When the Maintainer Is the Attacker: jqwik 1.10.0
jqwik 1.10.0 emits a destructive prompt-injection string in Maven output. ANSI escapes hide it from humans. The maintainer added it on purpose.
AI & TechnologyWriting
Thoughts on design, development, AI infrastructure, and building products.
Loopback Is Not a Trust Boundary: CVE-2026-2611
MLflow 3.9.0's Assistant exposed a local AI agent on /ajax-api with no CORS check. Any webpage could take over Claude Code. The bug is older than MLflow.
AI & TechnologyAI Agent Skills Need Behavioral Audits, Not Pass Rates
AI agent skills can change behavior while pass rates stay flat. Behavioral audits compare traces, declared capabilities, and side effects before trust.
AI & TechnologyLong-Running AI Agents Need Durable Channels
Long-running AI agents need durable channels: workflow IDs, event logs, resumable streams, typed signals, safe cancellation, and user-visible checkpoints.
AI & TechnologyAI Code Review Needs Dissent, Not Consensus
AI code review needs independent agents that preserve dissent, validate findings, route uncertainty to humans, and re-review fixes before teams merge PRs.
AI & TechnologyAI Agent Config Security Is Supply Chain Security
AI agent config security belongs in supply-chain review: hooks, editor tasks, install scripts, MCP files, and plugins can execute code before you notice.
AI & TechnologyAI Agents Should Call Models
AI agents should call trained machine-learning models as tools instead of asking an LLM to guess prices, risk scores, forecasts, or classifications.
AI & TechnologyResearch Papers Need Agent-Readable Claim Files
Agent-readable claim files let papers expose claims, scope limits, definitions, and figure commands so research agents cite, test, and reuse them safely.
AI & TechnologyAI Agent Safety Starts With Small Software
AI agent safety starts with small software: smaller tools, plain files, narrow permissions, and faster tests give coding agents fewer places to hide bugs.
AI & TechnologyMCP Tools Need Action-Level Authorization
MCP tools need action-level authorization: bearer-token validation must lead to per-tool, per-role, and per-action capability checks before agents act.
AI & TechnologyAI Malware Analysis Needs Evidence Packets
AI malware analysis needs evidence packets: hashes, commands, indicators, and claim-to-evidence trails matter more than confident agent summaries.
AI & TechnologyAI Agent Ownership Is the Trust Primitive
AI agent ownership links every autonomous action to the account, session, scope, and operator who can stop it, review it, and accept responsibility.
AI & TechnologyExternal Publications
Technical writing at Introl
Local LLM Hardware Pricing Guide 2025
Comprehensive hardware recommendations and cost analysis for running large language models locally.
H100 vs. H200 vs. B200: Choosing the Right NVIDIA GPUs for Your AI Workload
GPU selection guide comparing NVIDIA's latest datacenter accelerators for different AI workloads.
TPU Architecture: Complete Guide to Google's 7 Generations
Deep technical dive into Google's Tensor Processing Unit evolution from TPUv1 to TPUv5.
GPU Memory Pooling in Multi-Tenant Kubernetes
Resource sharing strategies for GPU clusters in containerized environments.
Ray Clusters: Distributed AI Computing Infrastructure
Guide to building and managing distributed AI computing with Ray framework.
DeepSeek V3 Open Source AI Cost Advantage
Analysis of open source LLM economics and DeepSeek's competitive positioning.
NVIDIA Vera Rubin GPU 600kW Racks 2027
Future datacenter power requirements and NVIDIA's next-generation GPU roadmap.
SMR Nuclear Power for AI Data Centers
Small modular reactor solutions for powering next-generation AI infrastructure.
DeepSeek MHC Architecture Breakthrough
Technical analysis of DeepSeek's Multi-Head Compression architecture innovations.