Cloud Native Security / AI Systems
Building safer intelligent systems.
I'm Changhao Li, a cloud-native security engineer. I write about agent runtimes, container isolation, observability, and the security boundaries of AI systems.
RUNTIME · ISOLATION · OBSERVABILITY · AI SECURITY
Recent Posts
View All-
The Real Frontier of Agent Security: The Four-Pillar Control Plane Behind Anthropic's Finance Agents
Anthropic released 10 financial-services agent templates powered by Opus 4.7. The real story isn't model performance—it's that per-tool permissions, managed credential vaults, full audit logs, and human-in-the-loop are now default. This signals a shift in vendor security focus from model alignment to deployment-time control.
-
May 6, 2026 Decoding Claude Security: How Anthropic Productized the 'AI Security Researcher'
Claude Security beta, powered by Opus 4.7, is currently exclusive to Enterprise customers. This deep-dive analyzes Anthropic's new product across six dimensions: positioning, architecture, workflow, capability boundaries, pricing, and ecosystem strategy.
-
Mar 31, 2026 X-Raying AI Coding Agents with eBPF: How ClawXRay Works
When Claude Code makes 200 API calls on your machine, do you know what it sent or how many tokens it burned? ClawXRay uses eBPF to intercept TLS-encrypted traffic at the kernel level, making every LLM call from AI Agents fully transparent.