A security lead at a large enterprise* told me last week, when I asked whether they had any interest in Grok: "The revenge porn edgelord LLM? Yeah, imagine that; our bank wants nothing to do with it." A couple of other people I put the question to seemed genuinely surprised I'd brought it up at all, the way you'd react if someone wandered into a board meeting and asked whether anyone wanted to expense a timeshare. So that's the current state of enterprise demand for Grok, as measured by the unscientific but reliable method of asking the people who actually sign the cloud contracts. It lands somewhere between "no" and "why would you ask me that?" Which is awkward, because Business Insider reported this week that AWS is "in talks" to add SpaceX's Grok models to Bedrock, joining Anthropic, Meta, Cohere, and the OpenAI models AWS is in the process of bolting on. SpaceX has reportedly already shipped the models to AWS. There's no launch date, which in AWS announcement terms puts us squarely at the "intention to perhaps one day announce an announcement" stage. But is it any good? (No) Let me dispatch the obvious objection: maybe nobody wants Grok because they haven't tried it, and it's secretly excellent. I've run blind tests of the frontier models on some of my own deeply stupid side projects—the shitposting.ai family, where the entire design goal is to be edgier and weirder than the current discourse will tolerate. If there's a use case purpose-built to let Grok flex its whole "we say the things others won't" positioning, it's mine. Grok loses. It's fast — legitimately, impressively fast — but it's just not as good. It's the energy drink of frontier models: it'll keep you up, but you won't enjoy the experience and you'll regret it in the morning. So we've got a model that enterprise buyers actively don't want, that underperforms even on the single axis it's purportedly optimized for, attached to a company whose image generator reportedly was used to produce roughly three million sexualized images of real people over an eleven-day stretch, including an estimated 23,000 depicting apparent minors, according to the Center for Countering Digital Hate, triggering regulatory action in more than a dozen jurisdictions and a Dutch court injunction carrying a €100,000-per-day penalty. That part isn't a joke, and I'm not going to make one. Then layer on the fact that nobody sensible wants to take a hard dependency on Elon Musk's org chart. In roughly a year, the thing has been reorganized into oblivion — X (the rebranded Twitter) sold to Grok-producing xAI, xAI swallowed by SpaceX, with the whole AI unit then being dissolved into a division called SpaceXAI. All eleven original cofounders have left. More than fifty researchers walked after the SpaceX absorption. The API endpoint you'd integrate against, api.x.ai, is migrating to a SpaceX-branded URL on a timeline nobody's published. Building production infrastructure on top of that is like renting an apartment in a building that keeps changing its name, its address, its compliance with the fire code, and its landlord while you're still unpacking. And here's the part that should bother whoever greenlit this. Bedrock's entire pitch— the reason anyone pays the wrapper tax instead of hitting a model's API directly— is governance: IAM, PrivateLink, CloudTrail, encryption, guardrails, and an audit trail you can wave at a regulator. The model is almost secondary to those things for those customers. And the enterprises that actively value that stack are precisely the ones telling me they wouldn't touch Grok with a borrowed keyboard. The startups that hypothetically *do* want Grok — for the edge, for the speed, for whatever a founder talks themselves into at 2 a.m. — could not care less about CloudTrail. They want it cheap, fast, and now, and they can already have it: Grok is one curl to a public endpoint away, same as every other model on the shelf. Bedrock has no monopoly on third-party models; it never did. So sketch the Venn diagram. One circle is "wants Grok," the other is "wants Bedrock's governance." Grok-on-Bedrock is built to serve only the gap where they don't overlap. So who asked for this? Nobody. Which is the interesting part. When customer demand can't explain a decision, follow the corpdev. And AWS has run this exact play twice already this year, in public, with the numbers attached. With Anthropic: a commitment to spend more than $100 billion on AWS over ten years and secure up to five gigawatts of Trainium capacity, with Amazon putting in another $5 billion immediately and up to $20 billion more on milestones — on top of the $8 billion it had already sunk in, for a cumulative stake somewhere around $33 billion. With OpenAI: an existing $38 billion agreement expanded by another $100 billion, OpenAI committing to roughly two gigawatts of Trainium, and Amazon writing a $50 billion check on top. The pattern is identical both times. Amazon invests, the lab commits to gigawatts of Trainium, and the model shows up on Bedrock as the consumer-facing bow on top. The Bedrock listing is the gift wrap. The Trainium commitment is the gift. So here's the way I'm thinking about it: AWS isn't trying to sell Grok to your bank, but rather trying to sell Trainium to SpaceXAI — a company currently training Grok on something like 550,000 Nvidia GPUs in a Memphis facility the size of the chip on my shoulder. Peel even a fraction of that onto Amazon silicon ahead of the SpaceX IPO and the deal pencils out, regardless of whether a single human ever calls the Grok endpoint in anger. Bedrock becomes little more than a sales funnel with infuriatingly bad documentation. The part where I say something nice Because the strategy is clever, and I try to say so when it's earned. Amazon is now bankrolling both leading independent AI labs at once, on its own chips, through its own model marketplace, while positioning itself as neutral infrastructure for whoever ends up winning. Against the roughly $200 billion in capex Amazon is torching in 2026, getting frontier labs to pre-commit to the silicon is about the only thing that makes that spreadsheet survivable. It worked twice. Why not go for three? The third just happens to be a satellite-internet competitor. Amazon Leo - Amazon's own years-later answer to Starlink - is out there signing Delta, JetBlue, AT&T, Vodafone, and NASA. So AWS would be cutting a relationship check to the one company it's simultaneously trying to chase out of low Earth orbit. This seems fine. This is normal! Everybody in this industry is everybody else's landlord, tenant, competitor, and shelf-mate, frequently within the same quarter and occasionally within the same press release. There will never be a problem that this arrangement causes. The caveat that keeps me honest I have no inside information here past "casual conversations with enterprise execs." I haven't seen a term sheet. There's no public Trainium commitment from SpaceXAI, and Colossus runs on Nvidia today. So I can't prove this is silicon corpdev rather than, say, AWS executives wanting a seat at the IPO table, or a marketing org that needs to put "every frontier model" on a slide. What I can tell you is that customer demand doesn't explain it, because there isn't any - and AWS has shown you, twice and with receipts, what its other explanation tends to look like. So when Grok eventually lands on Bedrock with no fanfare and no launch date, and then is never mentioned again, don't read it as AWS believing you want Grok. Read the S-1. If there's a Trainium number in it, you'll know what the model was really for. * Specifics have been fuzzed to protect confidentiality. ®

