This week's articles
How Amazon uses agentic AI for vulnerability detection at global scale
Amazon's RuleForge is a multi-agent AI system that auto-generates CVE detection rules from exploit PoC code. It uses parallel generation (via Amazon Bedrock/Fargate), a separate judge model (reducing false positives by 67%), and multistage validation, achieving 336% faster rule production than manual workflows while keeping humans in the final approval loop.
Orchestrating AI Code Review at scale
Cloudflare built a CI-native, plugin-based AI code review system using OpenCode, orchestrating up to 7 specialised agents (security, performance, code quality, etc.) per merge request. It processed 131K reviews across 48K MRs, averaging $0.98/review at 3m39s median latency, with an 85.7% prompt cache hit rate.
Agents as scaffolding for recurring tasks
An effective agent pattern for recurring tasks: prototype with agent-driven flow, then refactor to code-driven control, using agents only for ambiguous sub-tasks (e.g., ownership resolution). Results in faster, cheaper, more reliable, and maintainable pipelines.
The case for dependency cooldowns in a post-axios world
Following recent npm supply chain compromises (axios, s1ngularity), the article advocates for dependency cooldowns": intentional delays before installing newly published packages. Npm, Yarn, pnpm, and Dependabot all now support configurable cooldown settings; a 12-hour minimum would have blocked both attacks entirely.
My Claude Code Setup (2026 Edition)
A walkthrough of my Claude Code setup across a multi-project monorepo: global settings, safety guardrails, a context/plan/code workflow, subagents and plugins, and the StarCraft-themed customisations that make the terminal feel like mine.
|