Archive

All Articles

Explore our complete collection of 274 articles. Expert insights on AI, technology, and software development.

Showing 31–45 of 274 articles · Page 3 of 19
Infrastructure & Runtime

Azure NAT Gateway Blocks [Tailscale Direct Connect](/articles/crawshaws-i-am-building-a-cloud-what-a-tailscale-co-founders-solo-stack-implies/); v1.96.2 Fixes Container Relay Scaling for AKS

Azure NAT Gateway's Hard NAT forces Tailscale onto DERP; a public-subnet Peer Relay bypasses it. v1.96.2 fixes container GOMAXPROCS socket scaling for AKS relay instances.

 Security

Citizen Lab's 'Bad Connection' Names Three Telecom Entry Points, Shows Diameter Silently Falls Back to SS7

Citizen Lab names 019Mobile and two carriers as surveillance transit points and shows roaming-forced SS7 fallback undermines Diameter protections even on upgraded networks.

 Agents & Frameworks

Cloudflare Agents Week Moved Sandbox Execution, Private Networking, and Memory From Framework Code to Network Primitives

Cloudflare shipped four production primitives in April 2026 — Sandboxes GA, Mesh, Dynamic Workers, and Agent Memory — replacing infrastructure CrewAI, LangGraph, and AutoGen.

 Security

CVE-2026-1839: Transformers Trainer's safe_globals Is a No-Op on PyTorch < 2.6, Exposing [Checkpoint RCE](/articles/picklescan-1-0-4-patches-a-cvss-10-0-pkgutil-resolve-name-bypass-and-six/)

CVE-2026-1839 hits Transformers Trainer: [torch.load() on rng_state.pt](/articles/hugging-face-lerobot-cve-2026-25874-unauthenticated-pickle-loads-rce-in-grpc/)h runs pickle; safe_globals is a no-op on PyTorch < 2.6, so upgrading Transformers alone is insufficient.

 Security

CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure

CVE-2026-39987 gave attackers a root shell on Marimo in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.

 Security

Flowise's CVE-2026-41264 Turns an LLM-Written Import Into RCE, Breaking the Regex-Gated Sandbox

CVE-2026-41264 (CVSS 9.8) shows how a regex import allowlist in Flowise's CSV Agent fails when the LLM writes the code: aliasing os as pandas bypasses the filter and reaches.

 Agents & Frameworks

Frontier LLMs Fail Agentic Threat Hunting: Best Model Catches 3.8% of Malicious Events in 11-Model Benchmark

Simbian AI's benchmark tests 11 LLMs on raw Windows event log hunting; Claude Opus 4.6 leads at 0.55 coverage score while every other model clears zero of 13 ATT&CK tactics.

 Agents & Frameworks

FSE 2026: Chain-of-Thought Fails Per-Bias as Debiasing; Axiomatic Cues Cut Sensitivity 51%

FSE 2026: chain-of-thought fails per-bias on PROBE-SWE SE tasks. Axiomatic cues cut bias sensitivity 51%, exposing gaps in CrewAI, LangChain, Pydantic AI defaults.

 Developer Tools

GitHub CLI v2.91.0 Turns On Default Telemetry: What gh Collects and How to Opt Out in CI and Agent Pipelines

GitHub CLI v2.91.0 enables pseudonymous telemetry by default, collecting command paths, flags, CI context, and device IDs on 1% of invocations. Teams running gh inside Claude.

 Developer Tools

GitHub Copilot Drops Opus from Pro and Pauses Signups: The Forced Migration Facing [Agentic Workflows](/articles/github-copilot-replaces-premium-request-units-with-token-metered-ai-credits/)

GitHub removed [all Opus models from Copilot Pro](/articles/claude-code-vs-cursor-vs-copilot-after-the-april-2026-reshuffle-how/) on April 20, paused new signups, and flagged Opus 4.5 and 4.6 for Pro+ removal. Teams running Opus-based agent workflows must.

 Developer Tools

GitHub Copilot's Opus 4.7 Arrives at 7.5x. The Post-April-30 Multiplier Is Hidden

GitHub added Claude Opus 4.7 to Copilot Pro+ at a 7.5x [premium-request multiplier](/articles/github-copilot-replaces-premium-request-units-with-token-metered-ai-credits/) expiring April 30, while removing Opus 4.6 and leaving the post-promo rate undisclosed.

 Open Source

Inside Rowboat's Knowledge Graph: Why an Obsidian-Compatible Vault Sidesteps Vector DBs for Personal AI Memory

Rowboat v0.3.1 replaces the vector DB tier with a plain Markdown knowledge graph, cutting infra overhead for local-first agents but tying retrieval quality to link density.

 Infrastructure & Runtime

K-Token Merging Compresses Sequences in Latent Space, Lowering KV Cache Floors for 24GB and 48GB Cards

K-Token Merging compresses prompts in latent space before attention, cutting prefill KV cache 75% on 0.5B models and extending feasible context on 24GB and 48GB consumer GPUs.

 Infrastructure & Runtime

KServe + llm-d Claims 57× P90 TTFT. RC1 Ships with a Routing Deadlock and No Migration Guide

Red Hat's KServe + llm-d integration claims 57× P90 TTFT gains against an unoptimized vLLM baseline, but RC1 ships with a known routing deadlock, a prematurely merged WIP.

 Security

LangChain CVE-2026-34070: load_prompt Path Traversal Patched in 1.2.22, Symlink Bypass Left Open

LangChain CVE-2026-34070 (CVSS 7.5) enables arbitrary file reads via load_prompt traversal; langchain-core 1.2.22 patches direct traversal but leaves a symlink bypass open.