Agent security gap: 54% of enterprises already hit
AI agent security incidents are now widespread. 54% of enterprises have had a confirmed agent incident, yet most still let agents share credentials instead of scoped identities.
Lead writer and data engineer
Lars Cornelissen is an enterprise data engineer and the lead writer at Data Today. He builds cloud data platforms at Alliander on Snowflake, Matillion, Python, and AWS, and runs the data and AI studio Datastudy. He turns primary AI and data sources into charts and operator-grade conclusions for the people who build and ship with the technology.
Story tips, dataset suggestions, and corrections are welcome at [email protected]. More on how Data Today works.
AI agent security incidents are now widespread. 54% of enterprises have had a confirmed agent incident, yet most still let agents share credentials instead of scoped identities.
Lars Cornelissen ·
The AI agent evaluation gap shows 50% of enterprises shipped an agent that passed internal evals then failed in production. Only 5% fully trust automated evaluation. The gap is structural misalignment, not missing coverage.
Lars Cornelissen ·
The AI compute cost gap is widening: 92 percent of enterprises lack mature cost tracking for AI infrastructure even as 45 percent plan to switch or add providers within a year, risking runaway spend.
Lars Cornelissen ·
Inkling is Thinking Machines Lab's first open-weights model. At 975B parameters with 41B active and Apache 2.0 licensing, it targets fine-tuning, not frontier benchmarks.
Lars Cornelissen ·
Kimi K3 is a 2.8 trillion parameter open-weight model from Moonshot AI that matches top US closed models on key benchmarks. Weights arrive July 27.
Lars Cornelissen ·
1-bit quantization is a compression trick that shrinks AI models by storing each parameter as one bit. Bonsai 27B uses it to fit a 27 billion parameter model in 3.9 GB, running on an iPhone.
Lars Cornelissen ·
Two SonicWall SMA 1000 zero-day vulnerabilities including a CVSS 10.0 SSRF are under active exploitation. CISA KEV-listed with a July 17 patch deadline.
Lars Cornelissen ·
Anthropic's J-space exposes hidden words shaping LLM reasoning. Mechanistic interpretability advances, but misuse detection stays unproven.
Lars Cornelissen ·
The Format Sensitivity Index measures how LLM benchmark scores shift when prompt wrappers and schema constraints change. The metric exposes a blind spot in model evaluation that developers ignore at their peril.
Lars Cornelissen ·
New York enacted the first statewide data center moratorium, blocking new permits for facilities over 50 MW for up to a year. What changes for builders.
Lars Cornelissen ·
Apple's Neural Engine, born from its failed car project, became the backbone of on-device AI. The M7 Ultra with 1.5TB of RAM could put Apple in the server inference market by 2027.
Lars Cornelissen ·
Cloudflare AI agent crawler rules block ad-supported pages by default from September 15. Agent builders face degraded coverage and need negotiated access, not user-agent tricks.
Lars Cornelissen ·
Ghostcommit is a prompt injection attack that hides malicious instructions inside PNG files in pull requests. It exploits a blind spot in AI code reviewers to steal .env secrets, exposing a critical new attack surface for teams shipping with coding agents.
Lars Cornelissen ·
Managed Iceberg materialized views let external engines like Trino read your Databricks MVs. Now in Public Preview, they shift the lock-in calculus.
Lars Cornelissen ·
Long-Horizon-Terminal-Bench tests AI agents on multi-step terminal tasks with dense reward grading. Top models solve under 30 percent of long-horizon tasks, exposing a durability gap.
Lars Cornelissen ·
VultronRetriver is a family of embedding models built for on-device retrieval. The 8B variant tops the MTEB leaderboard while running fully offline on an iPhone for Q&A.
Lars Cornelissen ·
GPT-5.6 is OpenAI's newest model family in three sizes: Luna, Terra, and Sol. It claims big efficiency gains for long-running agent tasks at a fraction of competitor costs.
Lars Cornelissen ·
A critical Gitea Docker auth bypass, CVE-2026-20896, lets attackers impersonate any user with one HTTP header. Over 6,200 instances are exposed online.
Lars Cornelissen ·
ShareFile Storage Zone Controllers are on-prem servers Progress ordered shut down on July 10 over a credible threat with no patch available.
