Page 8
12 articlesSecurity by Obscurity and the Agent Reading Your Wiki
An internal endpoint stayed safe for a decade because nobody could find it. Then an agent indexed the wiki. Here is what changes when obscurity stops being a time tax.
The Approval Queue That Became Your Critical Path
When you put a human between an agent and an irreversible action, you have not added a safety primitive. You have added a queue with throughput limits, an availability profile, and a quality-versus-load curve. Here is how that becomes the P0 nobody scoped.
The Backpressure Signal Your Inference Provider Refuses to Send
Between 200 and 429 lies a dead zone where every LLM client overshoots in lockstep. The missing load-pressure header is a protocol gap, not a client-side bug.
The Branch State Your Coding Agent Forgot to Check
Coding agents reason against a snapshot of git state that goes stale silently. Worktrees, turn-preludes, branch pinning, and snapshot-and-restore turn that silent drift into a loud signal.
The Browser Selector Your Agent Memorized
Computer-use agents that memorize CSS paths are signing up for silent failure. A look at selector decay, semantic anchors, vision-grounded fallback, and why a stored selector is a bet on a rendering decision the agent does not control.
The Chunk Boundary That Bisected the Sentence Your Answer Depended On
Fixed-size token chunking cuts critical clauses in half, and neither fragment retrieves alone. A look at why the failure is invisible to standard evals and which chunking strategies actually close the gap.
The Coding Agent That Passes Locally and Fails in CI
Coding agents inherit your laptop's warm environment and ship diffs that pass locally then fail in CI. The fix is a repo-level environment contract, a pre-flight parity check, and grading on dev-vs-CI divergence.
The Conversation Tree Your Server Stored As A Log
Chat UIs let users edit and regenerate messages while backends quietly append every revision to a linear log — so the model answers the conversation the user thought they took back.
The Customer Who Cancelled Because Your Agent Was Too Confident
Overconfident AI agents do not lose renewals at the survey — they lose them six weeks later at the renewal call. Treating confidence display as a versioned product surface, not a stylistic accident.
The Demo You Recorded in March Was the Last Time It Worked
Recorded sales demos become liability surfaces as model snapshots, prompts, tool catalogs, and retrieval substrates drift underneath them. A demo manifest plus a nightly eval suite turns recordings into testable behavioral commitments.
The Eval Set That Started Leaking Into Your Prompt
How few-shot retrieval and a shared CSV quietly turn a careful eval bank into the in-context examples you serve — and the storage-layer separation that stops it.
The Finish Reason Your Code Never Inspects
Every inference API returns a stop signal alongside the text. Ignoring it is the same shape of bug as ignoring HTTP status codes — and your dashboard cannot see the failures it causes.
About Tian Pan
I'm Tian Pan, an engineer-founder focused on agentic engineering — building autonomous AI systems and scaling engineering teams. I write practical guides on system design, technical leadership, and shipping with AI agents. Previously an early engineer at Uber, Brex, and IoTeX.
