Cloud Architect Nodir Safarov, who leads migration and infrastructure automation for thousands of global clients at SOTI Inc., identifies the architectural failures behind the most common cloud security gaps and the design principles that prevent them.

Enterprise cloud adoption has accelerated faster than enterprise cloud security. As organizations migrate critical workloads to AWS, Azure, and multi-cloud environments, many are discovering that speed and scale have outpaced their security architecture. The result is a growing gap between what companies assume is protected and what actually is.

Most cloud platforms already offer robust native security features. The problem is not the tooling. The problem is architectural: how and when security gets integrated into cloud infrastructure design. In too many organizations, security is layered on after deployments are already running in production, creating vulnerabilities that are expensive to remediate and easy to miss.

We spoke with Nodir Safarov, a Cloud Architect Expert at SOTI Inc., where he leads cloud migration and infrastructure automation initiatives supporting enterprise environments across North America, Europe, and Asia. Drawing on experience from large-scale deployments across multiple industries, Safarov said he repeatedly sees the same architectural missteps create avoidable cloud security gaps, often long before teams recognize the risk. He is known for designing security controls directly into infrastructure-as-code and CI/CD workflows, so teams can enforce consistent guardrails by default rather than relying on post-deployment fixes. In our conversation, Safarov emphasized repeatable design patterns, segmentation, least-privilege access, and audit-ready logging, as the foundations of resilient cloud programs. He added that standardization through code and automation is what makes security sustainable at enterprise scale.

“The patterns repeat across organizations of every size,” Safarov said. “These are systemic issues, and they require architectural solutions. They cannot be patched after the fact.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Based on what he has observed across large-scale deployments, here are the five most common cloud security mistakes Safarov encounters, and the design-level approaches he recommends to prevent them before deployment.

1. Treating Security as a Post-Deployment Layer

This is the mistake that enables all the others. Organizations frequently build their cloud infrastructure first and attempt to secure it second. By the time security teams assess a production environment, the architecture has already been designed around assumptions incompatible with a strong security posture: overly permissive access controls, unencrypted data stores, and open network configurations that were intended to be temporary but never got locked down.

The cost of this approach compounds quickly. Retrofitting security onto an existing architecture means modifying live systems, and every modification introduces risk to production stability. In one enterprise environment Safarov assessed, a temporary open access rule created during initial deployment had persisted for months, quietly exposing internal APIs to the public internet. The configuration appeared healthy by every standard monitoring metric. It was only caught during a manual security review that happened to occur before an incident did.

“The best time to implement cloud security best practices is before the first deployment,” Safarov said. “Build it into your blueprints from day one.”

In practice, this means embedding security controls directly into infrastructure-as-code templates. When Safarov designs Terraform modules and CI/CD pipelines, security policies, network segmentation, encryption standards, access controls, and logging configurations are written into the code itself. Every deployment that uses those templates automatically inherits the security posture, reducing the burden on engineering teams while ensuring consistency. Security becomes a default rather than an afterthought.

2. Underinvesting in Disaster Recovery Architecture

High availability and disaster recovery are among the most critical aspects of cloud architecture, yet they are routinely treated as secondary concerns during the initial build phase. Organizations assume that running in the cloud inherently provides resilience. It does, but only if the architecture is deliberately designed to take advantage of it.

The assumption is understandable. Cloud providers offer availability zones, redundancy, and failover capabilities. But those features require intentional architectural decisions to activate. Without deliberate DR planning, a single infrastructure failure can take critical systems offline with no clear recovery path. The business impact ranges from lost revenue to regulatory penalties, depending on the industry and the duration of the outage.

Safarov has encountered organizations that documented disaster recovery plans but never tested them against their actual infrastructure. When an incident occurred, the recovery procedures assumed configurations that had drifted months earlier, and the recovery plan failed at the first step.

“Every company needs a Plan B for disaster recovery,” Safarov said. “Cloud architects are the ones who oversee that planning and execute it before the first incident occurs. The middle of an outage is the worst time to discover your recovery strategy exists only on paper.”

His approach treats DR as an architectural requirement on par with performance and scalability. Recovery capabilities are built into the foundation and validated through regular testing, not documented once in a compliance checklist and forgotten.

3. Ignoring Cost as an Architectural Constraint

Cloud cost optimization is often siloed as a finance concern, separate from architecture decisions. In reality, cost is architecture. When engineering teams over-provision resources to maintain generous safety margins, or spin up instances without lifecycle policies, waste compounds rapidly across an enterprise. At scale, those margins become one of the highest hidden costs in a cloud program.

The financial impact is significant and self-reinforcing. Organizations that treat cost optimization as an afterthought find themselves locked into architectures that are expensive to maintain and difficult to restructure. Right-sizing resources after the fact means rearchitecting production systems, a far more expensive and disruptive process than designing for efficiency from the start.