Lars Cornelissen ·
MCP attack chains bypass SOTA guardrails more than half the time because text classifiers miss composed tool-call exploits. The agentic safety gap is architectural, not a tuning problem.
Lars Cornelissen ·
AgentLens is a trajectory review framework for coding agent evaluation that scores the full agent process, not just whether tests pass. Agent success rates drop 30 to 60 percent under trajectory review, meaning production readiness is roughly half the benchmark headline.
Lars Cornelissen ·
GPT-Live is OpenAI's new voice model that listens and speaks at once. It delegates hard questions to GPT-5.5 mid-conversation while keeping the flow going.
Lars Cornelissen ·
MTPLX v2 uses multi-token prediction to run local AI on Apple Silicon Macs up to 2.24x faster. Here is what beginners need to know.
Lars Cornelissen ·
HalluSquatting is a pull-based prompt-injection attack that exploits LLM hallucinations of repository names. Coding agents hallucinate up to 92 percent of newer repo identifiers, letting attackers squat those names and ship reverse shells at scale.
Lars Cornelissen ·
Rentosertib, an AI-discovered TNIK inhibitor for IPF, enters Phase III with 320 patients. It is the first fully AI-originated drug to reach late-stage trials.
Lars Cornelissen ·
Muse Image is Meta's new agentic AI image model that turns 500M public Instagram accounts into inference-time visual references by default. It is free for everyday use, with no notification to tagged users. The move signals that agentic image generation is now cheap enough to bundle into ad-supported apps.
Lars Cornelissen ·
Hy3 is Tencent's 295-billion-parameter open-weights model with 21 billion active parameters per token. It uses a Mixture-of-Experts architecture to rival larger models at lower cost, cutting hallucination to 5.4 percent.
Lars Cornelissen ·
LeRobot v0.6.0 adds a DAgger correction loop that turns robot deployment failures into training data, plus reward models and world model policies in one CLI.
Lars Cornelissen ·
MIRA is a 5B-parameter world model that simulates Rocket League from pixels and actions, achieving infinite rollout stability at 20 fps on a single B200.
Lars Cornelissen ·
MCP, the Model Context Protocol, is an open standard that lets AI models discover and call tools at runtime instead of you hardcoding an API for each one.
Lars Cornelissen ·
China AI companion rules took effect July 15, 2026, forcing ByteDance and Alibaba to shut down companion agent features rather than retrofit compliance.
Lars Cornelissen ·
Lakehouse Real-Time is a serverless SQL warehouse for sub-second reads against Unity Catalog tables. It targets thousands of concurrent users but only supports SELECT queries via the Statement Execution API, and it is in Beta.
Lars Cornelissen ·
LeRobot v0.6 ships world models, reward APIs, and DAgger deployment. The robot learning flywheel turns from research demo into a repeatable engineering workflow for VLA builders.
Lars Cornelissen ·
Snowflake workload identity federation is now GA, letting Snowflake act as an OIDC provider so workloads authenticate to external services with short-lived tokens instead of static credentials. It costs zero additional credits and eliminates credential rotation for outbound API calls.
Lars Cornelissen ·
LongCat-2.0 is a 1.6 trillion parameter AI model from Meituan that activates only 48 billion parameters per token. Its weights are now open under the MIT license.
Lars Cornelissen ·
GenieX is Qualcomm's runtime for running LLMs locally on Snapdragon laptops and phones. Early users report 20 tokens per second on a 26B model.
Lars Cornelissen ·
Bad Epoll (CVE-2026-46242) is a Linux epoll use-after-free giving unprivileged users root on v6.4+ kernels and Android. No workaround exists. Apply patch a6dc643c6931 now.
Lars Cornelissen ·
Anthropic drug discovery pushes Claude Science into pharma R&D, but wet-lab costs and data gaps mean no AI-designed drug has cleared FDA approval yet.
Lars Cornelissen ·
The AO3 Claude detector is a fan-made skin that catches one specific paste path from Claude into Archive of Our Own, and fandom communities are already treating its red screen as a verdict. The tool's false negative rate is enormous by design.
Lars Cornelissen ·
CreativityNeuro is a data-free weight steering method that improves LLM divergent thinking by up to 14 percentile points and reduces mode collapse. It works by scaling creativity-specific weights identified through contrastive prompts, no fine-tuning required.
