groundy

Groundy — independent coverage of developer tools, infrastructure, and platforms

agents

Penetration Testing Multi-Agent LLM Systems: A Failure Catalog Vendors Don't Document

The first independent pen tests of proprietary agent deployments found preventable classical vulnerabilities, not novel AI flaws, compounding across multi-agent topologies.

by Groundy Editorial · 6min · 19:14 · may 26
security

OpenAI's New Safety Bug Bounty Pays Researchers for Jailbreaks and Policy Bypasses

OpenAI's safety bounties create a vendor-controlled disclosure market where NDAs silence participants, payouts trail serious red-team costs, and open publication has no lane.

by Groundy Editorial · 6min · 17:06 · may 26
models

One Learning Rate Doesn't Fit All: Heavy-Tail Layerwise LR Schedules for LLM Pretraining

LLR assigns per-layer learning rates from spectral heavy-tail diagnostics during LLM pretraining, achieving 1.5x faster convergence and up to 2 pp higher zero-shot accuracy.

industry

OpenAI Buys Statsig and Makes Vijaye Raji CTO of Applications: Product Analytics Becomes Core Infra

OpenAI's $1.1B Statsig deal makes experimentation infrastructure a strategic asset in the AI vertical integration race, pressuring LaunchDarkly and Amplitude.

security

Axios npm Compromise Forces Vercel Into Platform-Level Remediation

When compromised axios npm versions carried a North Korean RAT, Vercel blocked C2 egress at the deploy layer because the npm registry did not verify OIDC provenance.

industry

HuggingFace's $100M Series C Bets Open-Source AI Can Outlast Per-Token Pricing Wars

HuggingFace's $100M Series C funds an open-weights infrastructure stack designed to let enterprises avoid escalating per-token API costs from closed-model providers.

security

Next.js Dev Server CVE-2025-48068: Any Web Page Could Read Your Source Files

CVE-2025-48068 lets any webpage read source files from a running Next.js dev server via cross-origin script inclusion, exposing secrets loaded in .env files.

industry

Vercel's Series F Repackages Frontend Hosting as an AI Cloud Bundle

Vercel's Series F funded an AI middleware stack whose SDK, gateway, and runtime create switching costs, raising the feature bar for rival hosting platforms to stay.

