2026年5月25日 星期一

[AI] 2025-05-25 News

AI News Digest - May 25, 2026

 ai     agents    llm    anthropic  

Summary

The AI industry is entering a more mature phase focused on the practical deployment of "Agentic" systems and deep enterprise integration. Recent updates from Google DeepMind and Antigravity highlight a shift toward autonomous operating systems and models optimized for action rather than just conversation. Anthropic is doubling down on enterprise adoption through partnerships with firms like KPMG while continuing to refine its frontier model safety. Simultaneously, the community, led by figures like Simon Willison, is delivering the modular tools—such as Datasette Agent—necessary for developers to harness these powerful models in specialized environments. GitHub's recognition as a leader in AI coding agents further solidifies the trend of AI becoming a fundamental layer in the software development lifecycle. Overall, the focus has moved from "what can LLMs say" to "what can AI agents reliably do" within production workflows and corporate infrastructure.

AI 行業正進入一個更成熟的階段,重點在於「代理人」(Agentic) 系統的實際部署和深度的企業整合。Google DeepMind 和 Antigravity 最近的更新突顯了向自主操作系統和優化「行動」而非僅僅是「對話」的模型轉變。Anthropic 正在透過與 KPMG 等公司的合作加倍投入企業採用,同時持續完善其前沿模型的安全性。同時,以 Simon Willison 為首的社群正提供模組化工具(例如 Datasette Agent),讓開發者能在專業環境中運用這些強大的模型。GitHub 被認可為企業 AI 編碼代理的領導者,進一步鞏固了 AI 成為軟體開發生命週期中基礎層級的趨勢。總體而言,重點已從「LLM 能說什麼」轉向「AI 代理人在生產工作流和企業基礎設施中能可靠地做什麼」。

Anthropic

Project Glasswing: An initial update

  • Summary: An update on Anthropic's internal initiative to enhance model transparency and safety benchmarks. / 關於 Anthropic 內部旨在提高模型透明度和安全基準的倡議更新。
  • Why it matters: Safety remains a core differentiator for Anthropic as models become more autonomous. / 隨著模型變得更加自主,安全性仍然是 Anthropic 的核心競爭力。
  • Key takeaway: Continued commitment to rigorous testing before full feature rollout for frontier models. / 持續承諾在向大眾推出前沿模型的所有功能之前進行嚴格測試。

KPMG integrates Claude across its core business and workforce

  • Summary: A massive enterprise integration announcement where KPMG will deploy Claude to its thousands of employees. / 一項重大的企業整合公告,KPMG 將向其數千名員工部署 Claude。
  • Why it matters: Validates the readiness of Claude for high-stakes professional services and data-sensitive environments. / 驗證了 Claude 在高風險專業服務和數據敏感環境中的成熟度。
  • Key takeaway: Enterprise adoption is scaling rapidly, moving from pilots to core business integration. / 企業採用正在迅速擴張,從試點轉向核心業務整合。

Google DeepMind

Gemini 3.5: frontier intelligence with action

  • Summary: The latest Gemini release designed specifically to power autonomous agents with high-reliability "actions." / 最新發佈的 Gemini,專為具備高可靠「行動」能力的自主代理人提供動力。
  • Why it matters: Moves Google beyond the "chatbot" paradigm into the "agentic" software era. / 將 Google 推向超越「聊天機器人」模式,進入「代理人」軟體時代。
  • Key takeaway: A fundamental shift toward models that can interface directly with system-level tools. / 朝向能與系統級工具直接對接的模型進行根本性轉變。

Introducing Gemini Omni

  • Summary: A new multimodal model capable of processing and generating audio, video, and text in a single unified stream. / 一款全新的多模態模型,能夠在單一統一流中處理和生成音訊、影片和文字。
  • Why it matters: Enables more natural, low-latency human-AI interaction across different sensory inputs. / 實現了跨越不同感官輸入的更自然、低延遲的人機互動。
  • Key takeaway: Multimodality is becoming "omni-directional," allowing for seamless context switching. / 多模態正變得「全方位」,允許無縫的語境切換。

Simon Willison

Release datasette-agent 0.1a4

  • Summary: A new version of the AI agent for Datasette, focused on improving data exploration and tool usage. / Datasette AI 代理人的新版本,重點在於改進數據探索和工具使用。
  • Practical insight: Modular agents are easier to debug and specialize for specific datasets. / 模組化代理人更容易調試,並針對特定數據集進行專門化。
  • Useful tools or techniques mentioned: Integration with the llm library for flexible backend model switching. / 與 llm 庫整合,實現靈活的後端模型切換。