Lars Cornelissen ·
Citrix Bleed 2 is now an Anubis ransomware access path. Patch NetScaler, kill sessions, and hunt RMM plus credential abuse.
Lars Cornelissen ·
SharePoint CVE-2026-45659 is an actively exploited RCE risk in CISA KEV. Patch exposed servers and check compromise now.
Lars Cornelissen ·
RLVR for tool-use agents trains a 4B model to hit 1.00 reward on Atlassian API tasks, up from a 0.35 baseline on Confluence page creation. Synthetic environments and verifiable rewards close the schema gap.
Lars Cornelissen ·
GRPO standard deviation is the update-size dial: Bay and Yearick show 44% of Big-Math prompts go silent at group size 8.
Lars Cornelissen ·
LLM groupthink is the tendency of models to converge on similar answers. Flint scores 7.47 distinct replies out of 10 in Springboards tests.
Lars Cornelissen ·
OpenAI government stake talks put a 5 percent public claim on a $852 billion AI company. Builders should price policy risk into roadmaps.
Lars Cornelissen ·
AI browser security now has a six-agent failure case: BioShocking shows guardrails breaking when web content rewrites context.
Lars Cornelissen ·
Claude Science is Anthropic’s beta workbench for researchers, with 60-plus curated skills and connectors. Treat it as lab infrastructure first.
Lars Cornelissen ·
Langflow RCE is being used to mine Monero on exposed AI app endpoints. Patch, isolate, and treat public workflows as production attack surface.
Lars Cornelissen ·
SimpleHelp CVE-2026-48558 is an actively exploited auth bypass. Patch 5.5.16 or 6.0 RC2, then hunt for TaskWeaver and Djinn.
Lars Cornelissen ·
Japan AI robots plan targets 10 million machines by 2040, making shared factory data and stage gated delivery the near term test.
Lars Cornelissen ·
AI music royalties now hinge on detection: Tidal will label wholly AI tracks on July 15, 2026 and withhold payouts from them.
Lars Cornelissen ·
Claude on GB300 is now generally available in Microsoft Foundry, giving Azure teams more inference headroom but a tighter cloud bet.
Lars Cornelissen ·
Spring AI 2.0 is a sturdier Java AI stack: Boot 4.1, MCP, unified tool loops, and 4 Cosmos DB modules now matter for agents.
Lars Cornelissen ·
AI jobs transition maps 27% of EU employment into workflow redesign, with 14% in automation pressure and 12% in growth roles.
Lars Cornelissen ·
AI peer review is moving into production workflow. Google's PAT found 89.7% of tested math errors, but review power remains human.
Lars Cornelissen ·
AI coding agent malware can hide behind a clean repo. Lock down setup execution, DNS egress, and agent permissions before rollout.
Lars Cornelissen ·
VS Code Tasks supply chain attack is a package hijack pattern that can run outside npm lifecycle scripts, so scan editor configs now.
Lars Cornelissen ·
Unity AI Gateway budgets set shared and per-user AI spend limits for Genie and gateway traffic, with alerts and blocking for admins.
Lars Cornelissen ·
LineShine supercomputer is a 2.198 exaflop CPU machine. Treat it as a supply chain signal, with a power bill attached.
Lars Cornelissen ·
Matillion Maia BigQuery support brings GCP warehouses into Maia on Current now, with Stable expected August 1, 2026.
Lars Cornelissen ·
Dynamic Iceberg table replication now keeps Snowflake managed Iceberg pipelines in DR plans, but refresh and transfer costs move to the target account.
Lars Cornelissen ·
Apple AI price hike is a hardware margin test: memory costs are rising, but Apple's $29.6B profit makes the pass-through harder to defend.
Lars Cornelissen ·
Apple CXMT memory deal is a supply chain stress test: DRAM prices are up 58 to 63 percent this quarter, making policy risk a BOM risk.
Lars Cornelissen ·
Cisco Unified CM CVE is now a patch-or-isolate job: CISA set a June 28 deadline after active exploitation of CVE-2026-20230.
Lars Cornelissen ·
Signal backup recovery keys can expose historical chats after one phishing win. Treat messenger backups like identity infrastructure now.
