Explore the latest engineering posts and summaries

Search by topic, company, or concept and scan results quickly.

Posts indexed584

Last indexedApr 30, 2026

GitHub EngineeringMar 11, 2026

Addressing GitHub’s recent availability issues

Why it matters: This post highlights how rapid scaling and architectural coupling can turn localized issues into platform-wide outages. It provides lessons on managing cache TTLs, the risks of latent configuration errors in failover systems, and the necessity of robust load-shedding mechanisms.

Rapid usage growth and architectural coupling caused localized issues to cascade across GitHub's critical services.
A 10x increase in API traffic from client apps combined with a cache TTL reduction overwhelmed core authentication database clusters.
A telemetry gap triggered security policies that blocked VM metadata access, leading to a global GitHub Actions outage.
Latent configuration issues in Redis failover mechanisms left clusters without writable primaries, requiring manual mitigation.
GitHub is redesigning its user cache system and segmenting database clusters to accommodate significantly higher traffic volumes.
Engineering teams are prioritizing the isolation of critical dependencies to prevent shared infrastructure failures from impacting Git and Actions.

#sre #dist

Read original

Salesforce EngineeringMar 11, 2026

Beyond CRM: How Salesforce Engineered an Enterprise Agent Platform for Any Workload

Why it matters: It demonstrates how to build a scalable, trust-first AI agent architecture. By integrating deterministic graphs with unstructured data and open standards like MCP, it provides a blueprint for enterprise-grade AI orchestration and governance beyond simple chat interfaces.

Salesforce is evolving its architecture into a general-purpose enterprise agent platform capable of handling non-CRM workloads through Agentforce and Data 360.
The platform uses AgentScript and AgentGraph to provide deterministic structure and orchestration for non-deterministic AI reasoning flows.
Data 360 acts as a unified context system, harmonizing structured and unstructured data with deep metadata enrichment for more accurate agent grounding.
A dedicated trust layer manages identity, credential context, and policy enforcement to protect against prompt injection and unauthorized data access.
The architecture supports open standards like Model Context Protocol (MCP) and Agent-to-Agent (A2A) for cross-platform tool invocation and orchestration.
Agents utilize short-term, long-term, and episodic memory combined with user personalization profiles to improve reasoning reliability.

#data #mlp #security

Read original

Cloudflare BlogMar 11, 2026

Slashing agent token costs by 98% with RFC 9457-compliant error responses

Why it matters: Engineers building AI agents can now handle network errors programmatically and cost-effectively. By replacing verbose HTML with structured data, Cloudflare enables agents to make deterministic decisions like exponential backoff while slashing operational token costs by 98%.

Cloudflare now serves RFC 9457-compliant structured error responses in JSON and Markdown specifically for AI agents.
The new formats replace heavy HTML error pages, reducing payload size and LLM token consumption by over 98%.
Agents can trigger these responses by sending specific Accept headers such as application/problem+json or text/markdown.
Responses include machine-readable metadata like retryable status, retry_after durations, and specific error categories.
The implementation currently covers all 1xxx-class errors, including rate limits, WAF blocks, and DNS resolution issues.
This system requires no configuration from site owners and maintains standard HTML responses for browser-based traffic.

#dist #mlp #sre

Read original

Cloudflare BlogMar 11, 2026

AI Security for Apps is now generally available

Why it matters: AI apps introduce probabilistic attack surfaces like prompt injection that traditional WAFs can't stop. Cloudflare's GA release provides automated discovery and specialized guardrails to secure LLM endpoints and agents without requiring model-specific integrations.

Cloudflare's AI Security for Apps is now generally available, providing a reverse proxy layer to protect LLM-powered applications and agents.
AI endpoint discovery is now free for all customers, using behavioral analysis to identify AI-integrated endpoints across web properties.
The platform detects prompt injection, PII exposure, and toxic content, attaching metadata to requests for mitigation via WAF rules.
New custom topic detection allows organizations to define and flag specific off-policy categories relevant to their business domain.
Custom prompt extraction enables security teams to define where LLM inputs reside within non-standard JSON structures for accurate inspection.
The solution addresses risks highlighted in the OWASP Top 10 for LLM Applications, such as sensitive information disclosure and unbounded consumption.

#security #mlp

Read original

GitHub EngineeringMar 10, 2026

The era of “AI as text” is over. Execution is the new interface.

Why it matters: This shift transforms AI from a chat interface into programmable infrastructure. By embedding execution engines into apps, developers can build resilient, context-aware systems that handle complex multi-step tasks without brittle, hard-coded logic or custom orchestration layers.

The GitHub Copilot SDK enables developers to embed agentic execution and planning directly into their own applications.
Shift from hard-coded scripts to intent-based delegation where agents plan, modify files, and recover from errors autonomously.
Integration with the Model Context Protocol (MCP) allows agents to access structured runtime data like API schemas and dependency graphs.
AI capabilities are moving beyond the IDE into background services, desktop apps, and event-driven systems.
The SDK provides a production-tested orchestration layer, reducing the need for teams to build homegrown AI stacks from scratch.

