI/CD pipeline. By integrating custom eval JSON collections into your build process, you can now treat your AI agent like any other piece of code. If a model upgrade or a quantization tweak causes your agentic reliability to dip below your required threshold, your CI pipeline should block that merge. It’s not just about testing; it’s about enforcement. If you aren’t gating your deployments based on real, repeatable model performance, you aren’t shipping software—you’re shipping a guessing game.
AI 资讯
Email Triage Taxonomies for LLM Classification
The most important design decision in an email classifier isn't the model — it's the label set, and here's the one I keep coming back to: You triage email into one of four categories: URGENT — production incidents, executive requests; reply within 1 hour ACTION — code reviews, meeting follow-ups; reply same day FYI — informational, no response needed NOISE — newsletters, marketing, automated notifications From: {sender} Subject: {subject} Snippet: {snippet} Return ONLY the category name. Nothing else. That's the working prompt from the Nylas email triage recipe , and almost every line encodes a taxonomy-design lesson worth unpacking. Most people building email agents obsess over model choice and prompt phrasing. The recipe's quiet thesis is that the label set itself does the heavy lifting — get the taxonomy right and a cheap model classifies well; get it wrong and no model saves you. Why four is the magic number The recipe states it flatly: four is the right number. Three loses fidelity — everything important collapses into one overloaded bucket and you've built a binary classifier with extra steps. Five and the model starts confusing categories, because the boundaries between adjacent labels get too thin to express in a definition. Notice what makes these four work. They aren't topics — they're response obligations . URGENT means "reply within the hour," ACTION means "reply today," FYI means "no response needed," NOISE means "archive." Each label maps to exactly one behavior. That's the test I'd apply to any email taxonomy: if two labels lead to the same action, merge them; if one label leads to two different actions depending on content, split it. The same principle shows up in the sales context. The Agent Accounts overview describes an outreach agent classifying replies as interested / not now / unsubscribe — three labels, because the workflow has exactly three branches: book the meeting, schedule a follow-up, stop emailing. The taxonomy is the decision tree, fla
AI 资讯
From Chatbot to Mailbox: Persistent Agent Memory in Threads
Day 1, 4:02 p.m.: a customer asks your agent a billing question and gets an answer. Day 6, 9:30 a.m.: they reply "actually, that didn't work." If your agent lives in a chat widget, that second message starts from zero — the session died with the tab, the context is gone, and the customer gets to repeat themselves. If your agent lives in a mailbox, the reply arrives inside the conversation , with the full history attached by the protocol itself. That's the argument in one before/after: chat sessions evaporate; email threads persist. And for agents that work across days rather than minutes, the thread is the most underrated memory substrate available. The protocol already built your memory layer Email threading runs on three headers, as the threading docs lay out. Every message carries a globally unique Message-ID . A reply adds In-Reply-To (the ID it's answering) and References (the full chain of IDs, oldest to newest). By the time a thread is five messages deep, References holds five Message-IDs in order — a complete, tamper-evident record of the conversation's shape, maintained by every mail client on earth. Compare that to what we hand-roll for chatbots: session stores, conversation tables, context windows we serialize and rehydrate. Email gives you the equivalent for free, federated across organizations, and — this is the part I find most compelling — human-auditable . Anyone with mailbox access can read exactly what the agent's memory contains, because the memory is the correspondence itself. No vector store inspection tools required. With Nylas Agent Accounts (in beta), the agent owns the mailbox where this accrues, and you never parse headers by hand. The Threads API groups messages by their header chain; each thread object gives you ordered message_ids , participants , and activity timestamps. When a reply fires message.created , the payload includes a thread_id — fetch the thread, walk its messages, and the agent has its full conversational past before decid
AI 资讯
Stop letting the prompt be your state machine
Stop letting the prompt be your state machine You shipped an LLM feature six months ago. Now the same user input produces wildly different outputs depending on... nothing you can point to. Something in the sampling? The time the context filled up and a chunk got dropped? Nobody knows. This is what happens when the prompt becomes your runtime. The trap: the prompt as an accidental runtime Here is what the trap looks like in TypeScript: async function handleUserRequest ( input : string ): Promise < string > { const prompt = ` You are a helpful assistant. The user said: ${ input } Previous context: ${ someGlobalContext } Decide what to do, gather any information you need, format the response, and return it. ` ; return llm . complete ( prompt ); } The model is doing everything here: deciding the intent, gathering data, formatting output, choosing what to persist. That is a footgun. You handed the runtime to a stochastic function. Gartner attributes many failed agentic AI projects to unclear value and inadequate risk controls. Deterministic, testable workflows address both. The fix is not a better prompt. The fix is to stop using the prompt as an architecture. What "deterministic" can and cannot mean here Be honest about what you can and cannot control. You cannot control: the model's exact output. It is probabilistic by design. You can control: The shape of the output (structured output plus schema validation) The steps that run before and after the model call What data enters the model What happens when the output fails validation Whether a human reviews the result before it commits to anything irreversible Determinism here means: the same inputs, the same workflow steps, the same guardrails every time. Not the same tokens every time. That is a realistic and achievable target. It is also the thing teams skip when they are moving fast. Typed workflow steps around the model call Break the work into discrete typed steps. Each step has a clear input type and a clear output
AI 资讯
SpaceX to acquire AI coding platform Cursor for $60 billion
Separately, neither could compete. Now they hope they can.