A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft. It’s the latest in a seemingly never-ending string of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake. Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[.]com), the threat actor published 14 packages impersonating legitimate libraries from the @opensearch and @elastic ecosystems and targeting Amazon Web Services, HashiCorp Vault, GitHub Actions, and the npm registry itself. This suggests that the attacker “likely chose a developer audience to have AWS and Elastic cloud credentials in their environments,” Microsoft warned in a Thursday blog. All of the malicious packages include the same install-time stager and the same Bun-compiled, second-stage payload: a 195 KB credential harvester purpose-built for cloud and CI/CD environments. Plus, as we’ve seen with all of the other open source supply chain attacks of late, after stealing tokens and other secrets, the attacker can move laterally across cloud environments, steal additional sensitive data, and push even more poisoned updates to packages owned by hijacked maintainer identities, thus expanding the attack beyond the initial 14. All of the malicious libraries have since been removed, and Microsoft published a list of all 14 in its blog. Give that a read to help identify systems that installed or built affected package versions on or after May 28. Be sure to also rotate an AWS IAM/STS, HashiCorp Vault, npm publish, and GitHub Actions tokens that may have been exposed. To trick users into installing these developer tools and search engines, the attacker used typosquatting - naming a package one or two letters off from the legitimate one - or lookalike naming (such as opensearch-setup-tool, opensearch-config-utility, and elastic-opensearch-helper) to impersonate well-known libraries. In addition to this social engineering technique, used to drive installs through users’ typing mistakes or trust, the attacker also used two other techniques to make the supply chain attack more believable. This includes spoofing upstream metadata. “Every unscoped package sets its package.json homepage, repository, and bugs fields to the legitimate github.com/opensearch-project/opensearch-js project,” Microsoft’s threat hunters explained. And finally, they inflated version numbers, so the phony “releases” jump straight to 1.0.7265, 1.0.9108, or 2.1.9201 to indicate a mature release history. After tricking users into installing the npm packages - all 14 are listed in the blog, so give that a read - the credential-stealing payloads automatically execute through preinstall hooks as soon as the victim runs npm install. For this, the attacker used one of two stagers. The Gen-1 stager uses install, preinstall, and postinstall hooks that all invoke preinstall.js, and then collects a ton of host information including hostname, platform, arch, Node version, USER/USERNAME, cwd, INIT_CWD, npm_package_name, npm_package_version. It then base64-encodes the JSON, and POSTs it to the actor’s command-and-control server, which then serves a second-stage payload, written to payload.bin in the package install directory. “The package’s index.js re-launches the same payload.bin on every subsequent require() of the module – a quiet persistence mechanism that survives across CI build stages and developer rebuild loops,” according to Microsoft. The later Gen-2 stager replaces the install-time C2 roundtrip with a stealthier loader that checks whether bun is already present on the host. If not, it downloads the legitimate Bun runtime v1.3.13, and then executes the second-stage payload, which sets to work stealing credentials across AWS, HashiCorp Vault, npm, GitHub Actions, and other CI/CD environments.®

