The systems behindthe AI hype.
Long-form architecture notes on AI integration — evals, failure modes, observability, and the plumbing that moves a model past the demo.
Scroll to read
Featured
What a trustworthy agent-governance system has to do
Eleven processes, and why each one earns its place. A pattern catalog drawn from building a reference implementation against the OWASP ASI threat model, for anyone designing systems where AI agents act on behalf of humans.
security · agents · governance · 15 min
Read the articleIndex — 07 entries
- 01The Architecture of AI Progress, 2016–2025An interactive map of 56 foundational papers across nine research swim-lanes — how self-attention, diffusion, and reinforcement learning intertwined to produce today's frontier AI.research · machine-learning3 min
- 02How to Give AI Agents Real IdentitiesMost teams shipping agents use one shared API key for all of them. Here is why that fails and how to compose SPIFFE workload identity, OPA policy-as-code, Biscuit attenuation, and CAEP revocation into a system that can prove its own correctness.security · identity11 min
- 03The missing layer: a field guide to agentic AuthN/AuthZWhat's being built, what's missing, and where the ROI is. A map of the converging protocol stack, the threat surface, the vendor landscape, and the reference architecture I'd propose to a CTO.security · identity10 min
- 04Building a prompt injection defense layerA hands-on guide to combining six open datasets, training a multi-stage classifier, and running a working prompt injection gate entirely on a single machine. No cloud account required.security · llm11 min
- 05Don't build agents. Build skills.A working mental model for agent systems that don't collapse in production — where the agent is thin, intent-only orchestration and every capability is a testable skill.agents · architecture3 min
- 06Legacy-to-cloud migration intelligenceA short note on using LLMs to read an old codebase, classify its shape, and emit a defensible migration plan — not to do the migration, but to decide what the target should be.migration · architecture1 min
- 07FHIR integration on EKSHow a minimal FHIR server runs inside a Kubernetes cluster under real healthcare compliance — what the request path looks like, and where the auditability lives.fhir · healthcare1 min