AI 资讯
From Invoice to Owner: A Practitioner's Guide to Request-Level AI Cost Attribution
TL;DR Provider invoices aggregate by model and billing period. They cannot tell you which team, product, or agent caused a cost spike. Request-level AI cost attribution links every API call to structured owner metadata (team, product, environment, trace ID) so investigations take minutes, not days. Three approaches exist: provider dashboard, gateway log enrichment, and application trace attribution. They differ sharply in setup cost and query granularity. Gateway log enrichment is the highest-leverage first step for most teams. It requires no changes to application code and covers all traffic behind the gateway. Real example: a platform team at a 60-person AI company discovered that 31% of their $18k/month spend came from a misconfigured retry loop in a background job, identified in under 20 minutes once request-level logs were searchable. Why Your Invoice Is Lying to You Your OpenAI invoice for last month shows $22,400. Your Anthropic invoice shows $6,800. Total: $29,200. Your CFO wants to know which business unit owns each line. You forward the invoices to your finance partner, who forwards them to three engineering managers, who reply with estimates that sum to $24,000 and do not match any real allocation. This is the standard state of LLM spend governance at companies between $5k and $50k per month in AI API costs. The invoices arrive, the spend is real, and attribution is a spreadsheet exercise done with guesses. The problem is structural. Provider billing aggregates by model and by billing period. It has no concept of your internal ownership model, your product boundaries, your tenant hierarchy, or your agent topology. A single gpt-4o line in your invoice might represent spend from a customer-facing chat feature, an internal summarization service, a nightly batch job, and three developers running experiments against production endpoints. You get one number. You have four or more owners. Request-level AI cost attribution is the practice of enriching every API c
AI 资讯
Small Models, Great Tools: The Engineering Behind a Local AI Agent in Production
There is a persistent myth that to build a worthy code assistant, you absolutely must use GPT or Claude. This is false. You don't need a 1-trillion parameter model. You need a small local model and extremely rigorous engineering around it. This is the direction history is taking for companies. As Mark Zuckerberg mentioned, the future isn't a single omniscient model, but "every company having its own specialized AI" . And this specialization necessarily involves fine-tuning and local deployment (or on sovereign servers) to guarantee data security. The thesis behind the construction of Vibrisse Agent can be summed up in one sentence: Small models, Great tools. In this article, I will detail the technical stack and concrete engineering solutions I implemented to tame a local model and make it reliable in production: LangGraph, Ollama, FastAPI, React (no build step, with embedded custom CSS) , all running on a machine with 32 GB of RAM. For the curious who want to run the agent on their machine right now: // MacOs / Linux curl -sSL https://agent.vibrisse-studio.dev/install.sh | bash // Windows irm https://agent.vibrisse-studio.dev/install.ps1 | iex Architecture: Why a State Machine (LangGraph)? At first, when building an LLM application, we tend to think in sequential chains: Input -> Prompt -> Tool -> Output . The problem is that if one node fails, the whole chain stops without us being able to catch the error or understand the context of the crash. That's where LangGraph comes in. Vibrisse's architecture isn't a chain, it's a state machine . Every node in the graph has a very precise responsibility, shares a global conversation state, and uses conditional transitions to move to the next node. I implemented the Supervisor / Worker pattern: The Supervisor analyzes the user's intent. It does nothing else but route. It dispatches the task to specialized Workers (the RAG Worker, the Search Worker, the Ghost Worker...). If a Worker fails or needs more information, it can se
AI 资讯
Critical Copilot vulnerability allowed hackers to seal 2FA code from users
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.