惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

MyScale Blog
MyScale Blog
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
N
News and Events Feed by Topic
Recent Announcements
Recent Announcements
D
Docker
M
MIT News - Artificial intelligence
L
LangChain Blog
I
InfoQ
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
博客园_首页
MongoDB | Blog
MongoDB | Blog
美团技术团队
S
Schneier on Security
G
GRAHAM CLULEY
月光博客
月光博客
有赞技术团队
有赞技术团队
Vercel News
Vercel News
Scott Helme
Scott Helme
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Recorded Future
Recorded Future
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
Attack and Defense Labs
Attack and Defense Labs
Google Online Security Blog
Google Online Security Blog
Simon Willison's Weblog
Simon Willison's Weblog
量子位
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
Visual Studio Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
N
Netflix TechBlog - Medium
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Spread Privacy
Spread Privacy
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
小众软件
小众软件
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Security Affairs
Cloudbric
Cloudbric
爱范儿
爱范儿
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Closed-Loop Trust Score: Three Numbers That Decide Which Remediations Run Without a Human
Muskan · 2026-05-15 · via DEV Community

Muskan

The closed-loop pipeline runs the easy part well. Detect fires, decide picks a remediation, act executes, and verify confirms. The hard part is the line between "auto-execute" and "page a human." Most teams draw it by gut. Some rules go to action, the rest go to a ticket queue or Slack. The split is rarely written down, and when it is, it's a static rule list maintained by whoever owned the loop last quarter.

That gut-feel split is where autonomous remediation goes wrong. Pull the line one way and the loop becomes a cron job that touches production without the on-call understanding why. Pull it the other way and the loop becomes a glorified alert generator: every signal lands in a queue, the queue stays full, action rate decays back to the same 5% a static report would have produced. Both failure modes kill trust faster than any single bad auto-action.

The fix is to stop drawing the line by gut and start computing it. Three scores per remediation candidate: how much damage can this do (blast radius), how fast can we undo it (reversibility), and how sure are we the signal is real (confidence). Multiply them together. One threshold decides auto-vs-page. The threshold is a knob the team tunes monthly from incident postmortems, not a per-rule policy debate.

This pattern composes with the existing closed-loop FinOps detect-decide-act-verify framework and the closed-loop IAM remediation work. It's the missing piece between "we built the loop" and "we trust it on production."

The trust line is the closed-loop's hardest design choice

Every team running closed-loop remediation hits the same fork at week three. The first wave of policies were obvious — terminate idle non-prod EC2, delete unattached EBS volumes, downgrade unused log-group retention. Nobody pushed back. Action rate hit 70-85% within a sprint.

The second wave of policies is where it gets contested. Right-size production RDS instances. Drop unused IAM permissions. Migrate cold S3 objects to Glacier. Each one is technically reversible, statistically safe, financially significant. And each one gets stuck in a 90-minute meeting where someone says "but what if it's wrong on the one prod instance that matters."

Failure mode What it looks like Cost
Too aggressive Auto-action touches a customer-facing resource on a stale signal; one outage trains the team to disable autonomy 1 outage = 6 months of trust gone, plus the policy gets quietly disabled
Too cautious Every signal lands in a ticket queue; engineer triage rate is 5%; backlog grows; loop degrades to a report Re-creates the original report-and-decay problem the loop was built to solve

The teams that get past this fork are the ones that stop debating per-policy and start computing the trust line. Three scores per candidate signal. One threshold. Postmortem-driven tuning. The result: 70-85% of detected events run without a human, the rest get a pre-filled ticket with the per-axis breakdown so the human spends 30 seconds deciding instead of 30 minutes.

Score 1: blast radius (per resource, not per rule)

Blast radius is how much customer impact a remediation creates if it goes wrong. The naive version is a constant per rule: "right-size production database = high blast radius, terminate non-prod VM = low." This loses immediately because blast radius isn't a property of the rule. It's a property of the resource the rule touches in this specific run.

Compute blast radius at policy-evaluation time from three inputs that already exist in the cloud accounts.

diagram

Tags catch the obvious cases: env=prod raises the floor, env=non-prod lowers it. But tags get gamed. A correctly-tagged-as-non-prod database serving 30% of customer traffic is not low blast radius, no matter what the tag says. The traffic signal (request count or connection count over the last 7 days, sampled from ALB target groups or APM) is the corrective.