Safarov’s experience in enterprise finance before transitioning to cloud architecture gives him a distinctive vantage point on this problem. He approaches resource allocation as a design constraint, not an operational cleanup task.

“Architectures must be high-performing and resilient, but also financially efficient,” Safarov said. “Optimizing resource allocation is a design principle. Ignoring it leads to waste that compounds at enterprise scale, and by the time organizations notice, the cost of correction is significant.”

The fix starts at the design phase. When cost efficiency is treated as a core architectural requirement alongside performance and resilience, every resource decision is intentional. Assets are right-sized from the start, monitored continuously, and justified by the workload they support.

4. Allowing Configuration Drift Through Manual Changes

When cloud infrastructure is configured manually, through console clicks, ad hoc scripts, or undocumented changes, environments inevitably drift from their intended state. What starts as a minor deviation becomes a significant security vulnerability over time, as production configurations diverge from the security baselines they were designed to meet.

Configuration drift is particularly dangerous because it is invisible. Standard monitoring tools track uptime and performance, not whether a security group rule matches the original Terraform specification. The environment may appear healthy by every dashboard metric while harboring misconfigurations that weaken security boundaries or grant unintended access. In multi-tenant enterprise environments, where hundreds of client deployments share underlying infrastructure patterns, a single drifted configuration can cascade across environments before anyone notices.

The solution is infrastructure-as-code and automated CI/CD pipelines that enforce consistency and auditability across every environment. When all infrastructure changes flow through version-controlled Terraform configurations, every modification is documented, reviewed, and reproducible. Drift becomes detectable, and unauthorized changes trigger automated alerts.

Safarov implements this approach through standardized IaC templates and pipeline automation that eliminate manual intervention in production environments. The result is infrastructure that matches its documented design at all times: consistent, auditable, and reliable across every deployment.

5. Relying on Point-in-Time Security Assessments

The final mistake is assuming that a secure deployment remains secure. Cloud environments are dynamic: workloads scale, configurations update, new services are added, and threat landscapes evolve. A security posture assessed at deployment time degrades steadily unless it is actively maintained through continuous monitoring.

Many enterprises rely on periodic security audits or quarterly assessments. These provide valuable snapshots but miss the threats that emerge between assessments: temporary access permissions that become permanent, test configurations that reach production unchanged, and incremental changes that quietly weaken the original security design. In fast-moving enterprise environments where deployments happen daily, quarterly assessments leave months of unmonitored exposure.

Safarov designs cloud systems with continuous monitoring and automated detection built into the architecture. Rather than relying on periodic human review, his systems use automated alerting to detect configuration anomalies, access pattern changes, and policy violations as they occur. When a new resource is deployed outside the approved IaC pipeline, the monitoring layer flags it immediately rather than waiting for the next scheduled audit.

“Security is a continuous process, and the architecture should enforce that,” Safarov said. “If your monitoring only tells you what happened last quarter, you are always reacting to problems that have already caused damage.”

The Common Thread

Across all five of these mistakes, the root cause is the same: treating security as a layer rather than a principle. When security is a layer, it can be skipped, deferred, or underfunded. When security is an architectural principle, it is embedded in every template, every pipeline, and every design decision from the first line of code.

Reliability, security, and cost efficiency are not competing priorities. They are interdependent, and the strongest cloud architectures treat them as a single design challenge. The organizations that get this right build security into their foundations. The organizations that get it wrong spend years and significant resources trying to retrofit what should have been there from the start.

Bangalore-based Avataar AI has launched Varya, one of India’s first homegrown video AI models. It generates video at roughly $0.005 per second, or 0.48 rupees. Founder Sravanth Aluru, a former Deutsche Bank investment banker and Microsoft and IIT Mumbai alum, says that is 27 times cheaper than comparable open-source video models.

The cost advantage comes from distillation. Avataar started with Alibaba’s Wan 2.2, a publicly available video generation model, and compressed its capabilities into a leaner version that runs in four steps instead of 50. The result is ten times faster generation at a fraction of the cost. Models like Veo, Kling, Luma, and Runway typically charge $0.10 or more per second.

Varya is not trying to compete with US and Chinese frontier models on quality. ByteDance’s Seedance, Kuaishou’s Kling, and Alibaba’s Wan are pushing motion realism and audio generation far beyond what Varya offers. The pitch is scale and accessibility in a market of 1.4 billion people where cost competitiveness matters more than peak performance.

What makes Varya distinct is cultural specificity. Rather than retrofitting a Western-trained model, Avataar used curated data to train Varya to render Indian clothing, food, architecture, festivals, and everyday settings accurately. Global models trained primarily on Western datasets consistently fail at this, producing culturally wrong outputs that limit their usefulness for Indian businesses, education, and public services.

