Blog Posts
- Home /
- Blog Posts
ClawJacked, Axios, and the Autonomous Agent Problem
TLDR; In a single 72-hour stretch of March 2026, we watched three independent attack surfaces on autonomous agents fail at once: OpenClaw’s localhost gateway (ClawJacked), the Axios npm package (a cross-platform RAT), and Anthropic’s own Claude Code source map leak — all converging on March 31. I’m not a security expert. I’m a DevOps practitioner who ran the homework before running the software, and this post is that homework. Part 1 is the problem. Part 2 will be what I’d want to be true before I run a personal assistant in a form of agent.
Read More
I Want a Personal Agent. I'm Not Running One Yet — Here's What Would Change That
TLDR;
In Part 1 I walked through the March 2026 failures: ClawJacked, the OpenClaw CVE flood, the Axios RAT, the Claude Code source map leak. This post is the constructive follow-up. I’m not anti-agent — I want a personal agent badly enough that I’ve been actively testing alternatives. But I’ve set a bar, and nothing I’ve tried clears it yet. Here’s what the bar looks like, what I’m testing (nanobot, nanoclaw, kubernetes-sigs/agent-sandbox), why prompt injection is the attack you can’t patch with a CVE, and the pre-flight checklist I’d want cleared before I point an agent at my real credentials.
Andrej Karpathy Just Made RAG Obsolete — And All You Need Is Three Folders
**TL;DR
**Andrej Karpathy just published a gist called LLM Wiki that replaces complex RAG pipelines with three plain-text folders: raw, wiki, and output. A coding agent reads your raw material, builds a compounding wiki, and your LLM context window becomes genuinely smarter over time — no vector database, no embeddings infrastructure, no DevOps expertise required. I’ve been doing a version of this for four years on my wiki. Now that Karpathy has a name for it, maybe everyone else will catch up.
The Agent Cost Wars — Updated: GLM-5, M2.7, and What the Leaderboard Actually Tells Us
TL;DR A week ago I published a piece about MiniMax M2.5’s “$1/hour agent” promise and called it the dawn of always-on intelligence. Since then, the leaderboard moved — fast. GLM-5 dethroned M2.5 as the top open-weight model, M2.7 shipped with the same aggressive pricing but unconfirmed licensing, and Gemini 3.1 Pro quietly became the price-performance king among flagships. This is my attempt to challenge my own earlier post with updated numbers from Artificial Analysis, and share some careful impressions on what this means for practitioners heading into the second half of 2026.
Read More
The View from Outside the Glass: Why Growing Organizations Need the Outsider's Mirror
TL;DR, Growing engineering organizations get trapped in the “inner loop” — high-velocity execution that slowly drifts from strategic intent. An external consultant’s value isn’t superior knowledge; it’s lower latency to the truth. This post explores why speaking up is an act of service, not arrogance, and how the “outsider’s mirror” helps teams move from reactive execution to intentional alignment.
Read More
The $1,892 Agent: MiniMax M2.5 and the Dawn of Always-On Intelligence
TL;DR
MiniMax M2.5 is a 230B-parameter model that activates only 4% of its weights per token — yet scores 80% on SWE-bench Verified, putting it neck-to-neck with Anthropic Opus 4.6 at roughly 3% of the cost. At ~$1,892/year for a continuously running agent, the “always-on agent” is no longer a thought experiment. The cost of intelligence is approaching the cost of electricity, and Jevons’ Paradox says: demand is about to explode.
Read More
AWS KMS Best Practices: Securing the Secret Ingredients of Your Infrastructure
TL;DR
AWS KMS gives you three flavors of encryption keys — AWS-owned, AWS-managed, and Customer Managed Keys (CMKs). For anything resembling production, CMKs are the only real choice: they give you control over rotation, deletion, cross-account access, and most critically — the ability to kill a key in an emergency. Think of KMS like a hotel’s key management system: the entrance guard has one master card, but the security manager holds the safe with all the master keys. Designing your KMS strategy right is what keeps you from handing that safe to an attacker.
