Kyle Quest (the DockerSlim guy)
@kcqon.bsky.social
AI-native software security maintenance (AutonomousPlane) * CTO/Founded (Slim dot AI) * Created DockerSlim / SlimToolkit / MinToolkit * 50 Shades of Golang * Big & Small Data * Security * eBPF * Containers * Cloud Native
Cool blog about "anti-patterns and patterns for achieving secure generation of code via AI" by the Ralph Loop guy himself ( TLDR: security needs to be deterministic and LLM prompts don't give you that 🙂 ): ghuntley.com/secure-codeg...
anti-patterns and patterns for achieving secure generation of code via AI
I just finished up a phone call with a "stealth startup" that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What fol...
ghuntley.com
January 20, 2026 at 7:15 AM
Cool blog about "anti-patterns and patterns for achieving secure generation of code via AI" by the Ralph Loop guy himself ( TLDR: security needs to be deterministic and LLM prompts don't give you that 🙂 ): ghuntley.com/secure-codeg...
Pretty cool... hardened open source container images from the german government container.gov.de , gitlab.opencode.de/open-code/oci
Secure Container Images
container.gov.de
January 18, 2026 at 8:13 PM
Pretty cool... hardened open source container images from the german government container.gov.de , gitlab.opencode.de/open-code/oci
Don't give your LLM a gun if you don't want it to shoot... Asking nicely in the system prompt doesn't work 🙂
The code "Explore" agent from Claude Code code snippet I shared earlier is a good "bad" example of that.
The code "Explore" agent from Claude Code code snippet I shared earlier is a good "bad" example of that.
January 18, 2026 at 6:49 PM
Don't give your LLM a gun if you don't want it to shoot... Asking nicely in the system prompt doesn't work 🙂
The code "Explore" agent from Claude Code code snippet I shared earlier is a good "bad" example of that.
The code "Explore" agent from Claude Code code snippet I shared earlier is a good "bad" example of that.
Cool follow up post about the design behind the Sprites agent sandboxes from Fly dot IO (from Thomas Ptacek himself :-)) fly.io/blog/design-...
The Design & Implementation of Sprites
So that we may educate as well as horrify: the internals of our new Sprites execution platform.
fly.io
January 18, 2026 at 3:13 AM
Cool follow up post about the design behind the Sprites agent sandboxes from Fly dot IO (from Thomas Ptacek himself :-)) fly.io/blog/design-...
The code "Explore" agent from the reverse engineered Claude Code (much bigger system prompt compared to "Bash" :-))
January 18, 2026 at 2:46 AM
The code "Explore" agent from the reverse engineered Claude Code (much bigger system prompt compared to "Bash" :-))
A snippet of the reverse engineered Claude Code showing its "Bash" agent (one of the smallest system prompts in CC :-))
January 17, 2026 at 7:09 PM
A snippet of the reverse engineered Claude Code showing its "Bash" agent (one of the smallest system prompts in CC :-))
if you want to learn about Manus AI sandboxing... I know I do 🙂 manus.im/blog/manus-s...
Understanding Manus sandbox - your cloud computer
Learn how Manus Sandbox gives you a secure, isolated cloud computer for every task—with persistent files, 24/7 execution, and Zero Trust security built in.
manus.im
January 16, 2026 at 1:57 AM
if you want to learn about Manus AI sandboxing... I know I do 🙂 manus.im/blog/manus-s...
Pretty cool, sandboxes from Fly dot IO
sprites.dev
sprites.dev
Sprites - Stateful sandboxes
sprites.dev
January 11, 2026 at 12:53 AM
Pretty cool, sandboxes from Fly dot IO
sprites.dev
sprites.dev
Reverse engineering Claude Code is a fun way to start the new year 🙂 It's the biggest AI coding agent out there and it's a Bun app compiled to an executable.
A teaser 😉
ripgrep.node
resvg.js
tree-sitter.js
ripgrep.js
ripgrep.node
resvg.wasm
tree-sitter.wasm
...
