DAILY NEWS

Stay Ahead, Stay Informed – Every Day

Advertisement
shk: A Local-First Security Guardrail CLI for AI Coding Agents



Secret scanning often starts at Git. AI coding agents can make that too late.

They can read local files, summarize logs, run commands, and transform sensitive context before anything is committed. shk is a local-first CLI for that messy pre-commit space: scan secrets and PII, mask prompts, and install managed hooks for Claude Code, Cursor, and Codex.

The problem is no longer just “secret reaches Git”

Most secret-scanning workflows are built around a familiar boundary: stop credentials before they land in Git, CI logs, or a release artifact.

AI coding agents move that boundary earlier.

An agent might read a file while following an import chain. It might summarize a pasted error log. It might run a shell command that prints .env contents. It might create a new file that quietly contains a token from earlier context. None of that requires a commit.

That is the gap shk is trying to cover: the local, messy, pre-commit space where AI tools actually operate.

What shk does in practice

shk is not one more dashboard you have to check. It is a single Rust binary that you put around the workflows where sensitive context tends to leak:

Before sharing context with an AI tool, use shk mask to redact secrets and PII from a prompt, log, or snippet.

Before an AI tool reads, writes, fetches, or runs something, use managed hooks to audit or block risky operations.

Before a commit or pull request, use the same scanner through Git pre-commit hooks and GitHub Actions.

That gives you one policy file, one set of rules, and one exit-code contract across local use, AI hooks, Git, and CI.

A quick tour

Install the latest release:

curl –proto ‘=https’ –tlsv1.2 -LsSf https://github.com/Kazuki-tam/security-harness-kit/releases/latest/download/shk-cli-installer.sh | sh

Enter fullscreen mode

Exit fullscreen mode

Windows users can install from PowerShell:

powershell -c “irm https://github.com/Kazuki-tam/security-harness-kit/releases/latest/download/shk-cli-installer.ps1 | iex”

Enter fullscreen mode

Exit fullscreen mode

Both shk and security-harness-kit resolve to the same CLI.

Start with a policy file:

shk init

Enter fullscreen mode

Exit fullscreen mode

Scan the current project:

shk scan .

Enter fullscreen mode

Exit fullscreen mode

Example output:

3 findings

HIGH secret.openai_api_key src/app.ts:12 Possible OpenAI API key detected
MED pii.ja.phone config/dev.ts:5 Japanese phone number detected
MED pii.en.ssn docs/test.md:8 US Social Security Number detected

Enter fullscreen mode

Exit fullscreen mode

Need a machine-readable report for automation? Use JSON. Raw matched values are not emitted; findings use redacted_value: “(REDACTED)”.

shk scan . –json

Enter fullscreen mode

Exit fullscreen mode

Need to paste a production log into an AI chat? Mask it first:

shk mask

Enter fullscreen mode

Exit fullscreen mode

Need to protect the commit path?

shk scan –staged
shk hooks install

Enter fullscreen mode

Exit fullscreen mode

The basic loop is intentionally boring: scan, review, mask, and block only when a configured threshold is met.

The AI-specific part: managed hooks

The more interesting piece is shk hooks install-ai.

Instead of relying on you to remember to scan every prompt, shk can write managed hook entries into supported AI tool configs:

# Preview the changes first.
shk hooks install-ai –dry-run

# Start in audit mode: log findings, never block.
shk hooks install-ai –audit

# Or target one tool.
shk hooks install-ai –tool cursor
shk hooks install-ai –tool claude-code –global

Enter fullscreen mode

Exit fullscreen mode

Project-level installs are the default. Global installs write to the user-level config for the selected tool.

Supported integrations:

Tool
Managed config

Claude Code
.claude/settings.json

Cursor
.cursor/hooks.json

Codex
.codex/config.toml

The managed entries are tagged so they are easy to identify later (“_shk_managed”: true in JSON configs, or # shk-managed-start / # shk-managed-end in shell and TOML blocks).

It checks intent, not only text

Secret scanners usually inspect content. AI hooks also need to inspect actions.

In hook mode, shk reads the AI tool’s JSON hook payload and runs an action guard before scanning extracted text. The guard looks for operation shapes such as:

Reads or writes involving sensitive paths.
Commands that dump .env-style files.
Destructive recursive removal.
Direct database mutation commands.
Privilege or system configuration changes.
External transfer commands.
Package-manager operations.

The default recommended profile is conservative. A strict profile can also block opaque execution forms such as bash -c, python -c, and node -e, because pretending to safely interpret every nested command string is usually worse than being explicit about the risk.

You can tune this in shk.toml with (action_guard) allow and deny patterns.