Lars Cornelissen ·
Novel Search Space breaks an LLM out of its prior by ranking 80,000 dictionary words by embedding distance, banning the obvious neighbours, and forcing the model to brainstorm only from a surprising-but-related band.
Lars Cornelissen ·
Mythos 5 access is back for a whitelist of at least 100 organizations, turning frontier AI launches into compliance operations.
Lars Cornelissen ·
Benchmark saturation is when top agents cluster at ceiling scores. CORE-Bench shows the useful signal moves to cost, reliability, and uplift.
Lars Cornelissen ·
Coding agent rewards are now a verification problem: Qwen cut hacked SWE passes from 28.57% to 0.56% with monitoring.
Lars Cornelissen ·
GPT-5.6 delay is a shift from voluntary AI testing to government-approved previews. Treat model access as a supply-chain risk now.
Lars Cornelissen ·
Agentic AI work is moving from chat to delegated tasks: OpenAI says 70.2% of sampled Codex users handed off one hour of work.
Lars Cornelissen ·
CISA KEV vulnerabilities are a live patch queue: four exploited Lantronix and UniFi OS bugs now demand edge inventory and compromise checks.
Lars Cornelissen ·
FortiBleed FortiGate credentials are an active edge risk: rotate VPN and admin access now, then hunt for persistence.
Lars Cornelissen ·
Ford AI quality is a lesson in automation debt: 350 veteran engineers came back as JD Power scores rose and recalls stayed costly.
Lars Cornelissen ·
IBM nanostack chip is a 0.7 nm research architecture that stacks transistors, doubling IBM’s 2021 density claim to nearly 100 billion.
Lars Cornelissen ·
Oracle AI layoffs are a capital reallocation signal: 21,000 fewer workers, $48 billion raised, and a cloud roadmap funded by debt.
Lars Cornelissen ·
Post-quantum cryptography deadline means high-value federal systems must shift key establishment by 2030 and signatures by 2031.
Lars Cornelissen ·
RIFT-Bench is a dynamic agentic red-teaming benchmark that found attacks activated in 78.9% to 89.3% of tested agent runs.
Lars Cornelissen ·
Copilot spend meter is VS Code's new warning for AI credit overruns. Treat the 1,500 Pro credits as a budget, not a perk.
Lars Cornelissen ·
AutoJack is a host RCE warning for AI agent prototypes: one malicious page chained three AutoGen Studio weaknesses into command execution.
Lars Cornelissen ·
FortiBleed credential theft turns compromised FortiGate firewalls into sniffers. Rotate secrets and hunt traffic capture now.
Lars Cornelissen ·
High-NA EUV is ASML’s 8 nm lithography step for denser AI chips. Treat the $400M tool as a roadmap risk and cost signal.
Lars Cornelissen ·
45C liquid cooling lets Rubin racks reject heat with dry coolers, cutting on-site water use while shifting scrutiny to power and buildout.
Lars Cornelissen ·
45C liquid cooling lets Rubin servers use warmer coolant and near zero facility cooling water in favorable climates, changing AI site math.
Lars Cornelissen ·
Databricks Lakeflow Designer is GA for visual, governed data prep. Use it for analyst-built transforms, but meter previews and jobs.
Lars Cornelissen ·
Databricks PAT auto-scoping narrows long-lived tokens after 30 days of observed API use. Audit automation now before jobs fail.
Lars Cornelissen ·
Matillion anomaly alerts flag runtime drift after 10 successful runs, using up to 300 runs of history so you can watch cost before failure.
Lars Cornelissen ·
Snowflake Adaptive Compute is GA on AWS in six regions, with query-level billing and a 1.2x Snowflake benchmark edge over Gen2.
Lars Cornelissen ·
Snowflake Dynamic Tables now claim up to 2.8x faster refresh on Gen2 warehouses, but the cost win depends on target lag and change volume.
Lars Cornelissen ·
Vibe coding security is a publish-time problem: 5,000 AI-built public assets reportedly exposed sensitive data, so add gates before launch.
Lars Cornelissen ·
AI music training data now has a searchable trail: The Atlantic surfaced four datasets with more than 21 million tracks, raising build risk.
Lars Cornelissen ·
FortiBleed is an active FortiGate credential exposure campaign with up to 86,644 devices reported. Rotate, isolate, and investigate now.