Customer attribution is the third input. A resource that maps to one specific customer (multi-tenant routing, dedicated subnet) is high blast radius even if the traffic is low — losing that customer is worse than losing 2% of generic traffic. Pull this from the routing layer or the customer-id tags propagated through the data plane.

The blast-radius score is min(tag_score + traffic_score + customer_score, 1.0). Production-tagged + customer-facing + multi-tenant scores 0.9. Non-prod, single-tenant, sub-10-req/min scores 0.1. The 0.1 to 0.9 spread is what makes the trust score selective enough to be useful — most resources land in the 0.2-0.6 range.

Score 2: reversibility (per action, includes time-to-reverse)

Reversibility is per action, not per resource. Stopping an idle EC2 instance is reversible — start it back up in 90 seconds, the data is intact, no client connections to restore. Deleting a snapshot is not — the bytes are gone. The same resource can be touched by multiple actions with different reversibility scores.

Maintain reversibility as a lookup table. Most cloud teams need 50 to 150 entries to cover their action catalog. The table is the highest-leverage piece of work in the system: a wrong entry causes incidents, a right entry unlocks auto-action across hundreds of resources of that type.

Action Reversibility Time to reverse Notes
Stop EC2 instance 1.0 90 seconds Start back up, ENI/EBS preserved
Stop RDS instance 0.95 4-8 minutes Restart preserves data; connection pool needs warmup
Scale ASG to zero 0.9 3-5 minutes New instances provision; warm pool helps
Right-size EC2 down 0.8 2-4 minutes Reverse with another resize; brief downtime
Drop unused IAM permission 0.85 30 seconds Re-add the permission; users may have hit denial in the gap
Move S3 object to Glacier 0.4 3-5 hours Restore takes time; reads during the window fail
Delete EBS snapshot 0.0 irreversible Bytes gone unless cross-region copy exists
Delete unused security group 0.6 5-15 minutes Recreate from infra-as-code if you have it; manual reconstruction otherwise

Time-to-reverse matters because reversibility is implicit, not stated. An action that's "reversible" but takes 2 hours fails the trust test if the user impact lands in the first 5 minutes. The reversibility score has to bake in a time-to-reverse multiplier: anything taking longer than the user-perceptible-impact window gets discounted.

Practical heuristic: reversibility = base_score × min(1, 5_minutes / time_to_reverse_minutes). Stop EC2 stays at 1.0. S3-to-Glacier drops from 0.4 to 0.4 × (5 / 240) = 0.008 — effectively non-reversible. The math forces the table to be honest about which actions are actually safe to auto-run.

Score 3: confidence (per detection, signal stability)

Confidence is how sure the detector is that the signal is real. It comes from the detector's signal stability, not the action class. A CloudWatch alarm that's been firing consistently for 14 days at sub-5% CPU has confidence 0.95: the data is not noisy, the threshold is well-clear, the duration is long. A one-off cost-anomaly spike from a forecast model has confidence 0.55: the signal might be a real change or might be a forecast wobble.

Each detection source has a typical confidence range:

Detector Typical confidence What drives it
CloudWatch alarm, 14d steady 0.90 - 0.98 Long duration + low variance + clear threshold margin
CloudWatch alarm, 24h steady 0.65 - 0.80 Same shape, less duration
Cost anomaly forecast 0.55 - 0.75 Model variance + lookback window length
Drift detection (Terraform refresh) 0.85 - 0.95 Boolean signal — drift exists or it doesn't
Idle resource scan (single sample) 0.50 - 0.65 One snapshot; could be a usage gap, not abandonment
Multi-detector agreement 0.95+ Two independent detectors flag the same resource

The pattern that buys the most trust per unit of work: track which detector flagged a signal and how long it has been flagging. Both pieces of metadata already exist in the detector. Surface them as an explicit confidence field on the signal payload, not a hidden property. The downstream trust math reads the field and makes a decision; if the detector improves later, only the producer changes.

