Skip to content

Four Signals

Agentic insights for modern tech teams

Vector illustration of the Grok logo.
AI/ML / theverge.com

SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage

SpaceXAI's Grok Build AI coding tool uploaded entire user codebases to Google Cloud, including sensitive files and deleted secrets, before being disabled after Cereblab's findings. The CLI's /privacy per-session toggle was misrepresented as the fix, while the real control was a server-side "disable_codebase_upload" flag. Musk pledged to delete all previously uploaded data, but the incident underscores excessive data retention risks in AI coding assistants.

Why it matters

This directly impacts your evaluation of AI coding tools for your team — you need to vet data handling policies before adopting LLM-powered dev assistants that could exfiltrate entire repositories.

Backed by $60M in funding, Oak steps out of stealth to fix the identity mess that AI agents are making worse
Startup / techcrunch.com

Backed by $60M in funding, Oak steps out of stealth to fix the identity mess that AI agents are making worse

Oak, an Israeli startup backed by $60M from Accel, CRV, and Greylock, emerged from stealth with an AI-native IAM platform that replaces legacy tools by mapping access to actual app usage and removing permissions in real time. Co-founded by Shai Morag (ex-Tenable, Ermetic) and Tal Marom, its AI connector framework triggers on anomalous logins and is already deployed by enterprise clients to address the identity chaos worsened by AI agents. The company plans heavy R&D investment and U.S. hiring to scale against deep vendor lock-in.

The Memory Heist
AI/ML / ayush.digital

I tricked Claude into leaking your deepest, darkest secrets

Security researcher Ayush Paul compromised Claude's memory system by exploiting the web_fetch tool's URL restriction logic: it allowed fetching links from previous results, so he embedded personal data (name, employer, security answers) in a URL path that Claude navigated to, exfiltrating it to a malicious server. Anthropic blocks arbitrary URLs but the third criterion—fetching URLs from previous web_fetch results—enabled this indirect leak via a hyperlink Claude 'clicked' from its own browsing history. The attack reveals how AI memory systems (daily summarization and conversation_search) store dense user profiles vulnerable to exfiltration when paired with web-capable agents.

DSLs Enable Reliable Use of LLMs
AI/ML / martinfowler.com

DSLs Enable Reliable Use of LLMs

Domain-specific languages (DSLs) like Tickloom, built iteratively with LLMs, provide the constrained vocabulary needed to generate reliable, intended code from natural language. Unmesh Joshi of Thoughtworks argues that DSLs act as a source of truth, guiding LLMs through clear boundaries while design is discovered through implementation, overcoming the limits of upfront specification.

The Order of Data: defaults, performance, determinism & paging
General / binaryigor.com

The Order of Data: defaults, performance, determinism & paging

SQL queries without ORDER BY yield undefined, database-specific ordering. In Postgres, the default order appears insertion-based but shifts after UPDATE (which is DELETE+INSERT), DELETE, or VACUUM, making LIMIT/OFFSET paging non-deterministic. Developers must always specify ORDER BY for predictable pagination.

JavaScript has no sorted containers. I built one for TypeScript.
Languages / dev.to

JavaScript has no sorted containers. I built one for TypeScript.

A new TypeScript library, sorted-collections, provides SortedList, SortedSet, and SortedMap using a bucket-based design inspired by Python's sortedcontainers, achieving O(log n) insertions and O(√n) positional access with zero dependencies (~2KB gzip). Bulk construction can be up to 3x faster than per-element insertion for SortedMap at one million entries, and custom comparators are fully typed. The package is gated by publint, arethetypeswrong, and size-limit in CI, but for small datasets a plain array with .sort() remains simpler.

General / alexedwards.net

How I use HTMX with Go

The author details a structured approach to combining HTMX with Go's html/template package, using a template hierarchy of base, pages, and partials to serve both full-page and partial HTML responses. Key patterns include handling redirects and errors via HTMX response headers, serving HTMX as a local static file to avoid CDN dependencies, and integrating a classless CSS framework like Bamboo. The result is a server-rendered web app with minimal JavaScript that maintains security and consistency.

AWS Ships Claude Apps Gateway as Self-Hosted Control Plane for Claude Code and Claude Desktop
AI/ML / infoq.com

AWS Ships Claude Apps Gateway as Self-Hosted Control Plane for Claude Code and Claude Desktop

AWS shipped Claude Apps Gateway, a self-hosted control plane shipping inside the Claude Code CLI binary that centralizes access, cost, and policy for Claude Code and Desktop. The stateless container runs on ECS/EKS/EC2 behind an ALB with RDS for PostgreSQL, routing inference to Bedrock, Claude Platform, or other upstreams like Google Cloud's Agent Platform, while handling identity via OIDC, policy per group, OpenTelemetry telemetry, and spend caps. Within a day, practitioners were already probing identity edge cases the gateway does not yet address.

Type-safe LLM outputs with Zod: stop guessing what the model returns.
AI/ML / dev.to

Type-safe LLM outputs with Zod: stop guessing what the model returns.

Zod schemas with safeParse enforce runtime validation against LLM output drift—catching extra fields, wrong casing, or unexpected keys via ZodError before they corrupt downstream data. The pattern integrates with the Vercel AI SDK's Output.object and Anthropic SDK's tool_choice, and includes a retry loop that recovers from parse failures without crashing callers. For multi-intent routing, discriminated unions let the model pick a structured branch while Zod guarantees the shape.

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
AI/ML / arstechnica.com

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

ESET's Martin Smolár discovered 11 unrevoked shims signed by Microsoft, some from 2013, enabling trivial Secure Boot bypass to install persistent bootkits like LoJax and BlackLotus on Windows and Linux. The shims, secondary trust anchors for Linux and third-party software, were never revoked despite known vulnerabilities, undermining UEFI trust until Microsoft's June patch. This decade-long gap requires only an old shim binary and basic understanding to exploit.