Audit first, then block

Hooks make decisions through exit codes, so the contract is small:

Code
Meaning

0
No finding at or above the active threshold, or audit/post-hook completed.

1
Scan findings met or exceeded the active threshold.

2
A blocking AI pre-hook fired, or shk scan –staged ran outside a Git repo.

–audit always exits 0. Post-tool hooks also always exit 0, because the operation already happened and the useful behavior is reporting, not pretending to undo it.

That makes rollout straightforward:

shk hooks install-ai –audit

Enter fullscreen mode

Exit fullscreen mode

Let it run for a few days. Review .shk/audit.log. The log is metadata-only: counts, tool name, hook phase, display path, suppressed count, and maximum severity. It does not store raw matched values.

Once the noise level is acceptable, reinstall without –audit and let high-severity pre-hook findings block.

Same binary for Git and CI

AI hooks are the new boundary, but Git still matters.

Install a managed pre-commit hook:

shk hooks install

Enter fullscreen mode

Exit fullscreen mode

Generate a GitHub Actions workflow:

shk ci init github

Enter fullscreen mode

Exit fullscreen mode

The generated workflow installs the prebuilt release binary and runs:

shk scan . –json –fail-on high

Enter fullscreen mode

Exit fullscreen mode

It also uses a few defaults I wanted out of the box:

permissions: contents: read for minimal GITHUB_TOKEN scope.

concurrency: cancel-in-progress: true so newer PR pushes cancel stale runs.

actions/checkout@v6.
Release installer instead of cargo install, so CI does not rebuild a Rust toolchain.

You can also generate rollout variants when you need them:

shk ci init github –mode audit for non-blocking CI adoption.

shk ci init github –shk-version v0.2.3 for reproducible pinned installs.

A few workflows beyond scanning

These are the commands that make shk feel less like a one-off scanner and more like a local security harness:

shk doctor checks project hygiene, including ignore coverage and plaintext .env files.

shk doctor ignore –fix appends missing required patterns to .gitignore.

shk env dotenvx import-keys .env.keys moves dotenvx private keys into the OS credential store.

shk env dotenvx run — npm test injects stored dotenvx keys only into the child process.

shk secrets push pushes dotenv payloads into AWS Secrets Manager or GCP Secret Manager through the official aws / gcloud CLIs, with dry-run, audit logging, and PII pre-scan.

shk skills install deploys an embedded agent skill for Claude Code, Codex, and Cursor so agents know how to call shk in the project.

All of these are optional. The tool is still useful if you only use scan, mask, and hooks.

Suppression without pasting secrets into config

False positives happen. Test fixtures happen. Public demo values happen.

shk supports a few suppression shapes:

Inline comments such as # shk-ignore and # shk-ignore-next-line .
Path-based ((allowlist)) entries in shk.toml.
Value-specific suppression using value_hash = “sha256-hmac:…”.

The value hash is not encryption. It is a deterministic HMAC-SHA256 fingerprint over the raw value and rule id, so someone with the candidate value can recompute it. Its purpose is narrower and practical: your policy file should not become the place where people paste the secret they are trying to suppress.

Expired allowlist entries turn into low-severity warning findings instead of silently disappearing.

What it intentionally does not promise

Security tooling gets dangerous when it overstates its guarantees, so here is the honest scope.

shk is pattern-based. Built-in rules combine hand-tuned shk detections with generated secret.gitleaks.* rules adapted from the gitleaks default configuration. That covers many common providers and formats, but false positives and false negatives are both possible.

The PII rules are designed for “do not paste this into an AI prompt” hygiene. They are not compliance evidence.

The action guard is heuristic. It can flag risky operation shapes in hook payloads, but it is not a shell interpreter and should not pretend to be one.

shk is also not a replacement for a secret manager, a cloud provider’s scanning features, or a dedicated enterprise secret-scanning platform. It is a local guardrail layer for the part of development where AI tools read, transform, and generate context.

Try it on an existing repo

The smallest useful sequence is:

shk init
shk scan .
shk hooks install-ai –audit

Enter fullscreen mode

Exit fullscreen mode

If the audit log looks reasonable after a short soak period, reinstall without –audit and block on high-severity pre-hook findings. If it is noisy, tune (thresholds), ((allowlist)), and (action_guard) first.

The goal is not to make the tool dramatic. The goal is to make secrets, PII, and risky AI operations visible before they leave the local development boundary.

Issues, rule contributions, and false-positive reports are welcome. The rule set gets better as more real codebases run through it.



Source link

The Hidden 43% — How Teams Are Wasting Almost Half Their LLM API Budget



You look at your provider dashboard and see one number: the total bill. It’s like getting an electricity bill that just says “$5,000” with no breakdown of whether it was the AC, the fridge, or someone leaving the lights on all month.

tbh, most AI startups are flying blind right now. We recently looked into the cost breakdown for several teams and found something crazy: almost 43% of LLM API spend is completely wasted. It’s not about paying for usage; it’s about paying for bad architecture.

