惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Hacker News
The Hacker News
F
Full Disclosure
Cloudbric
Cloudbric
Blog — PlanetScale
Blog — PlanetScale
W
WeLiveSecurity
N
News and Events Feed by Topic
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog
GbyAI
GbyAI
C
Check Point Blog
B
Blog RSS Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Recorded Future
Recorded Future
The Last Watchdog
The Last Watchdog
N
News and Events Feed by Topic
T
The Blog of Author Tim Ferriss
O
OpenAI News
V
V2EX
人人都是产品经理
人人都是产品经理
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Security @ Cisco Blogs
C
Cisco Blogs
Security Latest
Security Latest
S
Security Affairs
V
Visual Studio Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Azure Blog
Microsoft Azure Blog
Last Week in AI
Last Week in AI
AWS News Blog
AWS News Blog
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
PCI Perspectives
PCI Perspectives
博客园_首页
U
Unit 42
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
Project Zero
Project Zero
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
N
Netflix TechBlog - Medium
L
LINUX DO - 热门话题
H
Hacker News: Front Page

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
The Drafter Pattern: A Design Pattern for Reliable AI Systems
nahimn · 2026-04-28 · via Hacker News - Newest: "AI"

Story time. A fictional IT team (we’ll call them Initech) wants to automate how help desk tickets get routed, escalated and resolved. They’re drinking the SaaSpocalypse kool-aid, decide they don’t need 90% of big enterprise software functionality and point an LLM at the problem to let it generate highly personalized code. It writes cron jobs, calls APIs, queries databases, sends Slack messages and modifies user permissions.

A few weeks in, the generated code gives support agents permissions they shouldn’t have because it mixed up who’s allowed to do what. Login sessions expire at random because the code didn’t handle token refresh correctly, and agents get kicked out mid-conversation. And the worst one: when a ticket gets escalated and reassigned at the same time, the system creates a duplicate that inherits the customer’s access instead of the agent’s. A customer can now see internal notes. The business is now listed on Krebs on Security as a poster-child for engineering hubris.

An LLM can produce correct code, incorrect code, and dangerous code. All three are syntactically valid – and that’s the problem. Every standard library import, every API call, every system interaction is surface area where things could go wrong. The language gives the LLM access to everything, and the LLM has no reason not to use all of it.

Now shrink the language. Instead of generating arbitrary code, the LLM writes in a workflow Domain Specific Language (DSL):

Session handling, Rule Based Access Control (RBAC) scoping and access control are baked into the runtime; the LLM never touches them directly but it composes pre-validated building blocks. If it references a function that doesn’t exist, the parser rejects it. If it tries to manage permissions outside the DSL’s type system, the grammar won’t allow it.

That’s the Drafter Pattern. It trades expressiveness for reliability. As the language gets smaller, the error surface gets smaller with it.

Shrinking the language to shrink the error surface is one of the oldest ideas in software.

Before SQL, querying a database meant writing procedural code that manually traversed pointer networks. Don Chamberlin, SQL’s co-creator, described seeing Codd’s relational model for the first time: “a query that would require a complex program in the [Data Base Task Group (DBTG)] language could be reduced to a few simple lines.” SQL didn’t give programmers more power — it took away their ability to write pointer traversal bugs by removing pointers from the vocabulary entirely.

Fifty years later, the same pattern played out with TypeScript. JavaScript imposes virtually no constraints — assign a string to a number, call a function with the wrong arguments, misspell a property and get undefined instead of an error. TypeScript removed those freedoms. Airbnb’s postmortem analysis found that 38% of their production bugs would have been prevented by TypeScript. The language is strictly less expressive, and that’s the point.

Terraform did the same thing for infrastructure. Cloud consoles let engineers get away with murder – create a security group, attach it to the wrong VPC, open port 22 to the world and forget they did it. HashiCorp Configuration Language (HCL) removed the ability to express sequencing. An engineer declares what should exist; the runtime resolves ordering, dependencies, and rollback. You can’t write an ordering bug because the language has no concept of order. A DSL was once again used to control entropy.

Now before you close this tab — no, you don’t need to invent SQL. These are just recognizable examples. A DSL can be as simple as a JSON schema with a dozen allowed operations, or a config format with typed fields. The point isn’t the sophistication of the language, but the decision to constrain what can be expressed.

You’ve probably used the Drafter Pattern this week without naming it. Every time AI writes a spreadsheet formula, a Mermaid diagram, or a markdown slide deck, it’s generating constrained code where the grammar is the guardrail. These formats work because they’re limited (i.e. the AI can’t express anything dangerous, and the output is machine-verifiable).

Some companies have built entire products around this principle in higher-stakes domains. For example:

  • Sublime Security’s* Message Query Language (MQL) is a structured language for email threat detection. Analysts describe threats in natural language; the system produces detection rules that can be reviewed, version-controlled and executed deterministically. The AI can’t express anything outside MQL’s grammar — no arbitrary code, only pattern-matching over email events.

  • Serval.ai built DSL-first IT workflow automation from day one. The AI drafts workflows in a constrained language where the building blocks — routing, escalation, approval chains — are pre-validated. The DSL was co-designed with AI generation in mind, not bolted on after.

