今日已更新 233 条资讯 | 累计 20205 条内容
关于我们

标签:#us

找到 1004 篇相关文章

AI 资讯

Every change to an Entra extension is a Control Plane event: the monitoring contract

Parts 1 and 2 of this series ( Microsoft Entra extensibility is a gift. It is also Control Plane. and Securing the code that decides who Entra trusts ) made two static decisions. Where the code lives: a dedicated Control Plane subscription, directly under the root management group or under a dedicated Control Plane management group, never in the platform identity subscription or an application landing zone. What credential it uses to call out: a managed identity by default, federated identity credentials when the call must leave Azure, certificates as a tolerated middle step, and static symmetric keys never. Both decisions are one-time. You make them, you walk away, you do not touch them for months. The third decision is not like that. It is continuous, and it is the one most teams quietly skip: how do you know the deployed code on that Function App is still the code your reviewers approved? How do you know the Logic App workflow definition has not been rewritten since last Tuesday? How do you know nobody added a federated identity credential to the managed identity at 3 a.m. on a Saturday? The answer is monitoring. Not "we have Log Analytics turned on." Monitoring with a specific operating contract attached. The posture inversion For most Azure workloads, the default operating posture is reasonable trust. Engineers deploy. Pipelines run. Configuration drifts a little. The team reviews changes weekly. Anomalies are caught eventually. For a Microsoft Entra extension, that posture is wrong. The default has to be inverted. Once an Entra extension lands in production, every change to it is suspicious by default. Not "needs review." Not "let's check first." Suspicious. The default state of an alert firing on a Function App that hosts a custom claims provider is "the SOC is investigating, prove this was approved." If you cannot prove the change was approved within the team's response SLA, the change is treated as an incident and rolled back. That posture is harsh on purpo

2026-07-07 原文 →
AI 资讯

P Watched an AI That Only Looked One Way. The 99.97% Was Real. It Just Missed Everything That Mattered.

"Show nothing, hold everything." — The Thirty-Six Stratagems, Create Something Out of Nothing Previously on this series: #4: P Walked Into an AI Monitoring POC. P Didn't Run a Single Test. — P found an ACL business card in an abandoned POC archive. P didn't tell anyone. P just pocketed it. White walls. Fluorescent hum. A FortDefender quarterly report sat open on the table, the cover printed in bold: Zero missed detections. 99.97% detection rate. The CTO slid it across. "The day the leak happened," he said quietly, "this system said everything was fine." "Which client?" " MedTech . Medical data breach. Their internal AI monitoring didn't catch it either. The quarterly report called it 'client-side issue.' I don't buy it." P didn't look at the report first. P looked at the CTO's eyes first. "You didn't bring me here to validate his numbers." The CTO didn't deny it. " FortDefender won't give you production access," he said. "Read-only logs. Sandbox. Public docs. You signed the NDA." "What do you want me to do?" "Find what's hiding inside 'everything was fine.'" P nodded. P didn't ask "what if I find it" — P knew the answer. "One condition: full internal penetration test access. No advance notice to anyone." The CTO was quiet for three seconds. "Done." P stood up. The CTO added one more thing as P turned: "I've heard about the FirmCore thing. That's why I called you." P didn't look back. Week One FortDefender 's public documentation was beautiful. Architecture diagrams. Whitelist rules. Alert thresholds. Response times. All in a technical whitepaper so polished you'd think it was written to raise funding. P spent three days reading every page. In the sandbox, P ran three rounds of tests. FortDefender 's detection system hit every single one. The 99.97% wasn't a lie — at least not inside the sandbox. But P noticed something. FortDefender 's whitelist rules were too complete. They covered everything — down to "penetration tests with valid internal certificates" being pre-

2026-07-07 原文 →
AI 资讯

AI Coding Tools Are Getting Better — So Why Are We Still Spending So Much Time Managing Them?

AI coding tools can now write features, edit multiple files, debug code, run commands, and generate tests. But while researching how developers use these tools, I keep seeing the same question: Are AI coding tools actually saving us as much time as they should? The models are becoming more capable, but developers still seem to spend significant time managing context, checking changes, watching usage limits, choosing models, and explaining the same project information again. I’m trying to understand whether these are widespread problems or just isolated experiences. The Problems I'm Investigating Context and Memory Long AI coding sessions can sometimes lose direction. The AI may forget earlier decisions, misunderstand project conventions, suggest previously rejected approaches, or require the developer to explain important context again. This makes me wonder: Should project knowledge disappear when a chat session ends? Would it be useful if the development environment could preserve relevant architecture decisions, coding conventions, previous bugs and fixes, failed approaches, current tasks, and next steps? Agent Reliability Writing code is only one part of development. An ideal agent workflow might look more like: Understand → Plan → Edit → Run → Test → Fix → Verify But how autonomous should that process be? Should the agent complete the entire loop independently, ask before risky actions, or wait for approval at every major step? Models, Usage, and Cost Developers now have access to many models, but choosing between them can become another task. Should developers always choose models manually, or should the development environment select an appropriate model based on task complexity, quality requirements, privacy, speed, and budget? Usage limits are another concern. Some developers report difficulty predicting how quickly their allowance is being consumed. Would real-time usage visibility, spending limits, local model support, or BYOK actually improve the experien

2026-07-07 原文 →
AI 资讯

AI Doesn't Recommend the Best Product. It Recommends the Best Explained Product.

