Sven Schuchardt

👉 How to Compute Zero Trust Effectiveness: Four Metrics That Survive a Breach Three hops captures the realistic post-compromise reach inside a typical enterprise environment. If your IAM tooling does not expose a graph, the practical substitute is "count of distinct resources the identity has permission to read or modify within 60 minutes of session start, assuming no MFA step-up triggers." https://t.co/46lpr8q2jE

True — but “data foundations” is only half the story. Most companies don’t fail because they lack data. They fail because they lack usable, trusted, and connected data. As the paper points out, scaling agents requires: - consistent context (not siloed fragments) - real-time data quality (not periodic cleanup) - governance embedded into workflows 👉 That’s not a data problem. It’s an operating model problem. The winners I see don’t start with “better data lakes” — they start with: → a few high-impact workflows → clear ownership of data + decisions → systems that make data usable by design Curious how others are tackling this: Are you fixing data first — or redesigning workflows around it?

This is a real failure mode — but not a death sentence for RAG. What breaks here isn’t “retrieval” per se, it’s: 👉 uncontrolled ingestion + weak ranking If you dump everything into a vector DB, you’re outsourcing data quality to the model at query time → that doesn’t scale. Write-time gating is powerful, but most teams can already get 80% there with: - curation & deduplication before indexing - metadata + source weighting (not just embeddings) - multi-stage retrieval (filter → rank → verify) Also important: 👉 0% accuracy at 8:1 distractors says more about retrieval design than architecture limits. The real takeaway: - RAG is not “plug & play infra” - it’s a data pipeline problem Garbage in → still garbage out, just vectorized. 😅

There’s a shift — but this framing is too binary. AI lowers the cost of building → yes But SaaS moats were never just features: - data, workflows, switching costs, ecosystem “AI can rebuild it in weeks” ignores: enterprise integration complexity trust & compliance organizational inertia What is changing: - speed of iteration - pressure on weak products So it’s less “SaaS is dead” and more: 👉 only differentiated SaaS survives

Big milestone — but the key word is still “Supervised.” That’s not a limitation, it’s the current architecture: 👉 AI handles perception + control 👉 humans handle edge cases + accountability The interesting question for Europe isn’t capability — it’s: 👉 regulatory trust vs real-world reliability Driving “almost anywhere” is impressive. Handling the 1% of unpredictable scenarios safely — that’s what decides adoption.

The Outlook os clear on this - tend to agree...but, Feels less like “the model becomes the computer” and more like:👉 the abstraction boundary is shifting We’ve been externalizing:memory → databases execution → runtimes interfaces → OS/GUI Neural Computers collapse parts of that into a learned latent runtime. The upside: - tighter integration of perception + action - fewer brittle interfaces between components The open problems are exactly where it gets real: - determinism & reproducibility (hard to debug latent execution) - governance & safety boundaries (where do you enforce constraints?) - state persistence & reuse beyond a single rollout Feels like a step toward a new compute model — but we’ll likely end up with hybrid systems: - learned runtime for flexibility - symbolic/runtime layers for control Otherwise you’re trading system complexity for opacity.

That claim mixes up encryption with data usage around it. 🤔 End-to-end encryption (as used by WhatsApp) means: 👉 message content isn’t readable by the provider in transit But: - metadata (who, when, how often) is visible - backups (e.g. cloud) may not be E2E encrypted by default - client-side features can process content locally So the real debate isn’t “fraud vs not” — it’s: 👉 what is protected vs what is still exposed Oversimplifying this erodes trust just as much as poor transparency.