The model is open-weight and will be released on India’s AIKosh portal, the government’s centralised repository for AI models and datasets. Avataar is one of 12 startups selected for the IndiaAI Mission, a roughly $1.2 billion initiative that gives selected companies access to subsidised GPU compute in exchange for releasing their models publicly.

Avataar has raised $55 million from Peak XV Partners and Tiger Global. The company originally focused on creating video tools for e-commerce. Varya is its first foundation model, reflecting a broader trend of Indian startups building sovereign AI rather than renting Western infrastructure. Sarvam and BharatGen launched their own foundational models earlier this year under the same programme.

India’s AI strategy is different from Europe’s or China’s. It is not trying to build the biggest model. It is trying to build models that work for its population at a price its market can absorb. At $0.005 per second, Varya is testing whether a video model optimised for affordability and cultural relevance can gain adoption faster than a technically superior but expensive Western alternative. In a country where AI startups are already building for local needs at scale, the answer may well be yes.

Anthropic says it’s disabling two AI models it launched earlier this week, Claude Fable 5 and Mythos 5, to comply with an export control directive it received Friday afternoon from the US government citing national security concerns.

The unprecedented incident marks the latest flashpoint between Anthropic and the Trump administration. While the company says the order asked it to suspend access to “any foreign national, whether inside or outside the United States, including foreign national Anthropic employees,” it has removed access for all of its customers to ensure compliance.

Earlier this year, Trump’s Department of Defense labeled Anthropic a “supply chain risk” after the Claude-maker sought to draw red lines over how the US military could use its technology. The designation effectively barred government agencies and contractors from using Anthropic’s technology. Anthropic responded by filing lawsuits against the Trump administration.

On Tuesday, Anthropic publicly released Claude Fable 5, a version of the company’s Mythos AI model with safeguards that prevent it from answering questions about cybersecurity, biology, and chemistry. Prior to the public release, which Anthropic said it had conducted in collaboration with the US government, the Mythos Preview AI model had a limited rollout in April. The goal was to give companies and organizations an opportunity to use its powerful cybersecurity capabilities to improve their defenses, and stem concerns that the technology could be exploited by bad actors to develop powerful hacking tools.

In a blog post on Friday, Anthropic says it received a letter from the US government at 5:21pm ET. “The letter did not provide specific details of its national security concern,” Anthropic wrote.

“Our understanding is that the government believes it has become aware of a method of bypassing, or ‘jailbreaking’ Fable 5,” the company added. “We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass.”

In the blog post, the company argued that it has implemented strong safeguards to reduce the likelihood of Claude Fable 5’s misuse. Anthropic also claimed that the jailbreak the US government found for Claude Fable 5 was narrow, and would not have made an attacker meaningfully more dangerous than they would have been with another AI model.

“To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws,” the company said in its blog post. “Our understanding is that one potential jailbreak was shared with the government.”

Spokespeople for the White House and US Commerce Department did not immediately respond to WIRED’s request for comment.

Anthropic CEO Dario Amodei said in a policy essay earlier this week that he and the company support a fair, structured, and transparent government process that would block the release of unsafe AI models. In the company’s blog post on Friday, Anthropic argued that “this action does not adhere to those principles.”

from the it-only-gets-worse dept

A couple weeks ago I wrote 6,000 words about the Reckless Ben/Bricks & Minifigs LEGO mess and concluded that pretty much everyone involved had made serious mistakes — with the Utah contingent (Bricks & Minifigs corporate, Joshua Johnson, Brandon Best, and the American Fork police) looking the worst of all. That take upset basically everyone: some felt I was too hard on Reckless Ben, some felt I was too easy on the American Fork police, and probably a few people just resented spending that much time reading about legos. Since then, a lot more has come out, and the situation has only gotten murkier. My original read still holds up, but the Utah folks look even worse, and some of the other players are looking sketchier too.

And, I think it’s fair to say, mistakes were made by pretty much everyone involved.

Just as before, many of the new details are in long YouTube videos, but if you want watch just one, start with this one by Stephen Findeisen, who is better known as Coffeezilla and who regularly researches financial and cryptocurrency scams:

That video goes deep — Findeisen gets basically everyone on the phone at some point or another (except the cops), accesses a ton of evidence not previously public, and, unlike most of the earlier YouTube coverage, actually tries to find the truth instead of just stoking outrage.