#mlp #dist

Read original

Cloudflare BlogMar 10, 2026

Building a security overview dashboard for actionable insights

Why it matters: Security teams are overwhelmed by data noise. This architecture demonstrates how to transform massive telemetry into prioritized, actionable insights using a distributed system of specialized microservices, reducing incident response times and closing critical configuration gaps.

Cloudflare revamped its Security Overview dashboard to prioritize actionable 'Security Action Items' over raw data visibility, reducing noise for security teams.
The system addresses the 'configuration gap' by surfacing the status of security tools, identifying when features are inactive or incorrectly set to 'Log Only' mode.
The backend architecture utilizes specialized microservices called 'checkers' that scale independently to process over 10 million insights daily.
Checkers operate via two mechanisms: scheduled deep-inspection tasks for complex configurations and real-time event handlers for immediate risk detection.
Deep-linking between the overview and analytics dashboards reduces the 'tab switching tax' by automatically applying relevant filters during incident investigation.
Action items are categorized by criticality and type, allowing defenders to move from reactive monitoring to proactive control of their security posture.

#security #dist #data

Read original

Cloudflare BlogMar 10, 2026

Investigating multi-vector attacks in Log Explorer

Why it matters: Engineers need holistic visibility to combat multi-vector attacks. By centralizing edge telemetry and Zero Trust events, teams can correlate disparate signals, significantly reducing detection time and improving forensic accuracy without managing complex log pipelines.

Cloudflare Log Explorer integrates 14 new datasets to provide 360-degree visibility across Application Services and Cloudflare One portfolios.
The platform correlates telemetry from HTTP requests, L3/L4 network logs, and Zero Trust events to identify sophisticated multi-vector attacks.
Zone-scoped logs capture edge interactions like DNS queries, WAF events, and Page Shield audits before traffic reaches origin servers.
Account-scoped logs track identity-based authentication, administrative changes, and device posture to monitor internal security health.
Centralized logging at the edge helps security analysts reduce Mean Time to Detect (MTTD) by providing a unified interface for deep-dive forensics.

#security #data

Read original

Cloudflare BlogMar 10, 2026

Translating risk insights into actionable protection: leveling up security posture with Cloudflare and Mastercard

Why it matters: This integration automates the discovery of shadow IT and unprotected assets, allowing engineers to close security gaps before exploitation. By combining outside-in scanning with immediate remediation via Cloudflare's proxy, teams can maintain a robust security posture at scale.

Cloudflare is integrating Mastercard’s RiskRecon to provide continuous discovery and monitoring of an organization's entire internet footprint.
The solution uses outside-in scanning to identify shadow IT, forgotten subdomains, and unauthorized cloud servers using only public data.
Discovered assets can be immediately secured by routing traffic through Cloudflare’s proxy, enabling WAF and DDoS protection without code changes.
RiskRecon assigns criticality levels to hosts, helping security teams prioritize remediation for systems handling sensitive data.
Data indicates that proxied systems show 53% fewer software vulnerabilities and 98% fewer instances of malicious behavior compared to unproxied ones.

#security

Read original

Salesforce EngineeringMar 9, 2026

Engineering Platform Trust: Cutting Customer Case Volume 20x with Petabyte-Scale Health Signals

Why it matters: This system demonstrates how to transform massive, fragmented telemetry into actionable insights. By standardizing health metrics and isolating analytics from production, engineers can proactively identify risks, reduce support overhead, and ensure platform stability at a petabyte scale.

Salesforce's Technical Health Score (THS) quantifies implementation health across five pillars: Security, Efficiency, Operational Excellence, Customization, and Observability.
The architecture processes petabytes of telemetry via an off-core analytics platform, ensuring zero impact on live transactional workloads.
Diverse metrics are normalized into a 1–100 scale using distribution-based methods to compare organizations against peers of similar complexity.
A signal-qualification framework filters for actionability, ensuring the score reflects customer-controlled configurations rather than platform-level issues.
This proactive approach has successfully reduced support case volume by 20x for customers who maintain high technical health scores.

#data #sre #security

Read original

Engineering at MetaMar 9, 2026

How Advanced Browsing Protection Works in Messenger

Why it matters: It demonstrates how to implement privacy-preserving security features in end-to-end encrypted environments. Engineers can learn how to balance cryptographic privacy primitives like PIR and OPRF with the practical performance requirements of large-scale real-time messaging.

Messenger's Advanced Browsing Protection (ABP) uses Private Information Retrieval (PIR) to check links against a malicious URL database without revealing user activity to the server.
The system employs Oblivious Pseudorandom Functions (OPRF) to ensure the server cannot see the specific content of the client's query during the lookup process.
To handle URL prefix matching for subpaths, the system groups links by domain rather than requiring exact matches, preventing multiple queries that could leak data.
ABP addresses the privacy-efficiency tradeoff by sharding the database into buckets, carefully managing the number of bits leaked to the server to optimize performance.
The architecture is designed to scale to millions of potentially malicious websites while maintaining low latency for users within end-to-end encrypted chats.

#security #dist #data

Read original

Page 17 of 59

Prev 1...15 16 17 18 19...59 Next