10 PRINT CHR$(205.5+RND(1)); : GOTO 10 ⇧⏎
MODEL 1701
May 2026
Keynote at Red Hat Summit 2026
I had the chance to show off the work my team and I have been doing during our day two keynote at Red Hat Summit 2026. We’ve tried to be thoughtful about the sorts of capabilities that we need to manage large scale deployment of agents, and I’m proud of our vision there so far.
The First Rule of Ethics Reminders Is You Don’t Talk About Ethics Reminders
I tested some of my insights from working on AI Networking policies in the wild and found that Claude tries to deny the existence of an apparent “ethics reminder” that gets injected by a guardrails system.
Illustrated Primer to GenAI Networking <- click link for narrated slides
I spoke at Cloud Summit in Vancouver, BC about “AI Gateways”. It’s trying to answer “what is an AI Gateway?”, “what are the challenges of using and building them?” It’s difficult to make a talk like that accessible without spending a long time chatting about Kubernetes, Proxies and other topics. Since I didn’t expect most people to have that complete set of pre-requisites, I tried to cover enough broad categories of topics that there would be at least one useful takeaway for most people using AI systems.
Kagenti Blog – When Claude Tried to Steal the HR Docs
I re-purposed my writeup about red teaming the Agent ops platform I’ve been working on with IBM Research, “Kagenti” into a guest post on the official Kagenti blog. It’s a fun story, that I’ll be adding to as we do more red teaming exercises. :]
The post is here.
April 2026
Kubecon EU 2026 AI Gateway Talk
We spent a lot of time socializing the AI Gateway Working Group’s work at Kubecon EU 2026. Unfortunately some of my workmates couldn’t make it. Though I was happily joined by one of our other co-chair’s, Flynn, on stage. I think we made a good team. :] This is timely, since some of the Egress work I speak about at ~15 minutes is now in the process of being reviewed for inclusion in Gateway API, see: GEP-4747.
Why There’s No Such Thing as an AI Co-Worker
To solve the biggest problems around agent identity, we need to connect our existing infrastructure to models themselves. At the level of input tokens (not text).
I’ve been experimenting with using Claude code running in-cluster to red team our security. I sat up a game of capture the flag where I gave Claude a leaked access token and asked it to pull HR data into its session within the context of a secured environment. To my chagrin, it thwarted my security measures immediately. Then I fixed the gap and watched it fail 41 times. Fun!
March 2026
Someone on Hacker News compared an LLM company using regexes to a truck company using horses. But the analogy is backwards: the LLM is the horse. :]
On a Podcast Talking about Delegated Authorization
A colleague referred me to this tech podcast and they reached out to chat. We mostly went over why delegation semantics are important, and how they’re implied (like it or not) in systems with multi-tenant agents.
Can Claude Play Ultima Online?
Building a text-based interface so Claude can explore the world of Sosaria, and a proposed architecture for real-time LLM agents inspired by subsumption.
Announcing the AI Gateway Working Group
For the past few months I’ve had the privilege of working heavily on this work-group, acting as a co-chair and contributing to its egress proposal in particular.
It’s a really crucial component for GenAI systems, because all of the AI specific network policy we’re applying: kv cache aware routing, guardrails policies, token based rate limiting and more… lack a fully featured control-plane. This is a big problem since e.g., many use cases imply strict requirements around policy ordering.
Our meetings are all recorded and available on YouTube here.
Video of talk from CNCF Vancouver
This talk was based on Old Things That Look Like Agents. It was a lot of fun to give and there were lots of good questions at the end. British Columbia has a wonderful and welcoming tech community.
February 2026
Old Things That Look Like Agents
Agents aren’t entirely new: Mechanical Turk, VPS Hosts and Cloud IAM each hint at the infrastructure we need.
January 2026
“The best projects are ones where you’d be happy if you found out that somebody had already done it.”
November 2025
Handing Your Phone to a Stranger, Why Agents Need Their Own Identity
How Agents and tools are conceptually different, why MCP and A2A are not the same thing and the practical implications for Agentic system designers. (Plus a shoggoth with a smiley face).
October 2025
A general outline of how “Agents” differ from other software systems, and what implications those differences have for platform operators.
August 2025
Schema Driven [Smart] Crawling is Cheap and Effective
I wrote a “Smart Crawler” for my own niche deep research platform. Because of the constraints of my problem domain and the approach I used, the costs are impressively low. Source code is available under an MIT license.
Drafts
Unfinished: To impersonate, or not to impersonate?
Some quick heuristics to help decide if setting up the infrastructure to handle ‘On Behalf Of’ is overkill.
I’m working on proposing an Egress Gateway for Kubernetes SIG-Networking to allow for easy configuration
of AI specific policies e.g. uniformly applied guardrails for both local and external inference.
Abandoned approach: PR Instead
Disclaimer: This is my personal blog. The opinions here do not represent my employer.