Release datasette 1.0a30

  • Summary: Significant updates to the core Datasette tool to support the growing ecosystem of AI plugins. / 對 Datasette 核心工具的重大更新,以支持不斷增長的 AI 插件生態系統。
  • Practical insight: Preparing core infrastructure is essential for the "agent-first" future of data tools. / 為「代理優先」的數據工具未來準備核心基礎設施至關重要。
  • Useful tools or techniques mentioned: Improved plugin hooks that allow agents to query and visualize data more effectively. / 改進的插件掛鉤,使代理人能更有效地查詢和視覺化數據。

Google Antigravity

Introducing Google Antigravity 2.0

  • Summary: A major release of the platform designed to build and manage fleets of AI agents. / 該平台的重大版本發佈,旨在構構建和管理 AI 代理集群。
  • Interesting innovation: Features a unified dashboard for monitoring agent health and cost across large deployments. / 具有統一的儀表板,用於跨大規模部署監控代理人的健康狀況和成本。
  • Real-world impact: Simplifies the complexity of managing multiple autonomous agents in a corporate environment. / 簡化了在企業環境中管理多個自主代理人的複雜性。

Google Antigravity Built an OS (and more)

  • Summary: An exploration of a specialized operating system built from the ground up to be AI-native. / 對從頭開始構建的 AI 原生專業操作系統的探索。
  • Interesting innovation: The OS treats the LLM as the kernel scheduler for human-system interactions. / 該操作系統將 LLM 視為人機交互的核心調度程序。
  • Real-world impact: Represents the ultimate goal of the agentic shift: an entire environment designed for AI collaboration. / 代表了代理人轉變的終極目標:為 AI 協作設計的整個環境。

GitHub Copilot

GitHub recognized as a Leader in the Gartner® Magic Quadrant™ for Enterprise AI Coding Agents

  • Summary: GitHub's platform has been officially recognized for its leadership in the emerging AI coding agent market. / GitHub 的平台在緊急的 AI 編碼代理市場中的領導地位已獲得正式認可。
  • Developer productivity impact: Confirms that Copilot is setting the standard for how AI assists in large-scale enterprise development. / 確認了 Copilot 正為 AI 如何協助大規模企業開發設定標準。
  • Important feature or workflow: Focuses on the "Agentic" features like PR summaries and automated refactors. / 重點在於「代理人」功能,如 PR 摘要和自動重構。

Building a general-purpose accessibility agent—and what we learned in the process

  • Summary: Insights from building an agent that helps developers ensure their software is accessible to everyone. / 構建一個幫助開發者確保其軟體對所有人皆可訪問的代理人的心得。
  • Developer productivity impact: Automates a historically manual and error-prone part of the QA process. / 將歷史上繁瑣且容易出錯的 QA 過程自動化。
  • Important feature or workflow: Uses vision and code analysis to proactively suggest accessibility fixes in real-time. / 利用視覺和代碼分析,即時主動地提出無障礙修復建議。

Overall Trends

  • The Rise of the OS-Agent: AI is moving from being an "app" to being the "operating system" or at least a core layer within it. / AI 正從一個「應用程序」轉向「操作系統」,或至少是其中的核心層。
  • Enterprise-Grade Reliability: The focus has shifted toward compliance, transparency, and "actionable" intelligence that businesses can trust. / 重點已轉向企業可信賴的合規性、透明度和「可操作」的智能。
  • Specialized Data Agents: Tools like Datasette Agent show that general-purpose LLMs are most effective when paired with specialized data interfaces. / 像 Datasette Agent 這樣的工具表明,通用 LLM 與專業數據接口配對時最為有效。
張貼者: 沒有留言:

2026年5月19日 星期二

[Go] Concurrency Patterns - for-select loop

The for-select Loop

 golang     concurrency    for-select  

The for-select loop helps a lot in

  • Iterating something into a channel
  • Infinite loop until we tell it to stop

This example uses 2 channels, data is for sending/receiving data, done is the channel to signal the data iteration to stop in certain condition.

func IterateToChannel() {
	data := make(chan string)
	done := make(chan interface{})
	go func() {
		for v := range data {
			fmt.Print(v, " ")

			// Stop the DATA_LOOP if the value is a integer
			if _, err := strconv.Atoi(v); err == nil {
				close(done)
			}
		}
	}()

DATA_LOOP:
	for _, v := range []string{"a", "b", "1", "c"} {
		select {
		case <-done:
			break DATA_LOOP
			// return
		case data <- v:
		}
	}
}


The code prints a b 1 and stops.

