Notes
Short pieces about the methodology and architecture decisions behind the AI systems I ship — specs, evals, multi-agent orchestration, LLM integration, and the discipline of directing coding agents.
June 11, 2026
Shadow AI is your real breach
When companies picture an AI security incident, they imagine a rogue model or a compromised agent. The leak actually happening at most companies is far more boring: their own employees pasting confidential data into AI tools nobody approved. 71% of workers have used unapproved AI at work, 57% actively hide it, and one in five organizations has already had a breach tied to it — at about $670,000 a pop. The fix isn't a ban. Bans are why it's hidden in the first place.
- security
- business
June 11, 2026
You can't tell what's real anymore
A new survey found that 85% of people say they can no longer tell real content from AI-generated content — up from 66% a year ago. 84% say 'convincing video evidence' no longer feels like proof. The default assumption the entire internet ran on — what I see is real — just broke for nearly everyone. That's not only a scam problem. It quietly changes what every product has to do: when authenticity can't be assumed, trust stops being free and becomes something you have to build.
- security
- business
June 10, 2026
“Managed agents” are convenient until you can’t leave
Google, Anthropic, and others are pushing the easiest pitch in AI: one API call and we'll run your whole agent — the sandbox, the tools, the memory, the state — on our infrastructure. It's genuinely convenient, and for a prototype it's great. But notice what you just handed over. A managed model API rents you the brain, which stays swappable. A managed agent rents you the entire nervous system of your product, and that's a much deeper hook. Convenience and lock-in are the same purchase here — and the bill comes later.
- business
- architecture
June 10, 2026
One model for everything is ending
Microsoft just shipped seven AI models at once — not one bigger brain, but a reasoning model, a coding model, a transcription model, a voice model, and more, each built for a single job. Meanwhile the frontier generalists keep getting more capable. Both things are true, and the gap between them is the point: the headline race is about one model doing everything, but the thing that actually works in production is a curated stack of specialists. Picking 'the best model' is the wrong question now.
- ai-native
- architecture
June 10, 2026
The risk was never the model. It's the system around it.
The most authoritative AI safety body in the world — a hundred-plus experts chaired by Yoshua Bengio, backed by thirty governments — just landed on a quietly deflating conclusion: the most pressing AI risks come less from the models themselves than from the systems companies build around them. Not the sci-fi misaligned superintelligence; the integrations, the permissions, the business processes a small error propagates through. For builders that's good news, because it means AI safety is mostly a job you can actually do.
- architecture
- security
June 10, 2026
Why your agent's pull request gets rejected
Researchers studied 33,000 pull requests written by AI coding agents, and about 29% never got merged. The interesting part is why: not mostly because the code was wrong, but because the PR was a bad collaboration artifact — too big, touching too many files, bundling unrelated changes, failing CI, and explaining itself poorly. Getting code accepted turns out to be a different skill than writing it, and it's exactly the skill agents don't have by default. Here's what that means for using them.
- methodology
- agents