Blog
The last mile: from zero trust tokens to real-world resources
Key takeaways: The last mile problem is translating a verified zero trust delegation token into credentials that external resources will accept while preserving the permission intersection. This is solved by a credential gateway that validates the token, computes the...
Triton Kernel Profiling with Proton and ROCm on AMD GPUs
This is the second article in our series on Triton kernel profiling. In our first post, Triton kernel profiling with NVIDIA Nsight tools, we introduced how to profile and optimize custom Triton GPU kernels on NVIDIA hardware. In this post, we focus specifically on...
Wiring zero trust identity for AI agents: SPIFFE, token exchange, and Kagenti
Key takeaways: The identity plumbing for zero trust delegation is accomplished by wiring three technologies together: SPIFFE for service-to-service cryptographic workload identity (mTLS), AuthBridge via RFC 8693 token exchange to pass user delegation context (JWTs),...
From context to dreams: architecting memory for AI agents
Have you ever felt that every conversation you have with an LLM across sessions feels like starting over from scratch? LLMs have a problem: they have the memory of a goldfish (no disrespect to goldfish intended). This article explores the solution: Agent memory. Agent...
Benchmarking AI inference on CPUs: A transparent blueprint for the enterprise
As enterprises look to optimize the total cost of ownership (TCO) of Large Language Model deployment, utilizing existing enterprise CPU infrastructure alongside GPU resources for specific inference workloads has become a strategic initiative. However, infrastructure...
Zero trust for AI agents: why delegation beats impersonation
When an AI agent acts on your behalf, how much of "you" should it become? In AI systems, agent impersonation creates security risks by granting overly broad permissions. This post introduces a delegation model using a permission intersection' pattern, ensuring agents...
Who’s really calling? Securing agent-to-agent communication
The gap between what an agent claims and what the platform can verify is a real attack surface, and it grows with every new agent you onboard. As agents increasingly discover and call each other at runtime, protocols like Agent2Agent (A2A) have introduced a useful...
Code execution with MCP: How sandboxed Python replaces tool schema bloat in AI agents
As the number of tools connected to an AI agent grows, JSON Schema definitions become a massive scaling bottleneck. Every tool carries a full schema that gets loaded into the LLM’s context window on every turn. Our tests show that replacing these schemas with a...
PyTorch Call Stack Deep Dive: Tracing Tensor Operations from Python to C++ Kernels
Eliminating the ‘Rego tax’: How AI orchestrators automate Kubernetes compliance
Manually writing OPA Rego policies is a significant bottleneck for many platform teams, creating a 'Rego tax' that can slow down development and introduce risk. This article introduces a new approach: a Dynamic Kubernetes Policy Generator that uses a large language...