AI 资讯
States make last-ditch effort to stop the Paramount ‘media behemoth’
A dozen state attorneys general are trying to block the $110 billion merger of Paramount and Warner Bros Discovery they warn would raise movie prices and crush cable TV distributors. The states - California, Arizona, Colorado, Connecticut, Massachusetts, Minnesota, Nevada, New Jersey, New Mexico, New York, Oregon, and Washington - filed suit on Monday, arguing […]
AI 资讯
Every change to an Entra extension is a Control Plane event: the monitoring contract
Parts 1 and 2 of this series ( Microsoft Entra extensibility is a gift. It is also Control Plane. and Securing the code that decides who Entra trusts ) made two static decisions. Where the code lives: a dedicated Control Plane subscription, directly under the root management group or under a dedicated Control Plane management group, never in the platform identity subscription or an application landing zone. What credential it uses to call out: a managed identity by default, federated identity credentials when the call must leave Azure, certificates as a tolerated middle step, and static symmetric keys never. Both decisions are one-time. You make them, you walk away, you do not touch them for months. The third decision is not like that. It is continuous, and it is the one most teams quietly skip: how do you know the deployed code on that Function App is still the code your reviewers approved? How do you know the Logic App workflow definition has not been rewritten since last Tuesday? How do you know nobody added a federated identity credential to the managed identity at 3 a.m. on a Saturday? The answer is monitoring. Not "we have Log Analytics turned on." Monitoring with a specific operating contract attached. The posture inversion For most Azure workloads, the default operating posture is reasonable trust. Engineers deploy. Pipelines run. Configuration drifts a little. The team reviews changes weekly. Anomalies are caught eventually. For a Microsoft Entra extension, that posture is wrong. The default has to be inverted. Once an Entra extension lands in production, every change to it is suspicious by default. Not "needs review." Not "let's check first." Suspicious. The default state of an alert firing on a Function App that hosts a custom claims provider is "the SOC is investigating, prove this was approved." If you cannot prove the change was approved within the team's response SLA, the change is treated as an incident and rolled back. That posture is harsh on purpo
AI 资讯
Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats
Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats We used to build security systems assuming the attacker was human. That assumption just died. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware — all without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware. All without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. From Static Playbooks to Autonomous Attackers Traditional ransomware follows predictable patterns. A script runs through a fixed playbook: scan, encrypt, demand ransom. If one step fails, the attack often stalls. Autonomous AI agents operate differently. They analyze their environment in real time, adapt when initial attempts fail, make contextual decisions about targets and techniques, and chain multiple exploits together without predefined sequences. This introduces machine-speed lateral movement. Something human defenders and traditional security tools are not built to handle. The Defensive Automation Gap The core problem is asymmetry. Attackers are rapidly automating both reconnaissance and execution. Defenders, on the other hand, still rely heavily on manual processes, static rules, and human-driven response. This "Defensive Automation Gap" creates dangerous imbalances in speed, scale, an
科技前沿
Apple takes Epic fight over app store fees to the Supreme Court
Supreme Court will weigh if Apple contempt finding in Epic case is “erroneous.”
AI 资讯
Dapr 1.18 Introduces Verifiable Execution, Bringing Cryptographic Trust to AI Agents and Workflows
Diagrid has announced the release of Dapr 1.18, introducing what it calls Verifiable Execution, a new set of capabilities designed to bring cryptographic trust, provenance, and tamper-evident execution records to distributed applications and AI agents. By Craig Risi
AI 资讯
Google is finally opening the Play Store to outside payments
While the court still hasn't signed off on the massive settlement resolving Epic's antitrust lawsuit against Google for having a monopoly over Android's app store with Google Play, the tech giant says it will start rolling out changes to the way it handles billing for developers worldwide. As announced in March, the flat 30 percent […]
AI 资讯
Article: Designing Continuous Authorization for Sensitive Cloud Systems
Most cloud systems make one authorization decision at login. Everything after runs on trust established at authentication time. For systems handling regulated data, that gap is where breaches happen. This article presents a continuous authorization architecture covering risk-tiered evaluation, behavioral baselines, privacy-preserving audit trails, and a phased and incremental rollout. By Venkata Nedunoori
AI 资讯
AI Agent Identity and Permission Challenges: How Uber and Auth0 Are Rethinking Access Control
Uber recently described an internal architecture for propagating identity across multi-agent AI workflows. The design aims to perserve user context, agent provenance, and scoped access as agents delegate work and call internal tools. The case study aligns with Auth0’s view that AI agents need permissions based on delegated authority, scoped credentials, and explicit human approval boundaries. By Eran Stiller
AI 资讯
Analysis of Mo Gawdat and Marina Mogilko’s Conversation About the Future of AI, Startups, Education, and the Labor Market