Notice that in the above sample code, we can use the default case to write the incoming string to the channel data until the done channel is closed and stop the DATA_LOOP.

DATA_LOOP:
	for _, v := range []string{"a", "b", "1", "c"} {
		select {
		case <-done:
			break DATA_LOOP
        default:
            data <- v
		}
	}


Or do nothing in the default case and exit the select block.

DATA_LOOP:
	for _, v := range []string{"a", "b", "1", "c"} {
		select {
		case <-done:
			break DATA_LOOP
		default:
		}
		data <- v
	}


This example creates a infinite loop to print current time, but the loop will only run 5 times.

func InfiniteLoopThatCanStop() {
	const max int = 5
	counter := 0
	done := make(chan interface{})

LOOP:
	for {
		select {
		case <-done:
			break LOOP
		case <-time.After(1 * time.Second):
			if counter >= max {
				fmt.Println("Time's up")
				close(done)
			} else {
				// Print the current time in GMT format
				fmt.Println(time.Now().UTC().Format(http.TimeFormat))
				counter++
			}
		}
	}
}


張貼者: 沒有留言:

[Go] Concurrency Patterns - Data Protected by Confinement

Data Protected by Confinement

 golang     concurrency    pattern  

Confinement ensures information is only available from one concurrent process. When this is achieved, a concurrent program is implicitly safe and no synchronization is needed.

Consider the following example.

data := []int{1, 2, 3, 4}

loopData := func(handleData chan<- int) {
	defer close(handleData)
	for _, v := range data {
		handleData <- v
	}
}

handleData := make(chan int)
go loopData(handleData)

// This line will cause deadlock
// handleData <- 5

for num := range handleData {
	fmt.Println(num)
}


If somebody adds the line handleData <- 5, the program will be deadlocked because there is another goroutine (which called loopData) was sending message to the channel handleData.

Lexical confinement can solve this problem because it uses lexical scope to expose only the correct data and concurrency primitives for multiple concurrent processes to use. It makes it impossible to do the wrong thing.

Let's update the above sample code with lexical confinemnt pattern:

data := []int{1, 2, 3, 4}

chanOwner := func() <-chan int {
	// Initiate the channel within the lexical scope of the function
	handleData := make(chan int)

	go func() {
		defer close(handleData)
		for _, v := range data {
			handleData <- v
		}
	}()
	return handleData
}

roChan := chanOwner()

for num := range roChan {
	fmt.Println(num)
}


  • The function chanOwner initiates the channel handleData in its lexical scope, and returns the readonly channel.
  • This limits the scope of write aspect of the channel to the closure that only the channel owner can write to channel, other goroutines have no chance to write but only can read from the channel.

In summary, lexical confinement has the following benefits:

  • We don't have to do the data synchorization concurrent code, because synchorization comes a cost and developer may do it wrong without any compiler error.
  • The concurrent code will be simplier to understand than without lexically confined variables and scopes.
  • Sometimes it's hard to establish confinement and we have to fall back to Go concurrency primitives.

張貼者: 沒有留言:

2026年5月14日 星期四

[Git] Sparse Checkout

Sparse Checkout

 git     sparse-checkout  

A subcommand in git used to reduce the files present in the working tree to a subset of all tracked files. Also, the name of the file in the $GIT_DIR/info directory used to track the sparsity patterns corresponding to the user’s desired subset.

Steps

1.Init An Empty Repository

mkdir {project}
cd {project}
git init
git remote add -f origin ssh://git@xxxxx/project.git


Now git updates and fetches the origin without cloning anything.

2.Enable Sparse Checkout

git config --local core.sparseCheckout true


3.Define Sparsity Patterns

Define the sparsity patterns (file paths) that we're only interested.

echo "some/dir/" >> .git/info/sparse-checkout
echo "another/sub/file" >> .git/info/sparse-checkout


Or by the git sparse-checkout set command, notice this overwrite ".git/info/sparse-checkout":

git sparse-checkout set "some/dir/" "another/sub/file


Or by the git sparse-checkout add command that append the path to ".git/info/sparse-checkout":

git sparse-checkout add "some/dir/"
git sparse-checkout add "another/sub/file"


The sparsity patterns supports excluding a path by putting ! before the path.

.git/info/sparse-checkout

/*
!src/


  • /*: includes everything at the root and all subdirectories.
  • !src/: excludes the src/ folder and everything inside it.