A teaser 😉
ripgrep.node
resvg.js
tree-sitter.js
ripgrep.js
ripgrep.node
resvg.wasm
tree-sitter.wasm
...
January 4, 2026 at 12:47 AM
Reverse engineering Claude Code is a fun way to start the new year 🙂 It's the biggest AI coding agent out there and it's a Bun app compiled to an executable.
A teaser 😉
ripgrep.node
resvg.js
tree-sitter.js
ripgrep.js
ripgrep.node
resvg.wasm
tree-sitter.wasm
...
A teaser 😉
ripgrep.node
resvg.js
tree-sitter.js
ripgrep.js
ripgrep.node
resvg.wasm
tree-sitter.wasm
...
What if you could make your container vulnerabilities disappear... so you can later exploit them whenever you want 😉 I'll show what it looks like at Besides Seattle this February
January 2, 2026 at 2:43 AM
What if you could make your container vulnerabilities disappear... so you can later exploit them whenever you want 😉 I'll show what it looks like at Besides Seattle this February
Interesting to hear someone (not a rando) saying that "AI guardrails don't work" (so all those AI Security companies selling guardrails are selling snake oil. He didn't say this part out loud :-)) www.youtube.com/watch?v=J998...
Why securing AI is harder than anyone expected and the coming security crisis | Sander Schulhoff
YouTube video by Lenny's Podcast
www.youtube.com
December 22, 2025 at 3:52 AM
Interesting to hear someone (not a rando) saying that "AI guardrails don't work" (so all those AI Security companies selling guardrails are selling snake oil. He didn't say this part out loud :-)) www.youtube.com/watch?v=J998...
If you are building AI agents in Rust, Skreaver is a pretty cool project to check out. It aims to be the Tokio of agent systems.
December 15, 2025 at 9:42 PM
If you are building AI agents in Rust, Skreaver is a pretty cool project to check out. It aims to be the Tokio of agent systems.
In the battle of autonomous coding agents between Github Copilot and Google Jules fixing a bug in #DockerSlim , GitHub Copilot won while Jules got lost so many times before coming up with anything relevant 🙂
December 14, 2025 at 8:24 PM
In the battle of autonomous coding agents between Github Copilot and Google Jules fixing a bug in #DockerSlim , GitHub Copilot won while Jules got lost so many times before coming up with anything relevant 🙂
Reposted by Kyle Quest (the DockerSlim guy)
Wonder why I mentioned React2shell... Those vulnerable Next.js apps often run in containers and guess what happens to the exploits if those containers are Minted and reinforced with what I've built 😉 Powered by #DockerSlim tech.
December 9, 2025 at 11:48 PM
Wonder why I mentioned React2shell... Those vulnerable Next.js apps often run in containers and guess what happens to the exploits if those containers are Minted and reinforced with what I've built 😉 Powered by #DockerSlim tech.
Pretty nice video about React2Shell from Theo, the big Next.js vulnerability that's making its rounds: www.youtube.com/watch?v=UiCE... It also show the fundamentally different approach from developers vs security people to the security vulnerabilities.
Watch this if you use React
YouTube video by Theo - t3․gg
www.youtube.com
December 8, 2025 at 10:31 PM
Pretty nice video about React2Shell from Theo, the big Next.js vulnerability that's making its rounds: www.youtube.com/watch?v=UiCE... It also show the fundamentally different approach from developers vs security people to the security vulnerabilities.
Is there anything interesting going on with Next.js ;)
December 7, 2025 at 4:11 AM
Is there anything interesting going on with Next.js ;)
Reposted by Kyle Quest (the DockerSlim guy)
MinIO's community edition is now in maintenance mode.
Silent license changes.
$96K paywalls.
Locked GitHub threads.
Abandoned Docker images during a critical CVE.
A masterclass in how NOT to sunset an open source project.
SeaweedFS, your time is now.
Silent license changes.
$96K paywalls.
Locked GitHub threads.
Abandoned Docker images during a critical CVE.
A masterclass in how NOT to sunset an open source project.
SeaweedFS, your time is now.
MinIO, we won't miss you.