A simple bubble tea experiment completely changed how I think about AI recommendations. Last week, I asked ChatGPT a question that seemed almost impossible to get wrong. "What are the best bubble tea brands in my city?" Surprisingly,some of the recommended brands were companies I had never heard of before. A few weren't even available in the cities I had lived in. After asking the same question to Claude, Gemini, and DeepSeek, I noticed something interesting that many of the same brands which I'm not familiar kept appearing. AI Isn't Judging Your Brand Humans recommend products because they have experiences. But AI does none of those things. It doesn't know whether one brand actually tastes better than another. Instead, it tries to generate the most statistically reliable answer based on the information it can understand. So, AI doesn't recommend the best brand. It recommends the brand it understands best. The Experiment That Changed My Perspective Once I realized this, I started paying closer attention. I didn't only test bubble tea but also the restaurants, beauty brands, consumer electronics, and ravel recommendations. Again and again, I noticed a pattern. Brands that consistently appeared in AI recommendations usually had several characteristics: Clear product descriptions Well-structured websites Consistent public information Plenty of third-party coverage Easy-to-understand positioning Meanwhile, some excellent brands barely appeared at all, because AI had much less reliable information to work with. That's when I stopped thinking about AI recommendations as opinions. They're much closer to information retrieval problems than human preferences. Consumers Are Already Changing Their Habits This matters because people are beginning to use AI differently from traditional search engines. Instead of searching "Best bubble tea near me", many people (especially the youth) now ask AI to recommend a healthy milk tea brand." The AI becomes the decision maker before the c

2026-07-07 原文 →
AI 资讯

It's You.

To start off, I appreciate the community support I have received on the post about being behind. I am behind, and I can't prove it but does it matter? Achievement that feels shallow on paper FrancisTRᴅᴇᴠ (っ◔◡◔)っ FrancisTRᴅᴇᴠ (っ◔◡◔)っ FrancisTRᴅᴇᴠ (っ◔◡◔)っ Follow Jun 22 I am behind, and I can't prove it but does it matter? # discuss # community # mentalhealth # career 149 reactions 89 comments 4 min read I couldn't respond to every single one because of the overwhelming comments I have received! Rest assure, I will respond to each and every one of you and I am glad to be part of this community! With that said, I want to return the favor to the community about something important. I recently talked to @georgekobaidze and @codingwithjiro in the Virtual Coffee group about life in general. What I notice about our conversation how we ended up talking about regrets and how we should have done this and that. For example, we talked about not networking or not doing beyond the coursework at our University/College because of how non-social we are. Of course, we all have regrets like these and we improve overtime. As we kept the conversation going, there is something that comes down to the root based on the conversations we have and conversations I had overall. One side is that we have regrets and as a result, we improve. We self-reflect on our wants and needs and we improvise from there. For example, for me, I never did networking because of the fear of what other people thinks. I slowly realized that 99% of the irrational thoughts never comes true. Even if it does, I know myself that I could handle the situation. As a result, I took small steps and joined dev.to. We all know where I am at now XD On the other hand, there are people who identifies these regrets they have, but does not act on it. It has become common to college students who says that the "Job Market is Cooked" and that "They are not good enough". To be fair, impostor syndrome is real and yes, the job market is coo

2026-07-07 原文 →
AI 资讯

Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats

Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats We used to build security systems assuming the attacker was human. That assumption just died. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware — all without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware. All without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. From Static Playbooks to Autonomous Attackers Traditional ransomware follows predictable patterns. A script runs through a fixed playbook: scan, encrypt, demand ransom. If one step fails, the attack often stalls. Autonomous AI agents operate differently. They analyze their environment in real time, adapt when initial attempts fail, make contextual decisions about targets and techniques, and chain multiple exploits together without predefined sequences. This introduces machine-speed lateral movement. Something human defenders and traditional security tools are not built to handle. The Defensive Automation Gap The core problem is asymmetry. Attackers are rapidly automating both reconnaissance and execution. Defenders, on the other hand, still rely heavily on manual processes, static rules, and human-driven response. This "Defensive Automation Gap" creates dangerous imbalances in speed, scale, an

2026-07-07 原文 →