Ayende @ Rahien

Barth Benner commented on The 'Million AI Monkeys' Hypothesis & Real-World Projects

Fri, 03 Apr 2026 22:23:00 GMT

It is no longer a skill. Soon we will all accept it. We can all now create great software. All the outstanding developers are saying it.

Oren Eini commented on A tale of one-off, coding agents and the shortest path to victory

Sun, 15 Feb 2026 06:48:52 GMT

Rustam, Yes, you can do that with `slackdump`, sure. I literally couldn't get the auth to work properly. Now, I *could* make it work, for sure. But it was literally easier to get an agent to produce a once off then try to figure out how to get `slackdump` auth working properly. That's the point of this post.

Rustam commented on A tale of one-off, coding agents and the shortest path to victory

Sat, 14 Feb 2026 04:42:50 GMT

It's quite easy with slackdump: 1. Run a dump of a channel: slackdump dump - produces a zip file with the timestamp, i.e. slackdump_20250214_143900.zip. 2. Format as csv: slackdump format slackdump_20250214_143900.zip - produces a zip file with two CSV files: conversation and channel information. All the best.

Nicholas Piasecki commented on Maintainability in the age of coding agents

Sat, 31 Jan 2026 02:29:55 GMT

As someone reading you for a long time and maintaining his own 15 year old code base, on a much smaller scale, I also came to the conclusion that it succeeded only because I got the architecture mostly correct — of course the topography is all obsolete now, but the fault lines were right — in that changes and evolution were localized, and I could change and deploy just a small part of the system at a time. This was a great essay.

Oren Eini commented on Implementing Agentic Reminders in RavenDB

Fri, 12 Dec 2025 07:41:40 GMT

Peter, That actually comes from a bunch of reasons. - `@refresh` - is easier to just type then provide a strongly typed API for.- We have to consider cross language API. C# has really nice facilities for strongly typed stuff (but they are complex). With Python / node.js, that is not the case- `smartest-agent` or `GetRaisedReminders` are defined by the user. Sure, we can go the same route we did with indexes, with defining a class, etc. That comes back to the previous point about other systems, and reducing the cost of approaching this in all platforms.

peter commented on Implementing Agentic Reminders in RavenDB

Thu, 11 Dec 2025 16:06:01 GMT

curious why literal strings are used (@refresh, smartest-agent, GetRaisedReminders etc). Is there no simple way to use stringly-typed variables?

Ray Kwei commented on Using multi-staged actions with AI Agents to reduce costs & time

Mon, 24 Nov 2025 21:48:19 GMT

Oren - software investor at Radian Capital - just shot you an email. Thought I might try reaching out through the blog!

Oren Eini commented on RavenDB's new offices

Wed, 29 Oct 2025 21:17:32 GMT

Judah, Would be very happy to host you, let us know

Judah Gabriel Himango commented on RavenDB's new offices

Wed, 29 Oct 2025 21:14:25 GMT

Looks great, Oren! Congrats on the growth and the new building. I'll have to stop by next time I'm in Israel.

eqr commented on RavenDB's new offices

Thu, 23 Oct 2025 14:50:21 GMT

It's so cool, congrats. The logo is awesome.

Oren Eini commented on A deep dive into RavenDB's AI Agents

Wed, 08 Oct 2025 20:17:05 GMT

Jason, That is a great point, yes. I wrote about this recently in depth, see: https://ayende.com/blog/203140-A/ai-agents-security-the-on-behalf-of-concept?key=45fe4f251b4a41f9b4df1a8dbb2dcdb5

Jason Parkhurst commented on A deep dive into RavenDB's AI Agents

Wed, 08 Oct 2025 16:24:48 GMT

What are you doing to defend against prompt injections in the data stored in the database? If the agent takes the data from the database as an input, it is now subject to misinterpreting it, and if you have any user controlled data in the database it could be malicious.

Oren Eini commented on A deep dive into RavenDB's AI Agents

Mon, 15 Sep 2025 06:58:19 GMT

Bob, This is available in the cloud in the dev environment, and on either the higher ended tiers (P30+) or as an addon

Bob Lamb commented on A deep dive into RavenDB's AI Agents

Fri, 12 Sep 2025 11:44:08 GMT

Very interesting. Is this available in the RavenDB cloud on the free tier? If not, on which tier is it available?