YouTube video by Rawkode Academy
www.youtube.com
December 4, 2025 at 5:00 PM
MinIO's community edition is now in maintenance mode.
Silent license changes.
$96K paywalls.
Locked GitHub threads.
Abandoned Docker images during a critical CVE.
A masterclass in how NOT to sunset an open source project.
SeaweedFS, your time is now.
Silent license changes.
$96K paywalls.
Locked GitHub threads.
Abandoned Docker images during a critical CVE.
A masterclass in how NOT to sunset an open source project.
SeaweedFS, your time is now.
Funny that there are more vendors trying to sell you stuff around MCP than the actual MCP Server users :-)
December 3, 2025 at 1:38 AM
Funny that there are more vendors trying to sell you stuff around MCP than the actual MCP Server users :-)
The #KubeCon / #CloudNativeCon in Atlanta was super exciting! Demo'ed the new Podman container runtime support minifying container images with #DockerSlim (now #PodmanSlim :-)) Here's a short demo version:
November 27, 2025 at 6:51 AM
The #KubeCon / #CloudNativeCon in Atlanta was super exciting! Demo'ed the new Podman container runtime support minifying container images with #DockerSlim (now #PodmanSlim :-)) Here's a short demo version:
Reposted by Kyle Quest (the DockerSlim guy)
SCaLE is the most family friendly conference I've ever been to
I regularly bring my kids (Saturday night is game night) and there are parents in the audiences with strollers.
SCaLE is a community, and we do our best to make sure everyone is welcome
I regularly bring my kids (Saturday night is game night) and there are parents in the audiences with strollers.
SCaLE is a community, and we do our best to make sure everyone is welcome
November 18, 2025 at 4:48 AM
SCaLE is the most family friendly conference I've ever been to
I regularly bring my kids (Saturday night is game night) and there are parents in the audiences with strollers.
SCaLE is a community, and we do our best to make sure everyone is welcome
I regularly bring my kids (Saturday night is game night) and there are parents in the audiences with strollers.
SCaLE is a community, and we do our best to make sure everyone is welcome
Reposted by Kyle Quest (the DockerSlim guy)
FYI: most of the #kubecon #cloudnativecon NA videos are up on youtube, should hopefully be all there by end of next week! www.youtube.com/@cncf/videos
CNCF [Cloud Native Computing Foundation]
To provide educational and informative content on cloud native computing, which uses an open source software stack to deploy applications as microservices, packaging each part into its own container, ...
www.youtube.com
November 14, 2025 at 8:17 PM
FYI: most of the #kubecon #cloudnativecon NA videos are up on youtube, should hopefully be all there by end of next week! www.youtube.com/@cncf/videos
I wish the ContribFest sessions at KubeCon were longer... Not enough time to do anything significant. And this year in Atlana they were super short or, at least, it felt like it 🙂
November 14, 2025 at 11:54 PM
I wish the ContribFest sessions at KubeCon were longer... Not enough time to do anything significant. And this year in Atlana they were super short or, at least, it felt like it 🙂
Reposted by Kyle Quest (the DockerSlim guy)
Come hear me talk about building modular platforms tomorrow at 3! sched.co/27Faa
KubeCon + CloudNativeCon North America 2025: Capabilities, APIs, and Experiences: Blu...
View more about this event at KubeCon + CloudNativeCon North America 2025
sched.co
November 11, 2025 at 10:14 PM
Come hear me talk about building modular platforms tomorrow at 3! sched.co/27Faa
Today at #KubeCon we demystified building AI-assisted DevOps tools. The LLM prompts don't need to be uber fancy. Don't need a lot of tools. It can be kubectl CLI wrapped in a tool object. MCP servers have their place, but they can't be thin API wrappers because LLMs will struggle to use those.
November 11, 2025 at 10:14 PM
Today at #KubeCon we demystified building AI-assisted DevOps tools. The LLM prompts don't need to be uber fancy. Don't need a lot of tools. It can be kubectl CLI wrapped in a tool object. MCP servers have their place, but they can't be thin API wrappers because LLMs will struggle to use those.