Gateway API

CacheProbe: Auditing Prompt Cache Isolation in Gateway APIs

arXiv:2605.30613v1 Announce Type: new Abstract: Over the past year, prompt caching in Large Language Models (LLMs) has become increasingly more popular across inference APIs. Prompt caching helps save precious compute resources and speeds up response times by reusing parts of the KV cache of a specific prompt for another request. However, many implementations of prompt caching are not secure against timing attacks or even basic metadata disclosure.

I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty

Proof-Carrying Agent Actions: Model-Agnostic Runtime Governance for Heterogeneous Agent Systems

Announce Type: new Abstract: Agent systems execute through runtimes with very different control points: local coding tools, framework SDKs, managed agent platforms, API gateways, and observer-only integrations. A high-risk action such as publishing data externally may therefore appear as a shell command in one runtime, a tool call in another, and a hosted session transition in a third. This makes it difficult to answer a basic governance question consistently: what action was authorized,...

TypeScript devs no longer need to tangle with C# to use Aspire dev stack after Microsoft update

Microsoft has released Aspire 13.4, with the key feature being general availability of the TypeScript AppHost, as well as new integrations for Go, Bun, Blazor and WebAssembly. The company currently describes Aspire as a "code-first orchestration and observability layer for distributed applications" which makes it sound like some kind of service, but it is not. Developers use the Aspire CLI (command line interface) to model, develop and debug distributed applications, originally just for...

DRS-OSS: A Diff-Risk Scoring Tool for Continuous Integration Workflows

Announce Type: replace Abstract: Software teams need change-risk scores that can guide continuous integration decisions such as review prioritization, test scheduling, and downstream validation before risky changes are merged or released. However, open-source teams often lack deployable tools for surfacing these risk signals in everyday CI workflows. We present DRS-OSS, an open-source diff-risk scoring tool for continuous integration workflows.

Claw-R1: A Step-Level Data Middleware System for Agentic Reinforcement Learning

arXiv:2606.09138v1 Announce Type: new Abstract: Agentic reinforcement learning (RL) has become an important post-training paradigm for turning LLMs from static chatbots into interactive agents, giving rise to representative applications such as OpenClaw. Existing work mainly focuses on policy optimization algorithms and training frameworks, but pays less attention to the full data lifecycle of agent-environment interactions, from data production to training consumption. To bridge this gap,...

Ask HN: What are tools you have made for yourself since the advent of AI?

I've made a number of ceramic molds for slumping fused glass into bowls. As well as wooden templates for ceramic mugs. I've devised a few carrying tools to move glass frit paintings from my studio down to my barn where the kilns sit without spilling the glass.

Karpathy LLM Wiki pattern integrated into Obsidian agenic workflow

An autonomous AI agent inside your Obsidian vault. You describe a task, it plans, searches, reads, writes, and reports back. Every action is visible.

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

It's patch time for Ivanti customers again after the security shop disclosed another two critical vulnerabilities in one of its products. Both bugs affect Ivanti Sentry, a mobile gateway that forms part of its broader unified endpoint management platform. The first and worst of the two is CVE-2026-10520 (10.0), a max-severity vulnerability that allows a remote, unauthenticated attacker to execute code with root privileges.

Zeroserve: A zero-config web server you can script with eBPF

zeroserve is a small, fast, zero-config HTTPS server. You hand it a tarball of a website and it serves it - over HTTP/2 and TLS 1.3, with hot reload and a tiny resident footprint. The twist is that you can drop eBPF programs into the tarball and they run on every request, in userspace, as sandboxed middleware - rewriting, authenticating, and rate-limiting requests, or reverse-proxying them to a backend when you want it to act as a gateway in front of your app.