Skip to main content

Posts

MiMo Code Is the Open Source Answer to Claude Code

Terminal-based coding assistants for AI-curious developers are hot these days, and the most popular choice appears to be Claude Code . But Anthropic’s commercial offering has a new open source rival: MiMo Code , released under an MIT license by Chinese smartphone giant Xiaomi.  Unlike Claude Code, MiMo Code is not restricted to a specific LLM provider. It was also optimized for “long-horizon automated programming tasks,” according to the introductory blog entry . The software aims to “maintain decision quality and state continuity over dozens or even hundreds of execution steps.” The AI community has taken notice of this release. Since its v0.1 release last week, MiMo Code has garnered 9,000 stars on GitHub , and has been forked 783 times.  And unlike Claude Code, which costs $20 a month to start, MiMo is free, and may not even require connecting to a cloud provider, if the user installs a model on their own machine. Tackling Long Horizon Memory Retention  Large Language Models (...
Post a Comment
Read more
Recent posts

Tenet’s ‘Agentjacking’ Attack Turns Sentry Errors Into Code Execution

AI coding agents can create a new code execution risk when they treat externally influenced error data as trusted guidance and have access to command line tools, according to new research from Tenet Security. The security company demonstrated an indirect prompt injection technique it calls “Agentjacking” in a recent report . In its proof of concept, an attacker planted malicious instructions inside a fake Sentry error report, causing an AI coding agent to execute an attacker-supplied command during a routine debugging task. The attack began with a Sentry Data Source Name (DSN), a credential commonly embedded in a website’s frontend JavaScript. Sentry treats DSNs as public and write-only because they allow applications to submit events without granting access to the project or its existing data. But an attacker who obtains the DSN can use it to send a false error event to the project’s ingest endpoint and control fields, including the error message, stack trace, tags, context and brea...
Post a Comment
Read more

New Relic Adds Open Source Tool to Observe AI Coding

New Relic has made available an open source extension to its observability platform for coding tools at no additional cost. Nic Benders, chief technical strategist for New Relic, said the New Relic AI Coding Observability capability will make it simpler for DevOps teams to centrally monitor usage of a diverse range of artificial intelligence (AI) coding tools, including the cost of the tokens consumed, using the same platform they already have to observe IT operations. Regardless of the type of AI coding tool employed, New Relic AI Coding Observability normalizes the data collected, he added. That capability makes it possible for organizations to employ multiple AI coding tools as they best see fit, or swap one out for another as additional advances are made, noted Benders. The arrival of New Relic AI Coding Observability coincides with the sharing of a survey of 200 technology decision makers in the U.S. that finds a full 94% rate code generated by AI as being of a higher qualit...
Post a Comment
Read more

Respect and Trust as DevOps Engineering Disciplines 

DevOps has always carried a larger purpose than installing tools, automating pipelines, or improving deployment frequency. Those things matter. I have spent much of my career helping organizations make those things work. Yet the deeper purpose of DevOps is to improve the flow of value through a complex socio-technical system. The system includes tools, platforms, pipelines, environments, tests, controls and production operations. It also includes people, leadership behavior, decision rights, accountability, learning, fear, confidence and trust.   The technical side is easier to see. A failed build is visible. A broken deployment is visible. A production incident is visible. The human side usually fails more quietly. People stop speaking up. Teams wait for permission. Architects argue in private. Security arrives late. Operations becomes defensive. Leaders ask for more status. Engineers learn which truths are safe to tell and which truths create trouble. The organization continues to r...
Post a Comment
Read more

Moonshot AI’s Kimi K2.7-Code Targets Token Efficiency in Agentic Coding

Moonshot AI shipped Kimi K2.7-Code on June 12, 2026 — the fifth major release in the Kimi series in under a year, and arguably the most developer-friendly yet. The model is open-source, available on Hugging Face under a Modified MIT license, and accessible via the Kimi API and the company’s Kimi Code CLI. The headline claim: a 21.8% improvement on Moonshot’s own Kimi Code Bench v2 over its predecessor, K2.6. But the story that matters more for DevOps teams is efficiency, not just capability. Fewer Tokens, Less Waste Moonshot says K2.7-Code cuts reasoning token usage by 30% compared to K2.6. In practical terms, that means developers consume fewer compute resources while getting better results. For teams running coding agents at scale, that’s a meaningful cost reduction — not just a benchmark number. The model uses a Mixture-of-Experts (MoE) architecture with 1 trillion total parameters but only 32 billion active per token, paired with a 256K-token context window. Th...
Post a Comment
Read more

GitHub Removes PAT Requirement for Agentic Workflows

GitHub has quietly removed one of the more annoying friction points in agentic automation — and the security implications are worth paying attention to. GitHub Agentic Workflows can now use GitHub Actions’ built-in GITHUB_TOKEN instead of a personal access token (PAT). That means developers no longer need to create, store, or rotate a PAT to run agentic workflows, eliminating both the operational hassle and the security risks that come with managing long-lived tokens at scale. It’s a small config change. The security payoff is not small. Why PATs Were a Problem Personal access tokens have always carried risk. They’re long-lived, often broadly scoped, and easy to forget about. In an agentic context — where workflows run autonomously, touching repositories, triggering CI/CD pipelines, and interacting with sensitive resources — a leaked or misconfigured PAT can create serious exposure. A recent arXiv paper flagged “agentic workflow injection” as an emerg...
Post a Comment
Read more

AI Is Here to Stay. The Real Challenge Is Operating It Securely

AI-generated code is already in production. Whether we are comfortable with that or not is beside the point. In the OpenStack project, which I have helped steward for more than 15 years, we are seeing developers submit patches built with AI assistance, and sometimes patches composed almost entirely by AI tools. Some of those contributions have already landed in the past release cycle. This is happening in one of the most rigorously governed open source projects in the world. It is happening everywhere else, too. The code generation itself is not the problem. AI is genuinely good at producing computer programs because the structure of code is sufficiently predictable and syntactically constrained to play to the technology’s strengths. The problem is what happens next. Every AI-generated patch still needs to be reviewed for correctness, security, and long-term maintainability. And when code is easier to produce, more code gets proposed, which puts enormous pressure on the human rev...
Post a Comment
Read more