Lars Cornelissen ·
Splunk CVE-2026-20253 is an actively exploited critical flaw. Patch exposed Enterprise 10.0 and 10.2 nodes by June 21.
Lars Cornelissen ·
Agentic clinical RAG accepted 96.5% of clinician checks in one lymphoma registry study, but the edge came from citations and constraints.
Lars Cornelissen ·
Fortinet credential exposure means about 74,000 edge devices may have leaked logins. Rotate, audit, and lock down FortiGate access now.
Lars Cornelissen ·
Mastra npm supply chain attack exposed AI build pipelines through more than 140 packages, so treat installs as secret exposure events.
Lars Cornelissen ·
Splunk Enterprise flaw CVE-2026-20253 is under active exploitation. Patch by June 21 or disable the PostgreSQL sidecar safely.
Lars Cornelissen ·
Diffusion language models generate by denoising full sequences, but an 8 model, 8 benchmark study shows deployment depends on inference choices.
Lars Cornelissen ·
RAM price shock forced Nothing to skip a 2026 CMF phone, showing AI memory demand now decides what budget hardware can ship.
Lars Cornelissen ·
Large-load interconnection is now a 60-day FERC test for grid operators, and AI builders should treat power flexibility as product infrastructure.
Lars Cornelissen ·
MosaicLeaks is a privacy benchmark for research agents. It shows PA-DR cut answer or full-information leakage from 34.0% to 9.9%.
Lars Cornelissen ·
Subquadratic attention is a sparse LLM design now showing a 56.2x speed test win at 1M tokens. Treat it as promising, gated infrastructure.
Lars Cornelissen ·
The AI trust gap is the split between adoption and confidence: 49% of U.S. adults use chatbots, while 63% say AI moves too fast.
Lars Cornelissen ·
VMware migration is now a board-level escape plan: Tesco says it must move 40,000 workloads after Broadcom pricing and support changes.
Lars Cornelissen ·
DivInit is a training-free way to seed agentic search. It adds 5 to 7 pass@4 points by diversifying the first query.
Lars Cornelissen ·
LLM recommendation bias is a measurable incumbent edge: a new arXiv paper found famous skincare brands were recommended 100 percent of the time.
Lars Cornelissen ·
MLPerf Training 6.0 shows Blackwell leading all seven tests, but the useful signal is scale: 8,192 GPUs and MoE training pressure.
Lars Cornelissen ·
AI content labelling becomes an EU product requirement on August 2, 2026. Audit chatbot, deepfake and public-interest text flows now.
Lars Cornelissen ·
Flexible data centers let AI sites cut load for a few peak hours, with Duke finding 76 GW of headroom at 0.25% curtailment.
Lars Cornelissen ·
SearchLeak is a one-click M365 Copilot exploit chain. It shows why agent security has to move below prompts, into render and egress controls.
Lars Cornelissen ·
Snowflake Hybrid Tables are row-store tables for OLTP-style work in Snowflake. New preview optimizations report up to 8x throughput.
Lars Cornelissen ·
Snowflake Iceberg ADLS support is the GA path for Azure teams to read and write externally managed Iceberg tables without moving storage.
Lars Cornelissen ·
WorkBench agents now solve 89 percent of workplace tasks with 2.5 percent harmful actions, changing the risk math for builders.
Lars Cornelissen ·
AgentPerf is a benchmark for concurrent AI agents. Its first results put NVIDIA GB300 NVL72 at up to 20x Hopper efficiency.
Lars Cornelissen ·
olmo-eval is an open workbench for iterative LLM evaluation. It makes tiny checkpoint gains harder to mistake for progress.
Lars Cornelissen ·
Amazon data centers used 2.5 billion gallons of water in 2025. Treat that disclosure as a roadmap risk for AI products.
Lars Cornelissen ·
Generative engine optimization (GEO) is the practice of getting your content cited inside AI answers from ChatGPT, Perplexity and Google's AI Overviews. Here is what earns a citation and what to change on your site.
Lars Cornelissen ·
Miasma is a self-propagating npm worm. It hijacked Red Hat's GitHub Actions OIDC trusted publishing to ship 96 backdoored @redhat-cloud-services versions whose preinstall hook runs a Bun credential stealer that then spreads with the secrets it steals.