He makes a few points that are hard to argue with:

• The Lego collection was never actually worth $200k (we had suggested this in our initial post as well). It was probably closer to $100k (and possibly a bit less).
• Some of it was definitely sold before all this, but much of it had not been.
• Plenty of it clearly remained in the store after Brandon Best showed up the night in November 2024 to kick out Law and take over the store.
• Best also showed up with a U-Haul truck, and there are some (slightly conflicting) reports that he subsequently appeared at his other Oregon Bricks & Minifigs store with a bunch of Star Wars Lego sets. Bricks & Minifigs corporate initially insisted this was false and said he showed up in a rental car. But Coffeezilla has visual proof of a U-Haul parked outside that night, which is pretty damning, which led Bricks & Minifigs to revise their story with a complicated one about hauling a camper trailer, which doesn’t make that much sense.
• Coffeezilla dropped this thread, in part because of a disagreement over the timeline, though it’s not clear to me that the timeline doesn’t really line up. It seems entirely possible that Best could have taken a bunch of legos out of the Gormans’ old store and taken them to his other store and then returned the U-Haul truck.
• Law & Gorman appear to have sold some of Mansell’s collection and not paid him for that, and it could be a lot of money. Law admits that she may have been a bit sloppy on the record keeping, saying she hadn’t done an inventory in a while and suggesting employees maybe hadn’t told her when certain sets from the collection were sold. But there’s also a credibility problem regarding sets that were listed as being on layaway, but where the spreadsheet suggests they were actually sold, but not accounted for as sold.
• To her credit, she admits it’s possible she owes Mansell some money and that if she can see evidence of this she will make sure that Mansell is paid what he is owed. But given how quick the Gormans were to insist this was entirely Bricks & Minifigs corporate who were the problem, it’s not a good look.
• Bricks & Minifigs corporate claims that there were about $5k worth of Star Wars legos left. That appears to be bullshit and wouldn’t really help their case, because even if it was just $5k of Mansell’s legos, those are still stolen legos.
• Bricks & Minifigs’ CEO and COO (the McNeff brothers) claim that they never were sent a spreadsheet of the collections, and the best moment in the video is when Coffeezilla points out that the Google Docs spreadsheet he’s been using is owned by their account and has been sitting there since 2024. That really makes the McNeffs look sketchy.

That video also includes dueling photographic and videographic evidence of what was in the store the night Best kicked the Gormans out (as well as a few weeks earlier when Best apparently surreptitiously filmed inside the store to see what was there). There are way more empty shelves the night Best kicked out Law & Gorman, but they say that’s because they had moved the high value consignment items to the safes they had purchased for that purpose, which were in the back. Later in the video Coffeezilla shows the McNeffs additional images from Law that appear to show Star Wars lego sets in what appears to be a safe, and which Matt McNeff (the company’s COO) admits they don’t appear to have listed in their own spreadsheet, which they had originally said was a complete listing of all the Star Wars legos in the store the night they took it over.

The McNeffs still look terrible, and Brandon Best also looks a bit sketchy. But it also appears that Law & Gorman’s record keeping was pretty sketchy as well, and while the McNeffs have gone overboard in claiming that they were responsible for Mansell’s “missing” legos, it does appear likely that Law owes Mansell for a decent number of Star Wars legos her store sold.

As for the American Fork Police department and Brandon Best’s partner, Joshua Johnson, we need a different video, this one from Legal Eagle. It breaks down just how many things they did wrong:

There were a lot of assumptions made about the police department, particularly around how they redacted the footage they released to Schneider. There was plenty of smoke, but no actual fire. As it turns out, beyond possibly being corrupt, the American Fork Police Department might also just be incompetent: they accidentally uploaded all the unredacted bodycam footage, which is now available on the Internet Archive.

Schneider initially claimed a hacker obtained the videos, which raised some questions about provenance. Once the department itself admitted the release was accidental, that question went away — and what’s in the footage is pretty hard to explain away. The police were way too credulous with Johnson. The “refusing to accept service” situation alone is maddening: Johnson claims the lawsuits are fake, the officer calls the court and confirms they’re real, and then… still lets Johnson refuse service. Beyond that, there are the extended traffic stops on no real probable cause, and the arrests on a search warrant instead of an arrest warrant — and they didn’t even find what they were looking for. Legal Eagle walks through all of it, and it’s a long list of failures.

Schneider is a more complicated case. He’s clearly one of the good guys here, and the attention he generated did move the needle when nothing else was. But some of his own claims haven’t held up. He never independently verified the value of the collection — and in the Coffeezilla video, he appears genuinely surprised it’s nowhere near $200k, which is a bad look for someone who made that figure central to his coverage. The small claims court situation is worse: Schneider said Johnson and Best had defaulted on those cases, but they were basically all dismissed for being filed against the wrong defendants, or never properly served. In a followup video, Reckless Ben admits he thought he’d won by default simply because he and his friends filed for default. Which goes back to the original point: talk to a lawyer, even just for an hour.

The Mexico situation is its own category of self-inflicted damage. In multiple videos he’s mentioned that after facing criminal charges he had fled to Mexico and joked about how Utah law enforcement can’t reach him there. Whether or not he actually left the country, publicly bragging about being a flight risk while facing criminal charges is exactly the kind of thing that hands prosecutors an easy argument. He has real defenses available to him. This doesn’t help.

