惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
AI Governance Cannot Be a Tool Call | Tenure
Tenure · 2026-06-19 · via Hacker News - Newest: "AI"

Writing AI context control plane

Architecture

Enterprise AI needs a context control plane beneath every model request. Not a tool the agent can choose to call. A layer every request has to pass through.

Tenure research · ~9 min read

TL;DR

  • Almost everything built on agents today treats governance, memory, and policy as tools the model can choose to invoke.
  • That shape breaks the moment something has to be true regardless of what the model decides.
  • The fix is not a better tool. It is a different position in the stack: beneath every request, not beside the model.
  • Tenure calls this the AI context control plane, starting with governed memory and state for enterprise AI workflows.

The assumption nobody states out loud

If it depends on the model deciding to call it, it is not governance

Open almost any architecture diagram for an AI coding agent today and you will find the same shape. The model sits at the center. Around it, a ring of tools it can reach for: a ticketing system, a memory store, a compliance check, an audit log. The diagram looks complete. It is missing the detail that determines whether any of it actually works: every one of those tools only does something if the model decides to call it.

That is fine for a calendar lookup. It is not fine for the things people actually mean when they say governance. Access control that depends on the agent remembering to check access is not access control. An audit trail that exists only when the model chooses to write to it is not an audit trail. A coding convention that the model follows when it happens to recall the rule is not a constraint. It is a suggestion with good intentions.

This is the category error underneath a lot of AI infrastructure right now. Tool-calling is useful for optional actions. Governance is not optional. Treating both as the same kind of model-invoked tool makes the system look extensible while leaving the most important controls dependent on the model's cooperation.

A tool a model can choose to call is optional input. Governance that matters cannot be optional. The two are currently built the same way, and that is the problem.

The category

Enterprise AI needs a context control plane

The missing layer is the AI context control plane: the infrastructure that decides what context an AI request is allowed to carry, what memory it can use, what policy applies, and what gets recorded before the request reaches the model.

This is not the same thing as an agent framework. It is not the same thing as a memory SDK. It is not an MCP server. Those sit beside the model as capabilities the agent may invoke. A context control plane sits in the path of the request. It can govern, enrich, scope, and audit the request before the model ever sees it.

Tenure starts with memory because memory is the first unavoidable primitive of this layer. Every serious AI workflow eventually needs durable state: what was decided, what changed, what was superseded, who approved it, what scope it applies to, and why it was injected. If that state lives inside one app, every other app loses it. If it lives behind a tool call, the model can skip it. If it lives underneath the request path, it becomes infrastructure.

Tenure is the AI context control plane for enterprise teams, starting with governed memory and state beneath every model request.

The problem in the wild

People are already circling this from different directions

A coding agent can produce a diff, run a test, and report that the task is done. The harder question, the one a lot of engineers are now asking out loud, is what happens after. Someone still has to know what changed, why it changed, whether the right files were touched, what was tested, what was skipped, and whether the result is safe to trust. That is not a code generation problem. It is a review and trust problem.

A separate group is approaching the same wall from the orchestration side, building systems that explicitly refuse to let an agent's own "done" signal count as authority. The agent produces a claim. Something else, observing the actual state of the repository, the tests, and the review, decides whether that claim holds. That is a real and reasonable design. It also quietly admits the thing it does not solve by itself: someone still has to define what good means for a given repo, and keep that definition from drifting out of sync with what the agent was actually told.

A third group is rethinking memory itself along the same axis, arguing that most agent memory today is something you query after the fact, and that the more valuable version is something the agent has to reconcile before it acts and correct as part of acting. Different vocabulary, same underlying complaint: the thing that is supposed to keep an agent honest is currently positioned as optional, late, or both.

Three different entry points. One structural cause. Nobody arrived at it from the same angle, which is usually a sign that the problem is real rather than a framing exercise.

The infrastructure precedent

This already happened underneath the application

A container does not ask permission before it sends a packet. It does not call a tool to check whether it is allowed to talk to another pod. The network policy is not a service the container can invoke if it remembers to. It is enforced underneath the workload, at a layer the workload cannot opt out of. The workload does not cooperate with the policy. The policy does not need it to.

In infrastructure, many controls begin as application-level conventions before they become enforcement layers. That shift matters because "the app should remember to check" is not a security property. It is a hope.

The same move is now available for agents. Almost nobody is positioned to make it because almost everything in this space is built as a tool the agent calls rather than a layer the request cannot get around.

