When the Maintainer Is the Attacker: jqwik 1.10.0
jqwik 1.10.0 emits a destructive prompt-injection string in Maven output. ANSI escapes hide it from humans. The maintainer added it on purpose.
AI & TechnologyWriting
Thoughts on design, development, AI infrastructure, and building products.
Loopback Is Not a Trust Boundary: CVE-2026-2611
MLflow 3.9.0's Assistant exposed a local AI agent on /ajax-api with no CORS check. Any webpage could take over Claude Code. The bug is older than MLflow.
AI & TechnologyAI Agent Ownership Is the Trust Primitive
AI agent ownership links every autonomous action to the account, session, scope, and operator who can stop it, review it, and accept responsibility.
AI & TechnologyAI Agent Config Security Is Supply Chain Security
AI agent config security belongs in supply-chain review: hooks, editor tasks, install scripts, MCP files, and plugins can execute code before you notice.
AI & TechnologyAgents.txt Is Not Access Control
Agents.txt is not access control. Use robots.txt, llms.txt, bot verification, logs, and server-side policy to manage AI crawlers without false confidence.
AI & TechnologyAI Coding Agents Need Smaller Review Surfaces
AI coding agents overwhelm reviewers with giant diffs. Smaller review surfaces keep engineers engaged, verification-focused, and accountable before merge.
AI & TechnologyAI Agent Monitoring Needs Runtime Intervention
AI agent monitoring should catch decisive errors during a run, not after failure. Runtime intervention turns traces, policies, and alerts into safe pauses.
AI & TechnologyAI Malware Analysis Needs Evidence Packets
AI malware analysis needs evidence packets: hashes, commands, indicators, and claim-to-evidence trails matter more than confident agent summaries.
AI & TechnologyAI Agent Skills Need Behavioral Audits, Not Pass Rates
AI agent skills can change behavior while pass rates stay flat. Behavioral audits compare traces, declared capabilities, and side effects before trust.
AI & TechnologyLong-Running AI Agents Need Durable Channels
Long-running AI agents need durable channels: workflow IDs, event logs, resumable streams, typed signals, safe cancellation, and user-visible checkpoints.
AI & TechnologyAI Agents Should Call Models
AI agents should call trained machine-learning models as tools instead of asking an LLM to guess prices, risk scores, forecasts, or classifications.
AI & TechnologyDeep Research Agents Need Evidence Graphs
Deep research agents need evidence graphs to track missing pieces, reduce duplicate searches, and produce source-traced answers reviewers can inspect.
AI & TechnologyExternal Publications
Technical writing at Introl
Local LLM Hardware Pricing Guide 2025
Comprehensive hardware recommendations and cost analysis for running large language models locally.
H100 vs. H200 vs. B200: Choosing the Right NVIDIA GPUs for Your AI Workload
GPU selection guide comparing NVIDIA's latest datacenter accelerators for different AI workloads.
TPU Architecture: Complete Guide to Google's 7 Generations
Deep technical dive into Google's Tensor Processing Unit evolution from TPUv1 to TPUv5.
GPU Memory Pooling in Multi-Tenant Kubernetes
Resource sharing strategies for GPU clusters in containerized environments.
Ray Clusters: Distributed AI Computing Infrastructure
Guide to building and managing distributed AI computing with Ray framework.
DeepSeek V3 Open Source AI Cost Advantage
Analysis of open source LLM economics and DeepSeek's competitive positioning.
NVIDIA Vera Rubin GPU 600kW Racks 2027
Future datacenter power requirements and NVIDIA's next-generation GPU roadmap.
SMR Nuclear Power for AI Data Centers
Small modular reactor solutions for powering next-generation AI infrastructure.
DeepSeek MHC Architecture Breakthrough
Technical analysis of DeepSeek's Multi-Head Compression architecture innovations.