This weeks edition of the weakly link has got some fire in it:

First on the menu we’ve got a report that tries to tell us that if there’s an AI bubble, that’s a good thing: The AI Wildfire Is Coming. It’s Going to Be Very Painful and Incredibly Healthy Instead of a bubble, the post tells us of one dinner guest at a CEO dinner in Silicon Valley who argues that instead of a bubble it is more like a wildfire. And wildfires clear out the underbrush, clear away the detritus and make room for new growth. Particularly the iconic Sequoia trees work like that. Seeds only open up at a certain temperature and start growing when the already dying undergrowth is cleared away.

I think that’s a lovely analogy, but I also detected a bit of copium in there. I get the impression that the techbro narrative has “subtly” pivoted from “there’s no AI bubble” to “well, maybe the market is overheating, but a good crash will be good for the strong players and make way for new start-ups”.

Reading the article leaves the impression that a big crash is desirable and - just like in the dot.com bubble would leave an overcapacity of infrastructure in place. I did appreciate that they recognised that the graphics cards are not the commodity that would be of value after the crash, because they tend to be obsolete after a few years but the energy infrastructure that could remain. A lot of the AI players are scared to be left behind so spend big on new energy infra and an overabundance of energy might be something useful to have after the crash.

For me the big question is whether that energy infrastructure would actually be there. The number of Gigawatt datacentres and AI megaplexes talked about are astronomical and those tend to take a while to build out. What if the financial engineering perpetrated by nvidia and its customers blows up, then what? Would the big players survive having to write of billions and billions of investments? Would there still be any customers around if everyone’s pensions have gone up in … flames.

I’m sceptical.

Not as sceptical as about this story that has made the rounds: Disrupting the first reported AI-orchestrated cyber espionage campaign.

It had a lot of visibility and LinkedIn was overflowing with assertions that cybersecurity was never going to be the same again or some such hyperbole.

Sigh. Both the post and the underlying report read like they’re written by the marketing department. My take: Anthropic in “AI agentic tools and MCP work as advertised when combining with script kiddie tools and AI guardrails are easily circumvented” shocker!

Later I came across this piece on the BBC which didn’t just regurgitate the Anthropic press release and applied some critical thinking. Nice one.

More AI trouble?

To continue along the LLM security issues from the department of stating the obvious (I’m not trying to throw shade on the piece, just that it should be obvious by now that indirect prompt injection is going to be a really tricky thing to solve, if not outright impossible) there is this post which warns against using the new generation of AI enabled browsers.

I for one wouldn’t let Perplexity, ChatGPT Atlas or Comet near my data. Who knows what would happen when the AI browses to a page with an advert that instructs my browser to all kinds of everything.

I’m a sceptic, yes, but doesn’t mean I won’t look at it

When coming across this repository about Awesome Claude Skills I got thinking, I like this approach to using tooling more than the MCP servers. It doesn’t feel as restrictive, and could well be a way of building up knowledge. Do something a couple of times? Make a skill of it. It’s what I would do. If I do something manually a few times, I write a script.

Back to the Fire?

I was a little bit surprised when I stumbled across this announcement that ingress-nginx is going to be retired. Admittedly I’m not that plugged into the Kubernetes ecosystem, but I’ve been on enough engagements, seen enough helm charts to find that ingress-nginx is very often there.

To prioritize the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX. Best-effort maintenance will continue until March 2026. Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered.

So that’s about four months to get your ingress sorted out before it becomes unsupported. Considering how many people will be off or nursing post-Christmas party hangovers, that doesn’t feel a lot of time. And there’s Ramadan Feb-Mar too.

Sleep tight! That was the weakly link, goodbye.

Tags weakly-link

If you'd like to find more of my writing, why not follow me on Bluesky or Mastodon?