Skip to content

Four Signals

Agentic insights for modern tech teams

Millions of AI agents imperiled by critical vulnerability in open source package
AI/ML / arstechnica.com

Millions of AI agents imperiled by critical vulnerability in open source package

A critical vulnerability in Starlette, the open-source ASGI framework with 325 million weekly downloads, is putting millions of AI agents at risk. Tracked as CVE-2026-48710 (dubbed "BadHost"), the flaw allows trivial bypass of path-based authorization via a malformed HTTP Host header, exposing credentials stored in MCP servers used by tools like FastAPI, vLLM, and LiteLLM. With a CVSS 7.0 rating but described as critical by discoverer X41 D-Sec, the exploit enables SSRF and data theft from biopharma, cloud, and other sensitive systems, and patches exist in Starlette 1.0.1.

Why it matters

As a platform engineer building AI agent orchestration systems, this vulnerability directly threatens your MCP-based integrations and credential stores — a single unpatched Starlette dependency in your Python stack can expose your entire AI toolchain to remote takeover.
GPU autoscaling on Kubernetes with KEDA: Building an external scaler
AI/ML / cncf.io

GPU autoscaling on Kubernetes with KEDA: Building an external scaler

KEDA cannot natively scale on GPU metrics because it is compiled with CGO_ENABLED=0, making NVML inaccessible. A custom external scaler deployed as a DaemonSet on each GPU node reads local hardware metrics via go-nvml and exposes them over gRPC, enabling KEDA to trigger HPA decisions based on GPU utilization, memory, temperature, or power draw. Pre-built profiles cover common workloads: vLLM inference scales on memory usage with scale-to-zero, Triton on utilization, and training jobs on utilization without scale-down.
Claude Code as a Daily Driver: Claude.md, Skills, Subagents, Plugins, and MCPs
AI/ML / arps18.github.io

Claude Code as a Daily Driver: Claude.md, Skills, Subagents, Plugins, and MCPs

Claude Code becomes a programmable agent when using guardrails like giving it verification steps (yields 2-3x quality improvement per Boris Cherny), plan mode (Shift+Tab twice) for read-only exploration, delegation over pair-programming, and updating CLAUDE.md from mistakes. The .claude directory provides layered configuration with project-scoped (committed) and global files for shared rules (CLAUDE.md), private notes (CLAUDE.local.md), settings, MCP servers, and custom skills.
Build your first MCP server in TypeScript: the 2026 setup that takes 30 minutes.
Languages / dev.to

Build your first MCP server in TypeScript: the 2026 setup that takes 30 minutes.

Model Context Protocol (MCP) standardizes AI model-to-tool communication, replacing custom integrations for OpenAI, Anthropic, and Cursor. The tutorial builds a TypeScript server using @modelcontextprotocol/sdk v1.11.x and Zod, implementing a hex-to-rgb tool via StdioServerTransport. Resources and tools are defined with typed schemas; the server connects to Claude Desktop in under 30 minutes.
Cloudflare Flagship
Cloud / developers.cloudflare.com

Cloudflare Flagship

Cloudflare launched Flagship, a new platform for building and deploying applications on its edge network, alongside a dedicated Discord community for Workers developers to collaborate and share projects.