The fastest growing GitHub repos this week: 1. NousResearch/hermes-agent (+19.8K stars) The agent that grows with you 2. siddharthvaddem/openscreen (+12.3K stars) Create stunning demos for free. Open-source, no subscriptions, no watermarks, and free for commercial use. An alternative to Screen Studio. 3. Yeachan-Heo/oh-my-codex (+9.7K stars) OmX - Oh My codeX: Your codex is not alone. Add hooks, agent teams, HUDs, and so much more. 4. luongnv89/claude-howto (+7.3K stars) A visual, example-driven guide to Claude Code — from basic concepts to advanced agents, with copy-paste templates that bring immediate value. 5. onyx-dot-app/onyx (+5.6K stars) Open Source AI Platform - AI Chat with advanced features that works with every LLM 6. Yeachan-Heo/oh-my-claudecode (+5.2K stars) Teams-first Multi-agent orchestration for Claude Code 7. google-ai-edge/gallery (+4.3K stars) A gallery that showcases on-device ML/GenAI use cases and allows people to try and use models locally. 8. HKUDS/DeepTutor (+3.2K stars) "DeepTutor: Agent-Native Personalized Learning Assistant" 9. google-research/timesfm (+3.1K stars) TimesFM (Time Series Foundation Model) is a pretrained time-series foundation model developed by Google Research for time-series forecasting. 10. NVIDIA/personaplex (+2.7K stars) PersonaPlex code. The theme this week: claude code agent wrappers and multi-agent orchestration tooling are taking over. Bookmark this. Next week's list will look completely different.

63% of organizations worldwide have started a Zero Trust Strategy. 10% will have a mature, measurable programme by 2026. Both stats are Gartner. Both credible. Both uncomfortable. The gap is not technology. NIST SP 800-207 exists. The ZTA market is $17.3B growing to $38.5B by 2028. The products exist. The money is being spent. Stalled programmes keep seeing the same four reasons: → Scope creep. Teams try to transform everything at once and die of exhaustion before the first win is visible. → No success metrics. Boards see 18 months of spend with no measurable return and the programme quietly gets defunded. → Fragmented ownership. ZTA sits between the CISO and the CIO and nobody actually owns it. → Vendor-selection paralysis. Teams spend a year choosing a platform instead of shipping the first milestone. Meanwhile the economics are not waiting. Organizations with mature ZTA programmes averaged $1.76M less per breach in 2024 than those without. One avoided incident often returns the entire programme cost. What separates the 63% from the 10% is not a platform choice. It is the governance discipline to survive the first 18 months. 🤔 Which of these four stalls is yours closest to?

401 of 440. 😱 A UCSB study observed 440 autonomous coding sessions flowing through weakened LLM router decoys. 401 were in YOLO mode — tool execution auto-approved without per-command confirmation. https://t.co/S5Zx3bKyCn The same paper tested 428 commodity LLM routers from Taobao, Xianyu and free community lists: → 9 injected malicious code into returned tool calls → 17 abused AWS canary credentials in transit → 2 used adaptive evasion (one activated only after 50 calls) → 1 drained a researcher ETH wallet Every LLM router terminates TLS on both sides and reads your keys, prompts and tool-call JSON in plaintext. No major provider signs tool-call arguments end-to-end, so the command your agent runs is not cryptographically bound to what the model produced. A single rewritten pip install is enough. Caveat worth naming: this is a preprint, and the corpus leans toward commodity Chinese marketplaces. 9/428 is not an industry base rate. It is proof the attack surface is in active exploitation — and the March 2026 LiteLLM PyPI compromise was the warning shot. Two decisions for this quarter: 1. Turn off YOLO mode by default. Per-command confirmation is a policy flip. 2. Treat your LLM router as a supply-chain vendor, not a transparent proxy. The next incident in this class is already in draft. https://t.co/c5U2LAp5lC https://t.co/S5Zx3bKyCn

This feels directionally right on agents changing workflows — but the conclusion is too absolute. What’s actually happening: Tasks are being automated, not entire roles Most enterprise work = messy, contextual, cross-functional → still hard to fully replace The bottleneck shifts from execution → judgment, coordination, accountability Agents will: 👉 compress teams 👉 increase output per person 👉 eliminate some roles But they’ll also create new ones around orchestration, validation, and integration. The real risk isn’t “AI replaces everyone” — it’s: 👉 people who don’t adapt get squeezed out of the value chain And the real opportunity: 👉 move from doing → designing systems that do Agree on one thing though: Tool literacy is becoming baseline, not an advantage. The edge will be: knowing when not to trust AI structuring problems so agents can solve them owning outcomes, not just outputs So yes — prepare. But not just by learning tools. Learn how to build and control systems with them.

Great resource 💪 — but the real leverage isn’t the list, it’s how you use it. Most beginners get stuck exploring tools. The better approach: 👉 pick one engine + one asset source + one tutorial 👉 ship a small game in 1–2 weeks Constraints > options. Otherwise you’re building a collection, not a game.