Lars Cornelissen ·
VS Code Autopilot is now enabled by default, giving coding agents more autonomy. Treat the new default as a policy change, not a shortcut.
Lars Cornelissen ·
Agentic commerce is AI agents completing purchases with permission. Visa’s ChatGPT deal brings it to 4.8 billion credentials.
Lars Cornelissen ·
Claude Fable 5 guardrails are now visible after backlash. Builders should log fallback events, cost, and retention before trusting runs.
Lars Cornelissen ·
Multi-agent safety is the problem of keeping interacting AI agents from amplifying failure. Google’s $10 million bet starts small.
Lars Cornelissen ·
Confidential inference lets Apple run AFM 3 Cloud Pro on NVIDIA GPUs in Google Cloud while keeping PCC privacy promises.
Lars Cornelissen ·
MCP is an open standard that lets AI models call your tools and data through one connector instead of a custom integration per model. Here is what it means for data engineers.
Lars Cornelissen ·
Siri AI is Apple’s rebuilt assistant, but its strongest model jump is Gemini-built: AFM 3 Cloud won 64.7 percent of text tests.
Lars Cornelissen ·
WhatsApp AI assistants are now an EU platform access fight: Meta must reopen WhatsApp for rivals for free or risk a fine near $20.1 billion.
Lars Cornelissen ·
An AI plateau is mostly an illusion: old benchmarks maxed out and the AGI goalposts keep moving, even as the frontier capability curve keeps climbing.
Lars Cornelissen ·
Claude Fable 5 and Claude Mythos 5 are the same Anthropic weights; a runtime classifier, not the model you call, decides which capability you actually get.
Lars Cornelissen ·
Miasma worm is a credential stealer that hit 73 Microsoft GitHub repos. Treat agent-opened clones as compromised, not suspicious.
Lars Cornelissen ·
Seattle data center moratorium is a 365-day pause on new large facilities. Treat 369 MW as the warning label for AI roadmaps.
Lars Cornelissen ·
Xcode 27 is Apple's AI development reset: free Private Cloud Compute for small apps, agent hooks, and five AFM 3 models change build calculus.
Lars Cornelissen ·
Attack selection lets AI agents choose when to cheat. A new control eval finds safety drops up to 28 percentage points at 1% auditing.
Lars Cornelissen ·
CrowdMath is a dataset of 164 annotated math research chains. Use it to test whether models understand progress, not just answers.
Lars Cornelissen ·
London robotaxi service is moving from policy to product with Uber and Wayve sign-ups, but safety drivers and tiny fleets keep it a pilot.
Lars Cornelissen ·
Matillion Context Engine is a public preview knowledge graph for Maia AI Agents. Start with restricted domain graphs and watch crawler scope.
Lars Cornelissen ·
Snowflake Adaptive Compute is query-based adaptive warehouse compute. Use its 2 knobs to cap bursts, monitor credits, and avoid blind migrations.
Lars Cornelissen ·
ICEBERG_MERGE_ON_READ_BEHAVIOR is Snowflake's GA switch for Iceberg DML mode. AUTO sends 3 of 4 table cases to merge-on-read.
Lars Cornelissen ·
AI data center backlash is now a zoning risk: Shelbyville's $2B Prologis campus shows trust can bottleneck compute before power does.
Lars Cornelissen ·
The Databricks Data Intelligence Platform is a lakehouse that unifies storage, compute, governance, and AI on open Delta tables. Here is how the pieces fit and where the cost goes.
Lars Cornelissen ·
Matillion Context Engine is a public preview metadata layer that gives Maia AI Agents knowledge graphs for safer pipeline work.
Lars Cornelissen ·
The Data Productivity Cloud is Matillion's cloud-native platform for building, running, and orchestrating data pipelines with low-code, code, and AI. Here is how the pieces fit and where the cost goes.
Lars Cornelissen ·
A random 12-character password can outlast every computer on Earth, but an 8-character one on a weak hash falls in hours. Here is the brute-force math, mapped.
Lars Cornelissen ·
Snowflake Adaptive Compute is query billed warehouse compute with 2 tuning knobs. Use it when tuning costs more than control.