Governance as a tool the agent calls

User request

Model

Governance tool, maybe called

Model proceeds either way

Enforcement is conditional on the model's cooperation. There is no structural floor.

Governance as the layer beneath the request

User request

Proxy enforces, logs, scopes

Model never sees a way around it

Enforcement does not require the model's awareness or consent. There is a structural floor.

Why app-level governance breaks

Context is fragmenting across tools

The average enterprise AI environment will not be one model, one assistant, or one agent. It will be a mix of coding tools, chat clients, internal agents, CI workflows, notebooks, ticketing systems, support workflows, and model providers. Each one will accumulate its own context. Each one will have its own memory model. Each one will make different assumptions about what it knows and why it knows it.

That is manageable while AI usage is personal and experimental. It becomes a governance problem the moment AI participates in real work. A team decision made in one tool should not disappear when a developer switches clients. A policy correction should not depend on being manually copied into every agent. A stale architectural fact should not keep resurfacing because one application remembered it and another one did not.

App-level memory creates islands. Tool-call memory creates optional recall. Enterprise AI needs neither. It needs a shared, governed substrate for context that can sit below the tools and above the models.

The future of enterprise AI is not one app with better memory. It is many apps sharing one governed context layer.

Why memory comes first

The layer underneath still needs state

Policy without memory is brittle. Audit without memory is incomplete. Evaluation without memory has no durable view of what the system believed at the time. The layer underneath AI requests needs state because real organizations are made of accumulated decisions, exceptions, preferences, corrections, and rules.

That state cannot behave like a pile of semantically similar notes. A system that remembers "the connection pool cap is 20" and later remembers "the connection pool cap is 50" has not solved memory if both facts can keep returning forever. It has created a permanent read-time cleanup problem. Every future reader has to notice the conflict again.

Governed memory moves that work into the substrate. Facts need scope. Corrections need provenance. Superseded beliefs need to be marked as superseded. The current value needs to be available without forcing every model request to rediscover the history from scratch.

This is why Tenure treats memory as state, not search. The point is not to retrieve more nearby text. The point is to know what the system currently believes, why it believes it, where that belief applies, and whether it is still allowed to influence the next request.

Where Tenure fits

Under the request path, not beside the model

Tenure sits between AI clients and model providers. That position matters. It means context injection, scoping, audit trails, and memory governance do not depend on the model choosing to call a tool. They happen before the request reaches the model.

In practice, this lets teams use the AI tools they already use while giving the organization a shared layer for governed context. A developer can work in VS Code, Cursor, Cline, Continue, Open WebUI, or another client, while the memory and policy layer remains consistent underneath. The client can change. The model can change. The governed state does not have to disappear with either one.

That is the difference between a memory feature and a context control plane. A feature improves one application. A control plane gives the organization one place to decide what AI is allowed to know, remember, use, and prove.

MCP lets a model call tools. Tenure governs the request before the model sees it.

The test

Does it require the agent's cooperation?

The simplest test for this category is not whether a product says governance, memory, policy, or audit. The test is whether the system requires the agent's cooperation to work.

If the model has to remember to call the memory tool, memory is optional. If the model has to remember to call the policy checker, policy is optional. If the model has to remember to write an audit event, the audit trail is optional. However good those tools are, they are still downstream of the model's discretion.

A context control plane has a different contract. The request enters governed infrastructure before it reaches the model. Identity, scope, memory, policy, provenance, and audit can be attached outside the model's decision loop. The model does not need to know the enforcement happened. It also does not get to skip it.

If it needs the agent's cooperation, it is a tool. If the request cannot get around it, it is infrastructure.

Where this goes

The model is the part everyone can see. The control plane is the part that decides whether it is safe to trust.

None of this means tool-calling is the wrong abstraction for everything. Fetching a file, querying a database, opening a ticket, or running a build can all be discrete actions that a model invokes when needed.

The argument is narrower and more important: anything that has to be true regardless of what the model decides cannot live at the same layer as an optional tool. Access control. Audit trails. Memory scope. Supersession. The rules generated code has to conform to before anyone trusts it. These cannot depend on the model deciding to ask.

The people asking what happens after the diff, the people refusing to let an agent's "done" mean done, the people rebuilding memory around write-time correction instead of read-time lookup, are all describing the same missing layer from different rooms.

The category is becoming visible now. Tenure is building it from the bottom up: governed memory and state first, then the broader control plane for context, policy, provenance, audit, and evaluation across enterprise AI requests.