Oren Eini commented on AI Agents Security: The on-behalf-of concept

Thu, 09 Oct 2025 15:21:29 GMT

Jason, a) You are broadly correct - anything that you expose to the agent, you should be concerned about it affecting it. b) That is limited by what _actions_ the agent can direct (which is distinct than take). c) We'll soon offer the ability to "nest" agents, to the point that you can have a split between "filter the no overheat" query from the "recommend the best value" agent. Finally - at the end of the day, we are still dealing with a technology that has no actual control / data plane difference. In SQL - that is like not having parameters and hopsing that `replace("'", "''")` would protect you. Going back to point (c) above - the agent isn't free to do whatever it wants, it must go through the available actions you provide to it. And then you have a chance to add validation, etc. For example, if you are an under 18 customer, and try to buy alcohol. It isn't the LLM that is supposed to stop you, but the validation on the "AddToCart".

Jason Parkhurst commented on AI Agents Security: The on-behalf-of concept

Thu, 09 Oct 2025 15:11:04 GMT

If you allow the agent to see any content generated by any other user, the agent can be hijacked. For example in an e-commerce setting letting the agent see reviews left by other customers or product descriptions from shady 3rd party marketers can cause your website to take unintended actions on the users behalf. This is similar to a xss attack. If you maintain the state of the agent during a session or longer you have made it a persistent exploit vector. Limiting the agent to only see what the user can see seems insufficient. The key thing here is that *anything* the agent sees is a vector. Folks will naturally want their agents to see what they see, so I expect teams will open up these vectors. Things like: "List only the drills with no complaints about overheating" seem tailor made for LLMs. Listing them would be fine as a one shot, but then if you use the same session for other things like account management or modifying your cart you're wide open. While you may be able to defend system integrity, you're opening yourself up to legal liability.

Henry Rollins commented on AI Agents Security: The on-behalf-of concept

Mon, 08 Sep 2025 14:57:20 GMT

Ah, yes. Thanks, protecting the user versus protecting the system is a great distinction. For protecting the system, you're right, the harm an unwary user could do would remain limited in most scenarios. I do still worry about scenarios where the user is inside the system, where an agent acting on behalf of an unwary user would have broader scope. Say, a bank representative, HR department, developer just granted just-in-time access to prod, etc.

Oren Eini commented on AI Agents Security: The on-behalf-of concept

Sat, 06 Sep 2025 06:49:12 GMT

Henry, You are correct, in that you still have security issues, but there is a whole different level of that. If I tell you to run: `eval(atob("YWxlcnQoJ3B3bmVkJyk="));` on your end, and you do that... you are in the same situation. The key here is whether this is a _user_ risk or a _system_ risk. Because those need to be addressed very differently. An agent acting on-behalf-of the user is limited to what it can do. If the user misbehaves, that is a problem, but well scoped. In the real world, consider the grandma getting a call saying from a supposed grandson: "I need to pay bail with gift cards, and it needs to be NOW". That _is_ a problem, but it is not a problem for the bank. On the other hand, if I were able to do the same thing to the bank's _teller_, it's a whole different ball game.

Henry Rollins commented on AI Agents Security: The on-behalf-of concept

Fri, 05 Sep 2025 22:42:50 GMT

"There is no damage the agent can cause that the user cannot also cause on their own." I agree with this point, but we need to keep in mind the next level of exploits, and recognize that there is damage the agent can cause that the user would not cause on their own. Case in point, GitHub Copilot executes commands in the user's terminal, and can thus be instructed to do anything the user could do... which becomes very problematic [when it can also bypass human approval safeguards](https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/). Fortunately, that particular exploit has been patched. Unfortunately, we have absolutely no reason to trust that we're safe from any number of others. Now in your example scenario, there is no terminal in play, but I'd say we still have trouble. Say a bad actor shares what appears to be a very helpful prompt, but they have performed similar exploits to hide extra instructions (e.g., buy e-gift cards and send them to the bad actor). Users throw these prompts into the system and of course they have permissions to make purchases on their own behalf. Or leave the bad actor out of it, and accept the reality that a non-deterministic lexical pattern engine may occassionally get a wild idea that the user wants to increase their automatic monthly contribution by 10x. Now we have to build another layer of guardrails around how far the agent can go, even on behalf of the user.