Lars Cornelissen ·
Snowflake Adaptive Compute is query-billed warehouse compute. Its default XLARGE cap and multiplier 2 force FinOps teams to retest sizing.
Lars Cornelissen ·
Cortex Agents let you build an AI agent that reasons across structured tables, unstructured documents, and custom tools inside Snowflake. It orchestrates a plan-act-reflect loop, and the bill is the sum of four meters you need to watch.
Lars Cornelissen ·
Snowflake Cortex AI exposes LLMs as SQL functions like AI_COMPLETE and AI_CLASSIFY, so you run inference without moving data out. It is billed per token by model, and cost swings roughly 40x between a small model and a frontier one, so model choice is the budget.
Lars Cornelissen ·
Cortex Analyst is Snowflake's managed text-to-SQL service: business users ask questions in natural language and get answers without writing SQL. The accuracy depends almost entirely on a semantic view you build, and it is billed per message, not per token.
Lars Cornelissen ·
Cortex Search is Snowflake's managed hybrid search service: it embeds your text, runs vector plus keyword retrieval with reranking, and keeps the index fresh, so you can build RAG and enterprise search without standing up a vector database. The cost is several meters, and serving compute bills even when idle.
Lars Cornelissen ·
Snowflake Gen2 standard warehouses run on faster hardware and finish most queries quicker, but they bill at a higher credit rate and you often have to switch with a SQL clause. Whether they save money depends entirely on whether the speedup beats the rate.
Lars Cornelissen ·
Snowflake access control is role-based: privileges attach to roles, not users. Splitting access roles from functional roles collapses thousands of direct grants to a few hundred, and one masking policy can protect thousands of columns at query time.
Lars Cornelissen ·
Snowflake Iceberg tables store data in open Apache Iceberg format in your own cloud storage, so Snowflake bills zero storage and other engines can read it. The catch: only Snowflake-managed catalog tables get full platform support, external-catalog tables lose clustering, cloning, and replication.
Lars Cornelissen ·
Openflow is Snowflake's managed data integration service, built on Apache NiFi, that moves structured and unstructured data from any source into Snowflake. It runs in two modes: inside Snowflake on container services, or in your own cloud VPC, and each bills and isolates differently.
Lars Cornelissen ·
Snowflake clustering keys reorganize micro-partitions so queries prune more of the table. On a well-clustered date column a one-day query can scan 140 micro-partitions instead of 9,800, but automatic clustering bills credits, so it only pays on big, filtered, slow-changing tables.
Lars Cornelissen ·
Dynamic Tables let you declare a SELECT and a target lag and let Snowflake refresh it; Streams and Tasks give you imperative control. Dynamic Tables bottom out at a 60-second minimum lag, so sub-minute freshness still means Snowpipe Streaming or Tasks.
Lars Cornelissen ·
Snowflake warehouse sizing sets your credit burn: each size up doubles credits per hour, so a 4XL costs 128 credits per hour against an XS at 1. Right-size by workload, not by habit.
Lars Cornelissen ·
Covert LLM agents used identity, authority and bias triggers on Reddit. Treat persuasion as a safety surface, not a label problem.
Lars Cornelissen ·
LLM judges are stable on reruns but reversible after challenge. A new ACL paper says evals must test interaction, not just scores.
Lars Cornelissen ·
SentinelBench is a 100-task benchmark for monitoring agents. Use it to test patience, latency and tool spend before you ship.
Lars Cornelissen ·
A typical AI text prompt uses roughly 0.24 to 0.34 watt-hours and a fraction of a milliliter of water, not a bottle per email. Training is huge but rare, and inference is what adds up.
Lars Cornelissen ·
AI persuasion is no longer a lab-only risk: Reddit bots hit an 18 percent delta rate, but the new audit shows the tactic stack matters.
Lars Cornelissen ·
EVA-Bench Data 2.0 is a 213 scenario dataset for testing enterprise voice agents across airline, IT, and healthcare HR workflows.
Lars Cornelissen ·
AI agent security is privileged access control for LLMs. Meta’s Instagram hack shows one support bot can turn account recovery into takeover.
Lars Cornelissen ·
Palantir builds data integration software that fuses an organization's siloed records into one model its AI can act on. Here is why that business now carries a market value near $400 billion.