And then there’s Law & Gorman, who aren’t villains, but they aren’t blameless either. It appears Law owes Mansell for a fair number of sets her store sold without paying him out — and the record-keeping problems aren’t fully explained by sloppy bookkeeping. The layaway-versus-sold discrepancy in the spreadsheet is a credibility problem, not just an accounting one. To her credit, Law has said she’ll make it right if shown the evidence. But the Gormans were also quick to frame this entire situation as purely a Bricks & Minifigs corporate problem, and that framing looks increasingly incomplete.

Every side of this story is a disaster. We’ve got a corporation willing to say anything to save face, a police department that accidentally leaked its own bad behavior, franchise owners who likely shortchanged their client, and a YouTuber whose good intentions were undercut by bad execution. About the only thing missing is anyone who actually handled this well.

Filed Under: american fork pd, ammon mcneff, ben schneider, benjamin gorman, bryan mansell, chrystal law, consignment, legos, matt mcneff, reckless ben, utah

Companies: bricks & minifigs

Yen-Ling Kuo always wanted to understand how things worked. When she was growing up in Taiwan, reading the story of Michael Faraday in elementary school piqued her curiosity about the natural world. During that time, she was introduced to Logo, a computer program with a turtle cursor to help children learn basic coding through hands-on experimentation.

It was Kuo’s introduction to programming logic.

In high school she learned the capacity computers held. She could write programs that completed tasks independently, she realized.

“Once I discovered how powerful computers could be,” she says, “I knew I wanted to focus on using them to solve real-world problems.”

Kuo, an IEEE member, never lost her interest in the “how” behind processes and tools. Her curiosity, combined with a stint working at a Silicon Valley company, led her to focus on innovations that live at the intersection of cognitive and computer sciences.

Kuo, now an assistant professor of computer science at the University of Virginia in Charlottesville, last year received the IEEE Robotics and Automation Society’s inaugural Outstanding Women in Robotics and Automation Early Career Contribution Award. The award is part of the IEEE-RAS Women in Engineering’s Outstanding Women in Robotics and Automation (WiRA) Paper Awards, which promote excellence and recognize the impact that female researchers have on robotics and automation fields at different stages in their academic careers.

Kuo’s winning paper, “Diff-DAgger: Uncertainty Estimation with Diffusion Policy for Robotic Manipulation,” demonstrates a novel method to help robots better identify and estimate uncertainty when faced with scenarios on which they’ve not been trained. The method reduces the amount of human supervision, improves a robot’s rate of successful task completion, and opens up a path to introduce more complex models with bigger data demands into interactive robot learning.

She says her research will help people working in the robotics and automation fields more efficiently collect the data needed for effective model training.

Silicon Valley’s impact

Kuo earned bachelor’s and master’s degrees in computer science at the National Taiwan University, in Taipei, in 2009 and 2012. As she was nearing completion of her master’s degree, she did what many computer science graduates do: She pursued a summer internship at a tech company.

She spent the summer of 2011 at Google’s campus in Kirkland, Wash., working on the company’s comparison ads project.

When her internship ended, she joined the MIT Media Lab as a visiting student, working on the Open Mind Common Sense project with Henry Lieberman.

As she was considering pursuing a Ph.D., a call from Google changed her plans. The company offered her a full-time role as a software engineer.

“I viewed the job offer as a positive development,” she says. “I believe it can never hurt your future research career to get some real-world experience under your belt.”

She was hired in 2012 and helped build techniques that incorporate computer vision and natural language processing to improve the customer shopping search experience. She led the company’s Shop the Look initiative, a predecessor to Google’s current AI-powered shopping experience. The project connected social media content with search results, something the company had struggled to do in the past.

Kuo and her team were tasked with building a connection between the natural language people use to describe an item and an image that matches the searcher’s intent. It was at a time when the neural network—using deep learning models to power Google products—was gaining momentum at the company. Integrating neural network tools into her work was a requirement—which raised questions for Kuo.

“I was applying the neural network tools,” she says. “But I didn’t have 100 percent certainty about how they actually worked.”

She considered how she could become more knowledgeable about deep learning models. It was a full-circle moment. She decided that after nearly four years at Google, it was time to earn a Ph.D. in computer science. She returned to MIT in 2016.

The question that changed everything

Boris Katz, one of Kuo’s Ph.D. advisors, is a principal research scientist and the head of the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL)’s InfoLab. He also led the creation of the START Natural Language System, the world’s first Web-based question-answering system.

When the two met, Katz asked Kuo why she wanted to pursue a doctorate degree. She explained her interest in understanding how neural networks work and in using that knowledge to connect the physical world with human language.