4.Completing Sparse Checkout

And after that, we can do pull, switch or checkout to certain branch, and only the pathes defined in ".git/info/sparse-checkout" will be presented in the working tree.

git pull
git switch my-branch
git checkout my-branch


Other Commands

git sparse-checkout list

Show the sparsity patterns defined.

git sparse-checkout reapply

We can change the sparsity patterns anytime by git sparse-checkout command and it will take effect right away. But if we edit the ".git/info/sparse-checkout", remember to re-apply the changes. e.g.

sed -i "/.*log/d" .git/info/sparse-checkout
git sparse-checkout reapply


Reference

張貼者: 沒有留言:

2026年5月13日 星期三

[Git] Gitleaks

Gitleaks

 gitleaks     git    security    sast  

https://github.com/gitleaks/gitleaks

Gitleaks is a SAST(Static Application Security Testing) tool for detecting hardcoded secrets like passwords, API keys, and tokens in Git repositories.

Installation

See https://github.com/gitleaks/gitleaks#installing

The quickest way is using Go.

git clone https://github.com/gitleaks/gitleaks.git \
cd gitleaks \
make build


After build, copy the gitleaks.exe to $GOBIN and check the version.

cp gitleaks.exe $GOBIN/
gitleaks version


Basic concepts

  • Detect mode: scan a repository and report potential secrets.
  • Exit code: by default, Gitleaks exits with a non‑zero code if leaks are found. This is useful for CI pipelines.

Commands

See full list at https://github.com/gitleaks/gitleaks#usage

Syntax:

gitleaks <COMMAND> [FLAGS]


Command Description
completion Generate the autocompletion script for the specified shell
dir scan directories or files for secrets
git scan git repositories for secrets
help Help about any command
stdin detect secrets from stdin
version display gitleaks version

Common flags:

Flag Description
--source PATH_OR_URL what to scan (local path or remote Git URL).
--report-path FILE where to write the JSON report.
--redact hide secret values in the output.
--no-git scan files as a regular directory (ignore Git history).

Gitleaks Configuration

Default configuration(rules and allowlist) is at gitleaks.toml. You can use your custom configuration by flag --config <CONFIG_PATH>. e.g.

gitleaks detect --source . --config ~/gitleaks.toml --redact


Audit a local repository

From the repository root

Change into your repo and run:

gitleaks detect --source . --redact


  • Scans the entire Git history of the repo
  • Prints findings to stdout
  • Redacts secret values in the output

Save a JSON report

gitleaks detect \
  --source . \
  --redact \
  --report-path gitleaks-report.json


You can then open gitleaks-report.json in any JSON viewer or feed it into other tools.

Scan only current files (no Git history)

The flag --no-git makes gitleaks only scans the current working tree.

gitleaks detect \
    --source . \
    --no-git \
    --redact \
    --report-path gitleaks-report.json


Audit a remote repository (e.g., GitHub)

We can scan a remote repository in two ways:

  1. Manually clone it, then scan locally (recommended for repeat scans)
    • You want to scan the same repo multiple times.
    • You want to commit the gitleaks.toml config into the repo.
  2. Let Gitleaks clone it on the fly (recommended for quick checks)

Scan Remote Repo by URL (no manual clone)

You can point --source directly at a Git URL.

Public Repository

gitleaks detect \
  --source https://github.com/OWNER/REPO.git \
  --redact
  --report-path gitleaks-OWNER-REPO-report.json


Gitleaks will:

  • Clone the repo into a temporary directory
  • Scan its history
  • Remove the temporary clone after completion

Private Repository

For private repositories you must provide credentials (for example, a GitHub Personal Access Token via environment variables or your Git credential helper).

e.g. Using a GitHub token in the URL:

gitleaks detect \
  --source https://GITHUB_TOKEN@github.com/OWNER/REPO.git \
  --redact


For long-term usage, consider the safer approaches:

  • Use environment variables and avoid hardcoding tokens in scripts.
  • Use the CI tools, like GitHub Action.

Exit codes and CI integration

Gitleaks returns different exit codes depending on the result of the scan

  • 0 = no leaks found
  • non-zero = leaks or errors

This behavior makes it easy to integrate into CI pipelines (GitHub Actions, GitLab CI, etc.):

  • Pass: No secrets detected → pipeline continues
  • Fail: Secrets detected → pipeline fails, forcing remediation

Typical CI command:

gitleaks detect --source . --redact --report-path gitleaks-report.json


張貼者: 沒有留言:
訂閱: 文章 (Atom)