design collaboration commented on The role of junior developers in the world of LLMs

Fri, 14 Nov 2025 03:29:27 GMT

This is pure gold ��! As a creative professional, I value the actionable guidance you've provided. The part about layout principles was particularly helpful. Saved for my team! ��

Oren Eini commented on The role of junior developers in the world of LLMs

Sun, 24 Aug 2025 10:35:44 GMT

Chris, I actually think that there is a lot for juniors to leverage in the new AI. If you are curious and open to learning ( and understand that the model isn't "the" Truth ), you have what is effectively a senior dev with infinite patience dedicated to you 100%. That is an amazing force multiplier.

Chris Robison commented on The role of junior developers in the world of LLMs

Fri, 22 Aug 2025 21:00:43 GMT

The really irritating thing about AI conversation around "eliminating jobs" is that it is so focused on short-term wins that sacrifice the future. If all we hire is senior developers and never train up new people...we're screwed.

Oren Eini commented on AI's hidden state in the execution stack

Mon, 08 Sep 2025 13:58:30 GMT

Frank, I'm doing a webinar *today* where we show off what we can do there with RavenDB. Would love to have you there: https://discord.com/invite/ravendb?event=1410573390154174506

Frank Quednau commented on AI's hidden state in the execution stack

Mon, 08 Sep 2025 13:56:01 GMT

While in the middle of a POC to get the details right of a "Get user approval for a tool call with yes / no / always allow this particular tool" semantics, you're _quite right_ to say that there is quite a bit of state-keeping involved

Oren Eini commented on Memory optimizations to reduce CPU costs

Sun, 17 Aug 2025 05:57:17 GMT

Joel, Yes, the idea is that you do less lookups in general. But the key here is that the CPU costs did NOT come from anything that we did. This code change should _also_ have a (small) impact - not that much, since the actual fields values will be in L1 anyway, but the reduction here was because of the GC not having to do any work.

Joel commented on Memory optimizations to reduce CPU costs

Sat, 16 Aug 2025 07:15:31 GMT

Now, I'm not sure and haven't tested, but in theory the final version could be faster, too, as the CPU could fit more byte values than references into the cache, and as long as the actual fields values stay in the cache (or are moved into registers, I'm not sure if the JIT does that) it should be able to loop through much faster. Or am I missing something?

Oren Eini commented on Replacing developers with GPUs

Thu, 14 Aug 2025 06:07:35 GMT

Bertrand, I meant that you can't replace the HR department with IT managing GPUs. Basically, those models aren't replacing people, but augmenting them. Your quote is the other way around . As for what CEOs say - there is a bit of truth there, since there is a much bigger impact when you _do_ use AI, but that isn't instead-of.

Bertrand Le Roy commented on Replacing developers with GPUs

Wed, 13 Aug 2025 15:20:26 GMT

Great writeup, thanks for this! However, it doesn't matter that "you cannot replace your IT department with an HR team managing a bunch of GPUs" (assuming that's what you meant, I think you typoed/reversed IT and HR in the post's conclusion), what matters is that the leadership of large companies believe they can. When CEOs of large tech companies lie for profit about what AI can do, their customers often buy the claims without the tech chops to understand the limitations.

Rail commented on Goodbye Hibernating Rhinos, Hello RavenDB LTD

Thu, 14 Aug 2025 18:04:44 GMT

Good name! Prev one was hard to pronounce right) for non natives

Oren Eini commented on Semantic image search in RavenDB

Tue, 29 Jul 2025 15:08:45 GMT

Peter, In both cases, RavenDB is also the store of vectors and serves as the vector index, etc. Note that doing that during indexing is _not_ a good idea, since you'll have to re-generate that on each reindexing run. Instead, we move that to a background process that can be much smarter about the way it goes about generating the embeddings. And yes, the expectation is that you'll use the text description for most searches, much more approachable.