今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#loop

找到 12 篇相关文章

AI 资讯

You Can't Secure What You Can't See: Shadow AI and the Inventory Problem

Part 1 of "Trust the Machine" -> a series on building AI infrastructure that is secure, compliant, and governable by design. Most organizations can produce an accurate catalog of the web services they operate. Far fewer can produce an equivalent catalog of the AI systems they run — the models, fine-tunes, retrieval pipelines, agents, and third-party AI APIs now embedded throughout their products and internal tooling. This asymmetry defines the state of AI security in 2026. Adoption has outpaced oversight. Industry reporting this year has described a surge in enterprise AI activity on the order of 83% year over year, with governance and visibility lagging well behind. The consequence is a large and only partially mapped attack surface — one that many organizations cannot fully enumerate, let alone defend. Every mature security program rests on a single first principle: you cannot protect what you cannot see. Artificial intelligence is no exception. Before threat-modeling an agent or authoring a guardrail, an organization must be able to answer a deceptively difficult question: what AI is running across the environment, and who is accountable for it? This post examines how to build that answer. The rise of shadow AI Shadow IT — the unsanctioned adoption of tools outside official channels has been a recognized challenge for decades. Shadow AI is its faster-moving successor, and it appears in more forms than most inventories are designed to detect: Embedded API calls. A product team integrates a hosted model in a few lines of code and an API key, with no formal review. Copilots and assistants enabled across existing SaaS platforms, frequently activated by the vendor rather than the customer. Fine-tunes and adapters trained on internal data and stored in locations that fall outside standard scanning. Agents and automations that have incrementally acquired the ability to act—filing tickets, sending communications, initiating transactions—one permission at a time. Model de

2026-07-08 原文 →
AI 资讯

what's all this hype about "loop engineering"

Honestly it's not a new concept. this feature already existed in models before. problem was the models were just weak. Looping only works if each attempt gets the agent closer to the correct solution. Earlier models weren't consistent enough for that. They often misunderstood feedback, repeated the same mistakes, or got stuck in an infinite loop. Instead of improving with each iteration, they frequently failed to make meaningful progress, eventually consuming large numbers of tokens without solving the problem. The Context Window Limitation Earlier language models had much smaller context windows. As the agent went through more iterations, the conversation history and reasoning gradually filled the available context. Once the context window was exceeded, older messages had to be dropped or compressed into summaries. As a result, the agent could forget previous failed attempts, lose important clues or reasoning, and sometimes repeat the same mistakes it had already made. So what did modern models actually fix? Bigger context windows Models can now hold way more of the conversation/history without forgetting, so the agent doesn't need to spin up a fresh session every few iterations. it can just keep looping with the full history of what failed and why. modern models also got way more consistent earlier if you asked a model to fix the same bug 5 times you'd get 5 different half-baked answers, now it actually converges toward the real fix. and tool use got better too . Old models could write code but couldn't run it and read the actual error, now they call a test runner, see the real failure, and fix that exact thing which is literally what makes the "verify" step possible. And then there's inference it is simply the process of a model generating an answer. like when you type "write a java binary search," the model reads your prompt, thinks, and generates code that whole process is inference. every time the model generates text, that's one inference. now here's the thin

2026-07-05 原文 →
AI 资讯

nginx Event Loop — Complete Lifecycle Reference

nginx Event Loop — Complete Lifecycle Reference A precise, bottom-up reference covering every buffer, syscall, interrupt, and data movement from the moment a TCP packet hits the NIC to the moment a response is sent back. Two concurrent users are used throughout as a concrete example. Table of Contents Foundations — fd and Socket Hardware Layer — NIC, DMA, Interrupts Kernel Structures and All Buffers epoll — How the Worker Waits Efficiently nginx Startup Sequence Complete Request Lifecycle — Two Concurrent Users What Happens While Worker is Busy All Buffers — Master Reference All Syscalls — Master Reference Failure Modes 1. Foundations 1.1 Everything is a File Linux's core philosophy: every I/O resource — files on disk, network connections, pipes, terminals, devices — is represented as a file. This means one unified API ( read , write , close ) works on all of them. The kernel manages the actual resource. Your process holds a token. 1.2 File Descriptor (fd) A file descriptor is just an integer . It is a per-process token that refers to a kernel-managed resource. The kernel maintains a table per process called the fd table — a simple array where the index is the fd and the value is a pointer into the kernel. Process fd table: ┌─────┬───────────────────────────────┐ │ fd │ points to │ ├─────┼───────────────────────────────┤ │ 0 │ stdin │ │ 1 │ stdout │ │ 2 │ stderr │ │ 3 │ listen socket (nginx) │ │ 5 │ User A client connection │ │ 6 │ User B client connection │ │ 12 │ backend connection for User A │ │ 13 │ backend connection for User B │ └─────┴───────────────────────────────┘ 0, 1, 2 are always pre-assigned. Application fds start from 3 upward. The fd is meaningless on its own. It only means something when passed to a syscall — the kernel uses it to look up the real resource. 1.3 Socket A socket is the kernel's internal data structure representing one end of a network connection. Created when your process calls socket() . Lives entirely in kernel RAM. Your process nev

2026-06-27 原文 →
AI 资讯

The Ralph Loop Is Not Enough

"I don't prompt Claude anymore. My job is to write loops." — Boris Cherny, Claude Code creator Though I see where he's coming from, I'd put it differently. A developer's job isn't to write loops. It's to design state machines. Every major agent framework — Claude Code, Codex, Cursor, LangGraph — does the same thing under the hood. A while loop calls an LLM, checks if it wants to use a tool, runs the tool, repeats until done. The loop isn't just a solved problem. It's a boring problem. The hard part is everything around it. A loop has no idea what state the work is in. It just keeps going until something breaks or you run out of tokens. That's the Ralph Loop — named after the Simpsons kid who put a crayon in his nose. Agent, infinite loop, go. The Ralph Loop works, is famous, and has zero memory of where it is in the job. Like Ralph, it keeps going without knowing why. The Fix: A Finite State Machine Think about the NBA Finals. The Spurs and the Knicks aren't improvising — every possession has a state. Fast break. Inbound play. Half court set. Each one has specific reads and triggers for what happens next. Point guard De'Aaron Fox isn't making it up as he goes. The system tells him what situation he's in, and the situation tells him what to do. Your agent works the same way. You define the stages — planning, implementing, reviewing, error handling — and you define what triggers each transition. The agent doesn't orchestrate. It executes. One focused job per state. Why This Matters in Production When agents break, it's almost always one of three things: Infinite loops — one system repeated the same answer 58 times before anyone noticed. Context overflow — the history gets so long the model starts quietly forgetting things. Goal drift — 70 turns in, "don't touch auth" has completely evaporated. State machines fix all three. The loop runs until the list is empty, not until you run out of tokens. The goal lives in the transition logic, not in the context getting squeezed

2026-06-11 原文 →