Multi-detector agreement is the cheap upgrade. Two detectors flagging the same resource pushes confidence past 0.95 even if each individually is at 0.7. Cost anomaly + drift detection + CloudWatch alarm all firing on the same RDS instance is a stronger signal than any one of them alone.

The auto-action threshold (one knob, tuned monthly)

The trust score combines the three inputs:

trust = (1 - blast_radius) × reversibility × confidence

(1 - blast_radius) because blast radius is a penalty: high blast radius reduces trust. The other two are bonuses. Worked examples on both sides of a 0.55 threshold:

diagram

Signal A: stop a non-prod EC2 instance flagged by a 14-day CloudWatch alarm. Blast radius 0.3 (non-prod, single-tenant, low traffic), reversibility 1.0 (stop is recoverable in 90 seconds), confidence 0.95 (stable signal). Trust = 0.7 × 1.0 × 0.95 = 0.665. Above 0.55. Auto-run.

Signal B: right-size a customer-facing RDS instance flagged by a single-day cost anomaly. Blast radius 0.5 (customer-facing but multi-tenant), reversibility 0.6 (reversible but with connection pool warmup), confidence 0.7 (single-day signal). Trust = 0.5 × 0.6 × 0.7 = 0.21. Below 0.55. Page a human with the pre-filled ticket.

Why this is one knob, not three: the team tunes the threshold based on incident outcomes. If two auto-actions in a month cause customer-facing degradation, lower the threshold from 0.55 to 0.65. If the page rate is too high and engineers are rubber-stamping every approval, raise it to 0.50. The per-axis weights stay constant; the human-vs-machine line moves.

The first-month ritual is what makes this work. Every auto-action gets a postmortem, regardless of outcome. The team meets weekly to look at the false-negatives (auto-action that turned out to be wrong) and false-positives (paged for nothing). The threshold drops 2-3 times in week one, then stabilizes.

How trust scores compose with closed-loop FinOps

The trust score is not a separate system. It plugs into the four-stage detect-decide-act-verify loop already running:

diagram

Detect produces the confidence input as an explicit field on the signal. Decide computes blast radius and reversibility, multiplies them with confidence, compares to the threshold. Act executes only if trust passes. Verify samples metrics over a window matched to the action's time-to-reverse (a 90-second-to-reverse action gets verified over 2 minutes; a 4-hour-to-reverse action gets verified over 5).

The verify-window matching the reversibility window is the under-discussed piece. Verify too early and you miss the slow-failing case; verify too late and the cost data lags. Match the window to time-to-reverse and the loop's outcome data is honest.

What changes after 6 weeks of production data

Three numbers move predictably as the team gets data on the loop's behavior.

The threshold drops from its initial conservative setting (often 0.7) to a stable middle ground (0.50 to 0.60) over 4-6 weeks. The first drop usually happens in week one when the team realizes 60% of detected signals are landing in the page queue and engineers are approving them all without changes. The second drop happens around week three when one false-negative postmortem reveals that the threshold was too tight on a class of safe actions. After week six, threshold changes are quarterly, not weekly.

The auto-action rate stabilizes around 70 to 85% of detected events. Below 70%, the threshold is too high; the loop is doing report work, not action work. Above 85%, the threshold is too low and incidents start. The 70-85 band is the operating range; teams that go outside it almost always retune within two weeks.

MTTR drops 3 to 5x for the auto-action class. Manual remediation MTTR for cost issues is typically 18 to 45 minutes (detect → triage → ticket → assigned → actioned). Auto-action MTTR is 2 to 4 minutes (detect → score → execute → verify). The drop multiplies across hundreds of monthly events, which is where the financial case for the closed loop actually lands. Pager-page reduction is the secondary metric: teams report 40 to 60% fewer cost-related pages after month three.

The trust score is not a fancy ML model. It's three deterministic inputs, one product, one tuned threshold. The leverage is in writing the inputs down explicitly instead of carrying them in the heads of whoever is on-call this month. Once they're written down, the loop's behavior is auditable, the threshold is tunable, and the team's confidence in the system grows from "we trust this rule" to "we trust this score." That second posture is what makes autonomous remediation actually autonomous.