Rogue agents are dangerous, but eliminating them is never easy. Jason Bourne, Ethan Hunt, and James Bond have each run afoul of their governance at various junctures, yet stopping them takes sequel after sequel until all the loose ends are tied up and they eventually die or retire, only to get rebooted. It’s not so different in the world of AI agents. Okta leaders, citing the company's own research, say enterprises are deploying AI agents faster than they are securing them, with 92 percent of executives reporting moderate or widespread use of autonomous AI agents, but only 22 percent saying their organizations have identities tied to those agents. “That is a real problem,” Okta president and chief operating officer Eric Kelleher said during the company's earnings call on Thursday. “It's a measurable, quantifiable exposure customers have right now within their companies, and they need to invest to fix it." In short, when agents go sideways, someone has to handle the dirty work. Okta CEO Todd McKinnon told investors that’s what ServiceNow was asking for when the ITSM market leader came calling. “What they were really interested with Okta was this kill switch capability,” McKinnon said during earnings. “When agents go awry and agents aren't following the policy, how do you shut them down? … The one thing we do really well, and that they wanted from us, is the ability to sever the connections, the access tokens, the actual logical connection at the authorization layer to the backend resources, and we're really good at that.” ServiceNow has previously said its acquisition of Veza could provide that capability. In a statement to The Register, a ServiceNow spokesperson said Okta serves as the logical connection to backend resources at the identity layer, while Veza gives ServiceNow visibility and control over the permissions graph. "To clarify how the pieces fit together: ServiceNow's AI Control Tower is the orchestration and governance layer that monitors risk and detects when an agent is behaving outside policy. When that happens, the platform can trigger remediation actions across multiple identity and access systems, including Okta, which handles token revocation at the authorization layer," the spokesperson said. Veza, which ServiceNow acquired earlier this year, operates at a different layer, the spokesperson said, mapping permissions across human, machine, and AI identities at scale, and it lets ServiceNow revoke agent permissions directly within the ServiceNow platform, which is its own "kill switch." McKinnon said that he has spent the past six months meeting Okta's largest customers in person, reaching roughly 75 of the company's top 100 accounts. The pattern he saw across those conversations was that agents are widely deployed, but the controls around them are immature. “You’ll have a development team that’s using Claude Code, but it's connected to GitHub and their Jira system with static tokens in the local developer box,” he said. “So that company is using agents, but they’ve really done it in a haphazard, non-secure way.” He said the company’s two leading products for controlling AI agents – Okta for AI Agents and Auth0 for AI Agents – are not yet contributing substantially to the company’s revenue, but Okta sees an industry in need just over the horizon. “It’s going to be big. We’re pouring a lot of R&D effort into this and focused on it. The interest is super high and unlike anything we’ve ever seen,” he said. McKinnon said that there are several ways to control rogue agents, whether it's stopping them from running or quarantining them at a network level, but all of that relies on observability and permissions that need to be set from the beginning. Okta's proposed answer is to apply the model it already uses for employee and customer access to the AI agents themselves. McKinnon said Okta can identify the agents operating inside an organization, maintain a record of them, and set rules governing what systems each agent may reach. "We tell you who your agents are. There's a directory of agents," he said. "We can scan multiple platforms and multiple systems and give you that source of truth of where your agents are, and we can help you set a policy on what they can connect to." For large enterprises running thousands of applications, he said, rewiring each one to accommodate agents is not practical, so Okta instead places an authorization layer around the agents to control their permissions and connections. Rival identity platform Microsoft Entra also boasts that it has similar capabilities. Autonomous agents authenticate directly with the Microsoft Entra ID platform using their agent identity and the client credentials flow, Microsoft says. Entra assigns identities to agents, autodiscovers them across an organization, applies Conditional Access rules and permissions, and lets customers disable entire classes of agents in a single operation, Redmond says. McKinnon said that, while the market is busy hunting for winners and losers in the AI agent race, customers want a secure experience regardless of the vendor. In addition to its work with ServiceNow, Okta partnered with Salesforce last year and AWS this month. Okta for AI Agents integrates with Amazon Bedrock AgentCore, a fully managed AI service from AWS to provide identity governance for agents, including ownership assignment, lifecycle management, and "the ability to deactivate rogue agents." “I think there's going to be way more working together than people think,” McKinnon said. “We're really excited about our conversations with Amazon and their AgentCore, Agentforce from Salesforce, and the message from customers is clear. They want this identity layer and this connectivity layer to be independent to give them more flexibility, and I think the industry is coalescing around that.” ®