Read More
AWS Landing Zone Accelerator — When Multi-Account Governance Gets Real
TL;DR
If you’re managing more than a handful of AWS accounts with compliance requirements like HIPAA or FedRAMP, you’ll quickly outgrow IAM Identity Center and manual guardrails. AWS Landing Zone Accelerator (LZA) is an open-source CDK application that turns a set of YAML configuration files into a fully governed, multi-account, multi-region AWS environment — including networking, security controls, and OU-based policy enforcement. This post walks through a real-world design: a shared Transit Gateway architecture with Dev/Prod isolation, NACL-based traffic boundaries, and dual-region deployment for multiple workload types.
Read More
AI Chaos and Productivity How to Choose Your Core Tool Stack (and Stop the FOMO)
This post was originally published on Israeli Tech Radar.
TLDR; beyond the cost of conversations, this post is going to discuss the golden path and hopefully introduce the methodology of choosing the most fitted tool-set using a handful of tools which can help mold you A.I strategy. We’ve all heard of 10x developers and this post is aiming at building 10x teams which scale-well with A.I.
Read More
AI Usage: Are You Vibing or Building? Your Wallet Might Know
This post was originally published on Israeli Tech Radar.
Artificial intelligence is rapidly changing how we work and create. We’re using it for everything from drafting quick emails to designing complex systems. But how we interact with AI — the “usage model” — significantly impacts both the results we get and the money we spend, if your not spending money on A.I / plan to but not dure on what stay tuned and lets start thinking in “token” which might fit in to 2 code categories:
Read MoreCategories
- 12-15 Factors ( 3 )
- Agentic AI ( 5 )
- Architecture ( 1 )
- Chaos Engineering ( 4 )
- Chef ( 1 )
- Cloud Native ( 1 )
- Developer Experience (DevEx) ( 31 )
- Development ( 20 )
- DevOps ( 6 )
- Infrastructure as Code ( 1 )
- K3d ( 1 )
- K3s ( 1 )
- Kubernetes ( 13 )
- Lightning Talks ( 4 )
- Medium Publications ( 17 )
- Meetup ( 7 )
- Microservices ( 1 )
- Monitoring ( 2 )
- Platform Engineering ( 2 )
- Presentations ( 23 )
- Production Readiness ( 9 )
- Security ( 2 )
- TechRadarCon ( 2 )
- Vagrant ( 1 )
- Webinar ( 8 )
- Youtube ( 27 )
- YoutubeShorts ( 1 )
Tags
- 12-15 Factors
- 12-Factor
- 15-Factor
- A.I
- A.I Driven DevOps
- Agent-Sandbox
- Agentic A.I
- Agentic-Ai
- Agentic-Sdlc
- AI
- Aibyte
- Always-on-Agents
- App-Driven-Iac
- Artificial-Analysis
- Autonomous-Agents
- Autoresearch
- Aws
- Bitwarden
- CDK
- Chaos Engineering
- Chef
- Claude-Opus
- Cloud-Native
- Coding-Agents
- Compliance
- Config
- Consulting
- Control-Tower
- Cost-Optimization
- Crossplane
- Dagster
- Declarative
- Dev-Experience
- Development
- DevEx
- Devops
- Devsecops
- Dora-Metrics
- Dotfiles
- EKS
- Encryption
- Engineering
- Engineering-Culture
- Git
- GitOps
- Glm-5
- Habbits
- Helm
- Hipaa
- IaC
- Imperative
- Infrastructure-as-Code
- K3d
- K3s
- Karpathy
- Kms
- Knowledge-Management
- Kubernetes
- Landing-Zone-Accelerator
- LLM
- Llm-Cost
- Llm-Pricing
- Meetup
- Microservices
- Minikube
- Minimax
- Minimax-M2.5
- Mixture-of-Experts
- Monitoring
- Multi-Account
- Nanobot
- Network-Architecture
- Object Storage
- Obsidian
- Openclaw
- Opencode
- Organizational-Patterns
- Platform-Engineering
- Pre-Commit
- Production Readiness
- Productivity
- Prompt-Injection
- Pulumi
- Python
- Rag
- S3
- S3 CSI Driver
- Sandboxing
- Secrets
- Security
- Software
- SRE
- Supply-Chain
- Swe-Bench
- Team-Topology
- Tech-Talk
- TechRadarCon
- Terraform
- Thought-Leadership
- Toil
- Tools
- Transit-Gateway
- Vagrant
- Vibe-Coding
- Webinar
- Youtube
- YoutubeShorts