Peter's Griddle

After coding a demo application with Claude Flow it was time to do a larger project. Claude Flow allows the distribution of coding work over a variety of agents. Each of the agents has a specific role in the project, such as coder, tester, analyst, and others. These agents create stuff, inform each other, and check each other’s results. But even after a few projects, I still find it difficult to grasp the subtleties and intricacies of its various agents, components and options. ...

How can you use cloud security lessons to better secure AI? This is what is keeping some of my clients busy recently. Arguably the most important concept in cloud security is the allocation of responsibilities across the independent actors that contribute to any digital service. Often referred to as ‘shared responsibility’, this is about ‘who does what?’. For example, in an IaaS service model, the provider does the physical security of servers, offers a variety of network isolation options, and so forth. The IaaS consumer’s job is to use those features to, for example, organize logical server access, so only authorized access is permitted. In contrast, many mistakenly think it is the provider’s job to secure and update the operating system. It is not, in an IaaS model, it is the consumer’s job. ...

My AI coding journey continues. My first version of the Tic-Tac-Toe game took some time to get right even though I already applied some serious automated top-down design. As explained, understanding feedback loops is crucial for correcting errors. Part of this is using explicit tests for desirable outcomes. A process for test-driven design would be even better. The main question from that experience was: How can we let the AI check itself? ...

For the book, here is the link: https://digitalinfrastructures.nl. PDF: How to bluff your way into Zero Trust PDF: Using deployment diagrams to explain architecture and security to everybody. The presentations are also online in the WHY2025 YouTube channel and at the CCC. More on deployment diagrams in the book, in which you can search. Find me on LinkedIN or Mastodon @petersgriddle@fosstodon.org.

Here is how I AI-coded a fully functional Tic-Tac-Toe web game without looking at a single line of code or manually identifying a GUI or logic error. I ran Claude Code (Pro) in VS Code without any other IDE/AI tooling. But it takes some effort and discipline to get there. The core idea is to be very specific and use an opinionated environment that includes extensive automated testing. The Agentic AI way Many people are researching this, all with slightly different approaches. There are a variety of ways to do more or less the same thing. Here are some of the interesting approaches I found. Interestingly, they all popped up in the first half of 2025. ...

The approach People call LLMs statistical completion engines and that they therefore cannot write computer code. While the first may be true, the conclusion not necessarily follows. My answer to this question: let’s try this out! Inspired by modern discoveries in, for example, context engineering and swarm coding (references to come) I decided to give AI assisted coding a shot. I had a little used SaaS application (an LMS) that was nevertheless costing serious money. Yet, completely killing it was not an option. It was relatively easy to extract the Gigabytes of content in there, also through a bit of AI assistance. So I decided to rebuild the app, or at least a minimal version of it. Of many options, I selected Claude as my coding assistant. ...

My AI-supported risk analysis assistant mirrors a common pitfall in risk management: focusing on irrelevant controls rather than genuine threats. I have created a risk analyst AI based on industry best practices, or so I assume. This is part of a quest toward more compliance automation, because as an industry we are falling behind in security. I am running through a simple example of a chatbot that answers questions over a nonsensitive dataset. The analyst dives deep into questions on all kinds of controls that, in my view, are quite irrelevant to the risk at the business level. ...

What is the problem with the image that Zero Trust based information security brings along? Once you understand the principles, and they are not really difficult, it is obvious that only ZT can lead us to a more secure cyber future. So, what is holding us back? Here are some of the misconceptions: “It is a boatload of work, so let’s not start.” Truth: yes, fully securing your IT with all its technical debt is a boatload of work. That is exactly the reason why you need ZT, so that you know where you can get started quickly, and be more secure before the last hole is plugged. ...

This is the dawn of a new age. I have been observing software development for more than fifty years, ever since I wrote my first computer program. In that entire time, I have never witnessed a development that has changed the profession deeper, faster, or more pervasively than now. AI-assisted coding has escaped from the lab, and is impacting the work of every software developer. In the communities I track I hear stories of software engineers regret taking a single week of vacation because of the innovations that they now have to catch up to. ...

If you build software for a living, generative AI may be a scary development, as it has the potential to take over a lot of software creation. But I think it depends on what you see as the job of creating software. A coder in the world of IT is somebody who writes code in some programming language. More typically they modify code instead of writing it from scratch. This is in response to bugs, feature requests, and so on. In the age of AI, a lot of coding can be automated. We have seen many examples of AI generating lots of code based on fairly compact specifications. ...