Mr Mikage (ミスター御影） posted a photo:

BertvB posted a photo:

A spectacular wide-angle view of Positano, one of the most famous and picturesque gems along the Amalfi Coast in Italy. The image beautifully captures the iconic pastel-colored houses stacked dramatically up the steep cliffs, the historic dome of the Church of Santa Maria Assunta, and the bustling Spiaggia Grande beach meeting the azure waters of the Mediterranean.

T.Marko has added a photo to the pool:

A vivid red train emerges from the shadows of the city, tracing a path between concrete walls, waterways, and layers of urban infrastructure. The calm reflection of the canal contrasts with the energy of Tokyo's dense skyline, creating a scene where movement and stillness coexist. The striking color of the train acts as a visual anchor, guiding the eye through a complex yet harmonious urban landscape.

Investigation launched in former mining village of Coalsnaughton after residents forced to leave properties

Nearly 100 homes have been evacuated following reports of ground movement in a former mining village in Clackmannanshire.

Properties began being evacuated on 18 May and an investigation has since been launched into the cause in Coalsnaughton.

Continue reading...

Slow blogging day today; I spent some time on the KDO undercarriage and a new little members-only feature for the Rolodex: a simple list of links to the latest posts from Rolodex sites. (Click on “Latest Posts”; like I said, it’s a wee feed reader.)

Fryes with everything, Julie Hrudová

Nooit eerder kwam Jesper de Jong verder dan de tweede ronde van een grand slam. Na zijn overwinning in vijf sets op de Rus Karen Khachanov staat de Nederlander nu in de vierde ronde van Roland Garros. Hij toonde veerkracht en vertrouwen en speelde met het publiek.