He suggested she attend a summer course at MIT’s Center for Brains, Minds, and Machines, a research initiative that ran from 2013 through 2025. CBMM’s objective was to bring together computer scientists, cognitive scientists, and neuroscientists to understand how human intelligence works. The goal was to use the resulting insights to establish an engineering practice to build artificial intelligence systems.

For Kuo, it was a chance to better understand human intelligence and identify ways it could be replicated in machines.

“It was an opportunity for me to interact with other scientists and gain insight into how people learn, understand, and figure things out in the world,” she says. “I saw it as a very useful and inspiring way to incorporate those ideas into my own research work.”

During her Ph.D. studies, she was a research assistant at CSAIL. The experience helped shape her doctoral research, which focused on building AI systems that apply past learning to new situations. She developed machine learning models to support the efforts, including language understanding and social interactions.

She completed her Ph.D. in computer science in 2022 with a minor in cognitive science.

After graduation, she continued her work and collaboration at CSAIL, particularly on projects that involved the “theory of mind” concept.

Theory of mind isn’t new, having originated with primatologists studying chimpanzees in the late 1970s. The theory recognizes that others have their own thoughts, beliefs, and perspectives. It’s a skill that allows humans to infer someone’s mental state and predict their behavior without verbal communication.

“It’s like when college roommates are moving into their dorm. They may not talk too much, but they work together naturally to coordinate their activities and accomplish goals,” Kuo says. “They can infer and mentally interpret each other’s behaviors and signals to make decisions and complete tasks without words.”

She brought her theory of mind research to the University of Virginia when she joined as an assistant professor in 2023.

Kuo conducts her research in UVA Engineering’s multidisciplinary cyberphysical Link Lab. Her broad focus is on developing computational models that help robots interpret both direct data and silent signals, from language and movements to a person’s gaze. If successful, it could give robots the same sort of physical and theory of mind reasoning capabilities that power physical and social interactions among humans.

“There are no computational frameworks yet available that will translate this kind of understanding into a robot efficiently,” she says.

She adds that the process to get there begins with improving how robots learn to perform tasks.

The evolution of robot learning

Historically, one way robots learned was to mimic humans. A researcher would manually guide a robot through a task, like cutting an apple, and it would repeat the movements. The robot was successful until the environment changed, such as when its hand was in a different position or the apple was at a different angle. The robot was then faced with a situation for which it hadn’t been trained. Without any data available to help it correct course, the robot would start making small errors that eventually led to a full system crash.

This diagram describes how the robotic gripper’s visual perception and tactile sensing prevents a potato chip from breaking.Xuhui Kang, Yen-Ling Kuo, et al.

To solve the problem, researchers developed the dataset aggregation (DAgger) method. As a robot performed a task, a researcher was on standby to provide real-time corrections during unexpected scenarios. The correction data was continuously added to the robot’s model, teaching it how to recover from mistakes.

To reduce the human monitoring effort, robot-gated DAgger was created to enable bots to query humans when the machines became uncertain.

The most popular approach to make the query decision is to train multiple models to consider when determining a course of action. If the models all agree, the robot proceeds. If they don’t agree, the robot is likely to get stuck and ask for help.

Although the multiple model approach was widely adopted, it has limitations. Practically speaking, as models become more complex, it is hard or impossible to train multiple copies. A more fundamental issue is that disagreement among models doesn’t always imply uncertainty; it could just mean there are different ways to accomplish a task.

The Diff-DAgger solution

That is the gap Kuo’s research team closed with the novel Diff-DAgger research. The approach builds on diffusion policy, a technique that helps robots account for different ways a task can be performed.

The new method repurposes diffusion loss, the signal a robot uses to improve its model during training, as a real-time confidence check. During task execution, the robot computes the signal and compares it against values from its training data using a statistical test. The signal spikes when the robot faces an unfamiliar situation and is uncertain how to proceed. The signal stays silent when the robot’s current action is close to what it learned before.

The spike represents the robot’s ability to self-diagnose and predict an imminent failure. Human intervention is triggered only when the signal spikes. No spike means the robot can be left to complete its decision-making process on its own.

Kuo’s team achieved significant results: Failure prediction rates were improved by 39 percent. Task completion rates were increased by 20 percent, and tasks were completed nearly eight times faster.

Her research at UVA gained attention from the National Science Foundation, which honored her last year with a Career Award, the foundation’s flagship grant for early-career researchers. The five-year US $665,000 grant supports her research that builds computational models for human-robot interactions through theory of mind reasoning.

She also received the Toyota Research Institute’s Young Faculty Researcher Award to teach cars to reason about interactions on the road and with the driver.

As service robots and self-driving vehicles become more available, such works are likely to make interactions between humans and robots more intuitive and useful.

Kuo ultimately wants to build more robust robots that are able to integrate into a social space with humans by engaging with us through grounded interactions, she says.