AI Does Not Cancel Reality I watched the conversation between Mo Gawdat and Marina Mogilko about the future of AI. The conversation is strong. It contains important ideas, but it also contains many claims that sound large in scale, although on closer inspection they rely on very broad generalizations. AI is indeed changing the labor market, education, startups, content, hiring, and ways of thinking. But it does not cancel money, connections, trust, the human vector, creativity, necessity, morality, or people’s ability to adapt. Video on YouTube AI in hiring: automation amplifies chaos Many people have entered the job market. Companies receive huge volumes of resumes. HR departments cannot handle the volume. It is natural that part of the selection process is moving to AI. But there is a serious problem here. Candidates are also starting to play against AI. Resumes are adjusted to vacancies. Cover letters are assembled around keywords. Profiles become optimized for the filter, not for real work. In such a system, the best specialist does not necessarily pass. Often, the person who understood the selection mechanism better passes. The result: the picture becomes cleaner, while the quality of the decision becomes lower. The company gets not the strongest candidate, but the candidate who matched the algorithm best. This leads to lower hiring quality, lower productivity, and slower development. “I built a startup in six weeks”: a product is not a startup The conversation includes the idea that an AI startup would once have taken years and hundreds of engineers, and now it can be built in weeks. Technically, this is true. Prototypes are now built faster. Small teams have powerful tools. One person can now do more than a group could do before. But two different things are mixed here. Building a product faster has become real. Building a startup faster has become real only when resources are present. A startup is not only code. A startup is money, connections, trust, reputa
AI 资讯
I Consolidated My Entire Developer Homelab onto One Machine — Here's the Full Stack
I recently rebuilt my homelab from scratch. The goal was simple: one machine, everything containerised, zero exposed ports, GPU-accelerated local AI, and a fully automated backup setup. No cloud subscriptions for the tools I use every day. This is the full technical breakdown — what I'm running, how it's wired together, and the hard-won fixes that cost me hours so you don't have to repeat them. What I'm Running Eight services, 26 containers, one machine: Service Purpose Portainer Docker management UI Uptime Kuma Service monitoring (7 monitors) NocoDB Self-hosted Airtable — CRM & leads n8n Workflow automation Open WebUI Local AI chat interface Ollama Local LLM inference (GPU) AFF!NE Collaborative docs & whiteboards Plane Project management (roadmaps, sprints) Duplicati Encrypted daily backups Cloudflare Tunnel Zero Trust secure access — no open router ports All external-facing services sit behind Cloudflare Zero Trust with email OTP. No passwords to manage, no VPN clients — Cloudflare handles authentication at the edge. Architecture ┌──────────────────────────────────┐ │ Cloudflare Edge (Zero Trust) │ │ *.yourdomain.com — email OTP │ └──────────────┬───────────────────┘ │ HTTPS ┌──────────────▼───────────────────┐ │ Ubuntu Machine │ │ │ │ cloudflared (outbound tunnel) │ │ │ │ │ ┌─────▼────────────────────┐ │ │ │ homelab-net (bridge) │ │ │ │ │ │ │ │ portainer uptime-kuma │ │ │ │ nocodb n8n │ │ │ │ open-webui affine │ │ │ │ plane-* duplicati │ │ │ │ ollama (GPU passthrough) │ │ │ └───────────────────────────┘ │ └───────────────────────────────────┘ Everything runs on a shared Docker bridge network ( homelab-net ). The cloudflared container maintains an outbound-only encrypted tunnel — no inbound ports open on the router at all. Ollama runs in Docker with NVIDIA GPU passthrough. The AI model inference happens on the GPU, leaving CPU headroom for all other services. Prerequisites Ubuntu 24.04 LTS Docker Engine + Compose v2 NVIDIA GPU with driver 535+ NVIDIA Container Too
开发者
Microsoft could be the next Big Tech antitrust target
Over the past several years, Microsoft has largely managed to withstand populist calls to break up Big Tech while peers faced sweeping lawsuits. But a probe by the Federal Trade Commission suggests that grace period could be nearing an end. Earlier this year, Bloomberg outlined the contents of civil investigative demands (CIDs) - similar to […]
AI 资讯
OpenAI’s Frontier Governance Framework: Risk Tiers, Trusted Access, and What Developers Need to Know
On May 29, 2026, OpenAI published its Frontier Governance Framework — and most developers moved on to the next item in their feed. That’s a mistake worth correcting. The document doesn’t announce a new model or lower an API price. It describes how OpenAI measures whether its own systems could enable mass-casualty events, what access controls gate who can reach those capabilities, and how this maps to the regulations — the EU AI Act and California’s Transparency in Frontier AI Act — that are actively shaping compliance requirements for any enterprise deploying frontier AI this year. If you build security tools on OpenAI APIs, the framework’s Trusted Access for Cyber program directly affects what your application can and cannot do. If you operate in a regulated environment, the framework is the vendor-side accountability document your compliance team needs to reference. And if you build on frontier models at all, the risk tier system in this framework governs the capability restrictions you will encounter — and, increasingly, what auditors and procurement teams will ask about when vetting your AI vendor stack. What the Framework Actually Is The Frontier Governance Framework is OpenAI’s published methodology for evaluating the risk profile of frontier models before and after deployment. It covers six functional areas: risk assessment and mitigation, model reporting, security risk management, incident response, external expert input, and framework updates. Each area has defined processes, thresholds, and accountability mechanisms. The core architecture is a tier system applied across four risk domains. Each domain is evaluated independently, with tiers reflecting capability levels that could enable specific categories of harm. A model’s rating in any domain determines what deployment controls apply — what gets blocked at the API layer, who gets elevated access, and what triggers an incident response workflow. The framework was published explicitly to align with two regu