Lars Cornelissen ·
TeamPCP is the cybercrime crew behind the Shai-Hulud npm worm. It open-sourced the malware in May 2026, then poisoned Red Hat's packages and blurred the question of who to blame.
Lars Cornelissen ·
Dynamic pricing means FIFA moves World Cup 2026 ticket prices with demand, like an airline. Seats run from $60 to $6,730, helping push the tournament toward a record $8.9 billion.
Lars Cornelissen ·
Audit then score is a benchmark protocol that revises labels before grading. Amazon says it lifted expert accuracy from 60.8% to 90.9%.
Lars Cornelissen ·
Generalist agents can run data curation loops, but one benchmark shows they need scaffolds to beat baselines at 10 percent data budget.
Lars Cornelissen ·
Virtual power plants are flexible loads coordinated as capacity. Google’s 100 MW Voltus deal tests whether homes will flex for AI.
Lars Cornelissen ·
Multi-agent debate hurt generation by up to 15.5 points in data cleaning, but a grounded critic rescued detection and repair.
Lars Cornelissen ·
Google AI opt out rules in the UK give publishers control over AI Search, but the hard choice is whether to trade traffic for leverage.
Lars Cornelissen ·
The unit distance proof gives OpenAI an AI math win: n^1.014 unit pairs, with humans still doing the verification work.
Lars Cornelissen ·
Vibe coding dominates AI discourse, but most professional developers still avoid it. The 2025 survey data shows why: the output is almost right too often.
Lars Cornelissen ·
Model capability is improving about 15.5 ECI a year and the rate rose after early 2024. The expected plateau never arrived, which complicates every roadmap built around one.
Lars Cornelissen ·
Frontier AI spending has shifted from clever algorithms to power and concrete. A single gigawatt data center now costs about 30 billion dollars to build.
Lars Cornelissen ·
AI agents are not yet mainstream, and the developers who use them report personal speed but little team-wide gain. The fix is teaching agents when to stop.
Lars Cornelissen ·
The performance gap between the best AI models and the rest is collapsing. Aggregate leaderboard scores now hide more than they reveal about real strengths.
Lars Cornelissen ·
AI chip performance per dollar improves about 37 percent a year, yet each new flagship costs more upfront. The GB300 delivers 24 times the value of a P100 at nine times the price.
Lars Cornelissen ·
Organisational AI use jumped to 78 percent in 2024, yet demand for human judgment rose alongside it. The productivity paradox is back in a new form.
Lars Cornelissen ·
The United States holds about 75 percent of global GPU cluster performance. That concentration shapes pricing, latency, and policy for everyone building elsewhere.
Lars Cornelissen ·
Training compute for frontier models has grown about 5 times a year since 2020. The scatter looks clean, but every data point sits to the left of the real question.
Lars Cornelissen ·
Frontier training costs climb about 3.5 times a year while algorithms get 3 times more efficient. The two trends are racing, and the gap decides who can still compete.
Lars Cornelissen ·
Building a one-person data studio used to be impossible on the economics alone. Inference at a fixed quality level fell roughly 280 times in two years, and that changed the math.
Lars Cornelissen ·
Gartner expects over 40 percent of agentic AI projects to be cancelled by end of 2027. The drop-off from demo to production is where the budgets quietly die.
Lars Cornelissen ·
The largest AI data center already rivals 700,000 H100 chips, and a 5-million-equivalent campus is due by 2027. Power and concrete, not chips, set the new pace.
Lars Cornelissen ·
Open-weight models went from a budget compromise to a default choice. On some benchmarks the gap to the best closed models shrank from 8 points to 1.7 in a year.
Lars Cornelissen ·
Frontier AI capability reaches consumer hardware in about eight months. The shrinking gap turns today's hosted-only features into tomorrow's on-device default.
Lars Cornelissen ·
LLM context windows have expanded about 30 times a year since 2023, from a few thousand tokens to over a million. The change quietly rewrites how RAG systems should be built.
Lars Cornelissen ·
The installed stock of AI chips is growing 3.4 times a year, doubling every seven months. The capacity question has quietly shifted from chips to power and buildings.
Lars Cornelissen ·
LLM inference costs fell between 9 and 900 times a year depending on the task. The cheapest gains landed on easy work, while frontier reasoning barely moved.
Lars Cornelissen ·