The pattern is the same everywhere it shows up: the AI authors, but the language decides what’s possible.

This isn’t a new idea. It’s an old idea that many AI teams are ignoring.

The default response to “LLMs produce unreliable code” is to add more checks after generation — guardrails, evals, human review, prompt engineering. The Drafter Pattern goes the other direction: change what can be generated in the first place. Don’t filter bad output. Make bad output inexpressible.

The difference is between a code review that catches rm -rf / and a language that doesn’t have rm. Between a guardrail that blocks unauthorized API calls and a grammar where unauthorized API calls aren’t part of the vocabulary, the Drafter Pattern chooses the latter.

Back to the hypothetical Initech. Instead of generating an incorrect SQL query against a user table (and causing a horrible security breach), code-generating with a constrained DSL results in a battle-tested component/block like route_to level_2_support being used because the DSL doesn't have a concept of “user table.” Session handling, RBAC, and access control live in the runtime. The LLM composes pre-validated building blocks. It can't reach past them.

When the LLM does get something wrong — and it will — the failure modes are constrained too:

  • It hallucinates a function that doesn’t exist → the parser rejects it before anything runs.

  • It passes the wrong type to a valid function → the type system catches it at validation, not in production.

  • It produces valid code that does the wrong thing → that’s a semantic error, and you still need human review, evals, and testing for those. The pattern doesn’t solve everything. More on that below.

What the pattern does enforce: the AI can’t express anything the language doesn’t allow. The surface area of possible errors shrinks to the surface area of the DSL.

The Drafter Pattern eliminates categories of errors. It doesn’t eliminate errors.

An LLM generating Initech’s workflow DSL can still write route_to level_1_support when the ticket should go to level_2_support. That’s valid code that does the wrong thing. The parser won’t catch it. The type system won’t catch it. It’s a semantic error; the AI understood the grammar but misunderstood the intent. You still need human review, evals, and testing against historical data for these. The pattern shrinks the error surface. It doesn’t shrink it to zero.

Building and maintaining a DSL has real costs too. You’re designing a language — even a small one. That means schema decisions, migration paths when the domain evolves, and the discipline to keep the DSL tight as pressure mounts to “just add one more feature.” If your domain changes faster than your DSL can keep up, you’re accumulating debt. This tradeoff is worth it when the DSL is central to the product. It’s not worth it when it’s bolted on as an afterthought.

And not every domain needs this much constraint. If the cost of wrong output is low — a chatbot, a brainstorming tool, a content draft — the expressiveness of a general-purpose language is a feature, not a risk. The pattern earns its complexity when AI-generated code touches systems where mistakes have real consequences: permissions, money, health, compliance. If nobody gets hurt when the AI gets it wrong, let it write Python.

I think that most AI teams are neglecting language as a guardrail. They’re tuning prompts, stacking guardrails, running evals, and building review pipelines all to compensate for giving the LLM a language that is likely too expressive for the job. They’re filtering output when they should be constraining input.

The language your AI writes in is a design decision. Teams can default to Python or JavaScript because that’s what the LLM already knows. But the LLM also knows SQL. It knows YAML. It knows constrained formats it’s never been explicitly trained on. The choice to give it a smaller, safer language is available today.

The result isn’t a chatbot with guardrails. It’s a platform where customers can get the flexibility of AI generation and the reliability of constrained execution because the grammar rules out failure modes before anything runs.

There are many domains that could exploit the properties of AI code generation (e.g. legal, clinical, financial, security, infrastructure) by designing their own DSL. Not a new programming language. A constrained vocabulary of validated building blocks, a type system that catches errors before runtime and a grammar that makes the failure modes inexpressible. In my opinion, the companies that figure this out will be able to harness more reliable and robust forms of AI. They’ll have platforms where customers can safely personalize software to their exact needs because the language guarantees that personalization can’t break anything it shouldn’t.

SQL gave non-programmers safe access to databases. TypeScript gave large teams safe access to dynamic codebases. The next generation of DSLs will ideally give AI safe access to production systems.

We’re not short on model capability. We’re short on languages designed for the models to write in.

Here is a list of readings I find interesting on the topic.

Companies Referenced

Nahim Nasser is Head of AI Engineering at Georgian, where he leads the applied AI engineering team building production AI systems for growth-stage companies.

Grateful to Frederik Dudzik, Asna Shafiq and Madalin Mihailescu for their thoughtful feedback on this piece.

* a Georgian portfolio company

This blog is provided for informational purposes only and should not be relied upon as legal, business, investment, or tax advice. Nothing in this blog constitutes investment advice, nor is it intended for use by any investors or prospective investors in any Georgian funds.This blog may include links to external websites or information obtained from third-party sources. Georgian has not independently verified and makes no representations regarding the accuracy or completeness of such information, whether current or ongoing.If this content includes third-party advertisements, Georgian has not reviewed such materials and does not endorse any advertising content or the companies referenced.

Any investments or portfolio companies mentioned are for illustrative purposes only and may not be representative of all investments made by funds managed by Georgian. Please contact Georgian for more information.

No posts