Peter's Griddle

Achieving some form of digital autonomy or sovereignty is a wicked problem, too large to handle in one go. Let’s start therefore with the main actors, and what is at stake for them. We can then talk about how digital autonomy allows these actors to collaborate and compete, and therefore impacts the risks they see. Elsewhere, I write about international actors, and this story builds on that. All actors (e.g. governments, companies) perceive IT risk in their own way. Generally though, they include the standard IT risks (confidentiality, integrity, and availability). Beyond that, there is the risk of failing to capture the value of new technology, and failure to exercise governance and control over relevant other actors. ...

A badge on the wall: repurposing hacker camp hardware as a home energy display I wanted a wall display for my house’s energy. Not an app, but something glanceable, always on, no clicks required. Apparently that’s harder to buy than it sounds. On a sunny day, it makes sense to turn on energy-intensive appliances such as washing machines, because the energy surplus from our solar panels earns us almost nothing. ...

Have you ever been called an amateur? It stings. It shouldn’t be. Amateurs The label ‘amateur’ has a negative feel, it refers to unskilled workers, hobbyists, and poor results. But the word actually derives from the Latin ‘amare’, meaning to love. So an amateur is somebody who is doing it for the love of it. They come to their work for play, for fun, and discovery. When it comes to the quality of their work, they are setting the bar for themselves only. ...

I am trying to figure out where the pendulum for AI LLM inference hosting will swing to. Will we have more cloud service usage of the cloud hyperscalers, or will inferencing be on local devices such as laptops or in corporate datacenter? Here is my thinking. I believe Moore’s law will be relevant for a few more years, implying that an affordable supply of local capacity will grow. I also believe that there is a minimum LLM size to make them functional, in the same way that there is a minimum number of bytes for a decent picture or audible sound. But above a certain size, there is going to be a diminishing return. Depending on the scenario, we are talking about billions to trillions of parameters in the LLM. ...

Angkor Wat (Cambodia) is the world’s largest religious building and site. Built in the 12th century, it is still a stunning building, featuring high symmetry and perfect north-south alignment. As I was visiting this and other temples, I got to think about architectural integrity. For example, Angkor Wat has 4 major towers around a central tower. I call that an architectural feature. Symmetry like this does not happen automatically. It takes an architect and good execution, in other words carefully controlled power, to realize this. As a visitor, you notice, maybe only subconsciously, that great power was required to construct such a building. The building is a symbol of power. ...

I was chatting with an AI agent about its own configuration, and it answered with surprising confidence. Then I thought: wait. How would it even know that? This post is about what I found when I went looking. Nanobot is a deliberately simpler version of OpenClaw. If you haven’t heard about it, OpenClaw is an AI agent running on your behalf 24/7, potentially having all your credentials. This is possibly the piece of software with the steepest adoption curve of all time, it got to over 1 million active users in 1 week. Potentially it is also one of the biggest IT security dramas of all time. Because the more powerful they are, the more risky they become. ...

I wanted to experiment with AI automation while also paying particular attention to security concerns. Security is something I take seriously (I delivered cloud security training for more than 10 years), and the power that AI has is very scary. There are lots of frameworks related to AI security, and I feel that it is hard to apply them to the real world. For example how would you mitigate LLM06 – Sensitive Information Disclosure, or ASI05 - Inadequate Guardrails and Sandboxing from the OWASP guidelines? ...

As 2025 ends, I reflected on the major topics that I see evolving in my practice. They are digital sovereignty and AI security, in particular the security of AI agent systems. These are systems where AI is not just used as an advanced data processor, but is undertaking autonomous actions. I focus specifically on so-called wicked problems: problems that do not have simple solution because they are intertwined with many other issues and conflicting interests. ...

After coding a demo application with Claude Flow it was time to do a larger project. Claude Flow allows the distribution of coding work over a variety of agents. Each of the agents has a specific role in the project, such as coder, tester, analyst, and others. These agents create stuff, inform each other, and check each other’s results. But even after a few projects, I still find it difficult to grasp the subtleties and intricacies of its various agents, components and options. ...

How can you use cloud security lessons to better secure AI? This is what is keeping some of my clients busy recently. Arguably the most important concept in cloud security is the allocation of responsibilities across the independent actors that contribute to any digital service. Often referred to as ‘shared responsibility’, this is about ‘who does what?’. For example, in an IaaS service model, the provider does the physical security of servers, offers a variety of network isolation options, and so forth. The IaaS consumer’s job is to use those features to, for example, organize logical server access, so only authorized access is permitted. In contrast, many mistakenly think it is the provider’s job to secure and update the operating system. It is not, in an IaaS model, it is the consumer’s job. ...