The impact of IEEE

Like many IEEE members, Kuo was introduced to the organization as a student. In 2018 she submitted her first paper, “Deep Sequential Models for Sampling-Based Planning,” to the IEEE/Robotics Society of Japan International Conference on Intelligent Robots and Systems while pursuing her Ph.D. at MIT. Her IEEE involvement grew alongside her professional career.

“It was a natural segue to transition from student to a full IEEE member,” she says. Today she is an active volunteer with the IEEE Robotics and Automation Society, a reviewer for submitted papers, and a presenter and panelist at conferences.

She says one of the best parts of attending conferences is having the opportunity to engage with students. She also enjoys participating as a panelist at luncheons, she says, because it gives her one-on-one time with student attendees. She can share her knowledge and offer insights as they prepare to embark on their career.

Her goal in the coming years, she says, is to broaden her involvement with IEEE initiatives and branch out to other technical committees. Sharing knowledge and learning from others is essential to anyone’s career growth, she says, and “IEEE offers a great opportunity for both.”

systems

We’re moving as fast as we can, says SK Group chair

Amid the unrelenting demand for AI infrastructure, SK Hynix, the world’s largest supplier of HBM memory used in high-end GPUs, now expects to triple its wafer capacity. You’ll just have to wait through two more US presidential elections and then some.

All that capacity won’t come online until 2034, SK Group Chairman Chey Tae-won told Nikkei Asia in a recent interview.

SK Hynix’s valuation has soared in recent months. The company is one of three major producers of NAND flash and DRAM memory, large quantities of which are required to support the burgeoning AI inference market. Samsung and Micron are the other two major players in this space.

This demand has led to skyrocketing memory prices for consumer DRAM and SSDs, some of which have more than tripled in price compared to this time last year. SK Hynix and the other major memory makers meanwhile have seen their revenues explode.

Chey’s comments come just a week after SK Hynix said that it planned to double its production capacity within the next five years.

“Our calculations show that our wafer capacity will double within five years. But honestly once all these facilities are built, it won’t just double, it will triple by around 2034,” Chey told Nikkei.

SK is in the process of bringing four additional wafer fabs online, with the first phase reportedly on track to come online as early as 2027.

The South Korean memory slinger had previously planned to ramp production of these facilities over the next two decades, but has pulled in its timeline in hopes of satiating AI’s memory addiction.

“There is currently no way to move faster than this,” Chey told the newswire.

While much of this capacity will be built on SK’s home turf, the company is exploring its options for overseas manufacturing, with Japan being one of the potential destinations, with Chey calling it an “excellent” candidate due to its robust semiconductor supply chains.

Unfortunately, the buildout is unlikely to drive down memory prices for consumers any time soon. As we previously reported, memory prices are not expected to peak until later this year at the earliest. Analysts warn that memory prices are more likely to plateau going into 2027 rather than plummeting like we’ve seen in past DRAM and NAND boom-bust cycles.

These boom-bust cycles have been a fact of life for commodity electronics manufacturers, like SK Hynix and Samsung, for years. Prices typically spike as inventories are drawn down and crater as new capacity is brought online.

On the one hand, AI infrastructure demand has helped to stabilize this to some extent. On the other hand, the AI boom kicked off in 2022 at what was arguably the worst possible time. 

“This demand started in the Valley for the DRAM industry. That makes financially trying to build additional capacity really challenging,” TechInsights analyst James Sanders told El Reg late last year.

Business is once again booming for memory vendors presenting ample opportunities for labor disputes over competition as well as fab expansions. Unfortunately, there’s no changing the fact that the fastest anyone can bring a leading edge memory fab online is about three years. ®

Anyone who works at Meta or knows anyone who works at Meta will tell you the same thing: It is not a happy place, particularly given the seemingly endless layoffs the company has executed over the last few years — cuts that have only accelerated as the company funnels billions into AI.

Now, a new report in Wired suggests the company’s Applied AI team is on the verge of revolt.

The drama kicked off when someone hijacked a livestreamed, employee-only presentation this week with an expletive-laden meltdown, demanding that attendees tell a senior Meta AI executive that he was “a piece of sh*t.” One presenter reportedly covered their face with their hands.

That outburst, Wired reports, reflects simmering rage inside the three-month-old unit of roughly 6,500 engineers and product managers who have been tasked with supporting the company’s AI research ambitions.

Employees describe being forced into the group with no real choice: join or quit. Many call themselves “draftees.” Their assigned work? Generating puzzles and coding problems to train AI models. “It’s literally the gulag,” one employee told Wired. “Most people find the work soul-crushing,” said another.

A report last month in Business Insider shed light on how many employees learned they’d be moved into the group — through a surprise email, a process that one self-described draftee described later on Reddit as “quite random.” According to an internal announcement in April reviewed by Business Insider, Meta’s AI models still lacked the knowledge to outperform humans at technical tasks like coding. “For agents to understand how people actually complete everyday tasks using computers, we need to train our models on real examples,” the post read.