featured editor's picks
most popular last 6 days · by traffic
top highest rated
feed all 261 articles · reverse chronological
  1. may 26 agents Penetration Testing Multi-Agent LLM Systems: A Failure Catalog Vendors Don't Document
  2. may 26 security OpenAI's New Safety Bug Bounty Pays Researchers for Jailbreaks and Policy Bypasses
  3. may 26 models One Learning Rate Doesn't Fit All: Heavy-Tail Layerwise LR Schedules for LLM Pretraining
  4. may 26 industry OpenAI Buys Statsig and Makes Vijaye Raji CTO of Applications: Product Analytics Becomes Core Infra
  5. may 26 security Axios npm Compromise Forces Vercel Into Platform-Level Remediation
  6. may 26 industry HuggingFace's $100M Series C Bets Open-Source AI Can Outlast Per-Token Pricing Wars
  7. may 26 security Next.js Dev Server CVE-2025-48068: Any Web Page Could Read Your Source Files
  8. may 26 industry Vercel's Series F Repackages Frontend Hosting as an AI Cloud Bundle
  9. may 26 infra Gemma 4 31B on Cloud TPU vs GPU: The Serving Cost Crossover Point
  10. may 26 agents Claude Code, Cursor, Copilot: How Agentic Coding Assistants Get Weaponized as Attacker Shells
  11. may 26 infra Cloudflare Flagship Is a Feature Flag Service That Deepens Platform Gravity
  12. may 25 agents Microsoft Bolts Governance Onto Agent Framework as Stack Sprawl Persists
  13. may 25 policy arXiv Paper Tracks FTC Affiliate Disclosure Gaps in YouTube's Influencer Economy
  14. may 25 devtools Bun Rewrites Its Core From Zig to Rust, Putting Downstream Zig Bindings at Risk
  15. may 25 infra ObjectCache Moves KV Reuse to S3-Class Storage: Why Layerwise Retrieval Beats Full-Prefix Cache Hits
  16. may 25 policy AI Safety Benchmark Rankings Flip Based on Eval Config, SafetyRepro Paper Reports
  17. may 25 infra Vercel's CDN Origin Timeout Jumps to 2 Minutes: A Concession to LLM Streaming Workloads
  18. may 25 agents GovernSpec Contractual Skills Make Agent Governance Auditable Before Runtime
  19. may 25 devtools Vercel Bets on Bun While Post-Acquisition Priority Drift Makes the Runtime a Vendor Decision
  20. may 25 industry OpenAI Replaces Indeed's Job-Matching Engine: What It Means for ATS Vendors
  21. may 25 oss One Coding Agent Per Kanban Card: Kanbots Stress-Tests Parallel AI Workflow
  22. may 25 infra Fluid Compute vs PgBouncer: Vercel's Undocumented Bet on Connection Reuse
  23. may 25 devtools PromptArmor Shows Microsoft Copilot Cowork Can Be Tricked Into Exfiltrating Files
  24. may 25 agents Indirect Prompt Injection Benchmarks Were Too Easy: LivePI Adds Realism
  25. may 25 security Apple Names Claude in CVE Credit Line, Setting Vendor Attribution Precedent
  26. may 24 industry Vercel Acquires Splitbee to Fold First-Party Analytics Into the Hosting Bundle
  27. may 24 models Embedding Compression at Training Time: DIVE's Gradient Trick vs Post-Hoc Quantization for Vector DBs
  28. may 25 devtools Anthropic Buys Stainless: OpenAI and Google Now Depend on a Rival for SDK Tooling
  29. may 24 models μP Hyperparameter Transfer Has an Embedding Layer Hole, New arXiv Paper Says
  30. may 25 models Audio LLMs Break When the Codec Changes: A Robustness Vector Voice-AI Teams Haven't Tested
  31. may 24 policy arXiv 2602.13372 MoralityGym Tests Whether Agents Hold Moral Priorities Across Sequential Decisions
  32. may 24 devtools Rmux Brings a Playwright SDK to tmux Sessions for Agent Automation Workflows
  33. may 24 oss Nesbitt's Open Source Death Taxonomy Exposes a Health Score Blind Spot
  34. may 25 agents Routing LLM Agents: Why TwinRouterBench Splits Static and Live Evaluation
  35. may 24 infra Vercel Fluid Pools Database Connections Across Invocations, Bypassing External Poolers
  36. may 23 models Project Glasswing One Month In: AI Bug Discovery Has Outpaced the Patch Pipeline
  37. may 24 industry SoftBank's $40B Bridge Loan Means Bank Covenants Will Shape OpenAI's Post-IPO Pricing
  38. may 24 security CISA's Internal Data Leak Tests the Disclosure Standards It Sets for Others
  39. may 25 infra Railway's GCP Suspension Is a Reseller PaaS Problem, Not a Google One
  40. may 25 models Do LLMs Know What Not to Say? Causal Evidence for Statistical Preemption
  41. may 24 security TanStack npm Attack: When OIDC Trusted Publishing Becomes the Attack Vector
  42. may 24 infra Vercel CDN Request Collapsing: One Origin Fetch Per ISR Cache Miss
  43. may 25 oss Microsoft Open-Sources the Earliest Known DOS Source Code: What 1980 Tim Paterson 86-DOS Reveals
  44. may 24 culture OpenAI's Own Economic Analysis Quietly Concedes the Labor Displacement Case
  45. may 24 security Nx s1ngularity Attackers Used Local Claude Code and Gemini CLI to Steal Developer Tokens
  46. may 24 infra CISA Admin Leaked AWS GovCloud Keys on GitHub: What Federal Secret Scanning Missed
  47. may 24 oss Colorado SB051 Carves Out Open Source From Age Verification After Maintainer Backlash
  48. may 24 oss Colorado SB26-051 Shields Non-Commercial Open Source by Omission, Not by Design
  49. may 24 devtools Shai-Hulud Returns: 314 npm Packages Compromised in a Self-Propagating Supply-Chain Worm
  50. may 24 industry OpenAI's S-1 Triggers a Repricing Cascade for Every Private AI Lab Valuation
load older →