In a leaked audio recording from an internal meeting that same month, Meta CEO Mark Zuckerberg explained the logic behind drafting Meta’s own engineers rather than outside contractors: Alexandr Wang — who sold his data-labeling startup Scale AI to Meta for $14.3 billion before taking the chief AI officer role and heading up Meta Superintelligence Labs — knows the data-labeling world well, and the company believes Meta’s average employee has “significantly higher” intelligence than third-party contractors. Better, then, to enlist them.

Meanwhile, more than 1,600 Meta employees company-wide have signed a petition protesting a program that monitors their clicks and keystrokes for AI training data. The mood across the company is dark enough that Meta’s chief product officer, Chris Cox, felt compelled to address the “brutal” environment on a call with employees this week.

TechCrunch has reached out to Meta for comment.

According to earlier reports, the Applied AI team is led by Maher Saba, a 12-year veteran of Meta who was previously a vice president in its Reality Labs division, the division that burned through $83 billion on the metaverse before Meta moved on to AI. The new organization reports up to Meta CTO Andrew Bosworth.

Originally, it was structured in such a way that up to 50 employees reported to one manager.

Zuckerberg, for his part, reportedly addressed the situation in an internal memo Friday, acknowledging that recent changes had “caused distress” and admitting the company had made mistakes that it plans to address. According to Wired, he added in his memo that “Meta’s north star is to be the best place for the most talented people in the world to make an impact.”

ai and ml

AI agents can’t be trusted, so don’t give them dangerous powers

NanoClaw, a secure agent framework, has partnered with supply chain platform JFrog to allow AI agents to fetch resources from JFrog’s reviewed registries.

Gavriel Cohen, creator of NanoClaw and co-founder of NanoCo AI, announced the tie-up on Thursday evening in San Francisco at a JFrog event that concluded with a World Cup watch party.

Cohen explained that one of the features of Claw agents – OpenClaw and variations like NanoClaw – is that they can improve themselves by fetching tools and resources that they don’t have.

That works fine, he explained, when there’s a manual approval process for accessing known local data. But it’s not ideal for npm packages, even when the agent involved is sandboxed and isolated as it is in NanoClaw. Malicious code within a container may still be able to take harmful actions, even if the scope of potential activity is constrained.

Developers, Cohen said, may not be familiar with a given package and it can take time to thoroughly assess whether a package is legitimate and uncompromised.

“So we teamed up with JFrog and we integrated NanoClaw with JFrog’s registries,” said Cohen.

The arrangement provides a way to reduce the agent’s exposure to untrusted content. When the agent downloads new tools and libraries, the software comes from a vetted source.

Cohen also announced the availability of what he called an agent factory, his company’s homegrown system used to handle pull requests (PRs) using NanoClaw agents.

The agent factory, he explained, is an attempt to triage pull requests, which have surged thanks to AI coding agents.

“It’s very easy now to point a coding agent at a repo and say, ‘open a pull request for this repo,’” he explained. “And it’s very difficult as a maintainer to tell the difference between a high quality contribution from somebody who’s really using the open source project versus someone who’s just trying to build up the reputation [using automated methods]. So to help us tackle this, we built an agent factory that helps us review every single contribution to NanoClaw.”

The agent factory is referred to as the PR Factory in the actual pull request. It’s built with NanoClaw and hosted on exe.dev, a service that provides VMs with persistent storage.

“When a PR opens, the factory spins up a dedicated worker agent for it, posts a thread to Slack, and the worker triages the change, reviews the diff, and proposes a test plan,” Cohen explains in the documentation. “Nothing consequential happens on its own: merges, test runs, and credentialed GitHub actions each surface as an approval card in the thread, and only fire when a human clicks approve.”

Cohen acknowledged that some developers will think it’s madness to process unsanitized PRs that could contain prompt injections or unsafe code. And he asked the assembled audience of developers how many had seen the phrase on the projected slide: “Never, ever, ever do this.”

Anyone who has spent time using and configuring AI agents in a development context has seen something of the sort in configuration files like Claude.md, which gets loaded as instructions to the underlying agent and model.

“If you see something like this in the Claude.md file and the agent instructions say, ‘Important: Never run drop database production,’ it tells you two things. You know that that agent has deleted a production database before. And you know that it can actually still do it again. That’s why the instruction is there.”

This elicited a knowing laugh from the audience.

Cohen went on to say that the agent will do it again because instructions are not a way of enforcing security or safety.

“Instructions help steer an agent AI towards valuable output, but it’s not a safety mechanism,” he said. “The only way to reliably prevent an agent from taking undesired action is not allowing it to take that action, not giving it the ability to take the action.”

That is the purpose of NanoClaw. ®