Here’s where the leaks are actually happening:

Retry Storms (34% of waste)Your agent fails to parse a JSON response, so it retries. And retries. Sometimes 5-10 times in a loop. You aren’t just paying for the failure, you are paying for the massive context window sent every single time.
Duplicate Calls (85% of apps have this issue)Multiple users asking the exact same question, or internal systems running the same RAG pipeline on the same document. Without caching at the provider level, you’re paying OpenAI to generate the identical tokens twice.
Context BloatSending the entire 50-page document history when the user just asked “what’s the summary of page 2”. RAG is great, but shoving everything into the prompt “just in case” is burning your runway.
Wrong Model SelectionUsing GPT-4o or Claude 3 Opus for simple classification tasks when Haiku or GPT-3.5-turbo would do it for a fraction of the cost.

You can’t fix what you can’t see. That’s exactly why I built LLMeter (https://llmeter.org?utm_source=devto&utm_medium=article&utm_campaign=hidden-43-percent-llm-waste). It’s an open-source dashboard that gives you per-customer and per-model cost tracking. Stop guessing who or what is draining your API budget.

Fwiw, just setting up basic budget alerts and seeing the breakdown by tenant usually drops a team’s bill by 20% in the first week. Give it a try, it’s open source (AGPL-3.0) and you can self-host or use the free tier.



Source link

AI Bots Auditioning For Wall Street Trading Are Mostly Losing



AI isn’t ready to replace your fund manager — and the public experiments testing it are showing why.

Across a series of new trading contests between the world’s leading AI models, the verdict so far is unflattering. Most of the systems lose money. They trade too much. They make wildly different decisions when given identical instructions. And no one yet knows if these shortcomings will fade with more powerful iterations — or if they reveal something fundamental about the gap between large language models and how markets actually work.

Take Alpha Arena, run by tech startup Nof1. It pitted eight major frontier AI systems — including Anthropic’s Claude, Google’s Gemini, OpenAI’s ChatGPT and Elon Musk’s Grok — against each other in four separate competitions. Each was handed $10,000 per contest before being turned loose on US tech stocks for two weeks. The challenges involved trading on a variety of signals, acting defensively, reacting to the competition, and using high leverage. 


The portfolio as a whole lost about a third of its capital. Across all 32 sets of results, a model finished in profit only six times. Grok 4.20 delivered the best performance during the challenge in which it was aware of its rivals’ performance. It placed only 158 trades; under the same prompt, Alibaba’s Qwen traded 1,418 times.

Alpha Arena is one of a growing number of experiments testing whether LLMs can do the hardest job in finance: beat the market. While these contests are far from academically rigorous, they’re the most public demonstration yet of what happens when the systems try to take on some of the most lucrative and high-stakes work on Wall Street.

The early results matter because trading is one job the financial industry has been cautious about handing entirely to AI. Over the past few years, heavyweights from JPMorgan Chase & Co. to Balyasny Asset Management have put the technology to work nearly everywhere else. LLMs now parse news at quant shops, draft memos at hedge funds, and detect fraud at big banks, among other tasks. But “human in the loop” remains the motto when it comes to trading real money. Perhaps for good reason.

“LLMs can’t really make money by themselves,” said Jay Azhang, founder of Nof1. “You need basically a very sophisticated harness and scaffolding and data platform in order to even give them a chance.”

LLMs are good at doing research and finding and deploying the correct tools for certain tasks, he said. But they don’t yet know how much each of the many variables that swing stocks — including things like analyst ratings, insider transactions, and sentiment shifts — actually matters. They tend to mistime their trades, incorrectly size positions and buy and sell too often.

The AI blog Flat Circle tracked 11 markets-related arenas, and all had at least one model that made money. But in only two of the arenas was the median model profitable, showing how most struggled to beat the market. 

That outcome mirrors human performance, since a majority of actively managed funds famously also lag the broad market. And just like people, the models can be prone to obvious bias. The arenas show the AI systems making very different decisions with identical instructions, which has big implications for any firm deploying them. For instance, Azhang said that in Alpha Arena’s latest run, Claude mostly wanted to go long, Gemini had no problem being short, and Qwen was comfortable taking risks with big leverage. 

“They have personalities that you have to manage almost like a human analyst,” said Doug Clinton, who runs Intelligent Alpha, a firm with an LLM-driven fund that publishes its own benchmark for how well AI predicts corporate earnings. Results can be improved by letting the model know it’s showing some bias, he said.

Intelligent Alpha’s benchmark gives 10 AI models access to financial filings, analyst forecasts, earnings transcripts, macroeconomic data and up to 10 web searches. With its narrower focus, the results are more positive for LLMs. In the fourth quarter of 2025, OpenAI’s ChatGPT correctly predicted the direction of earnings estimates 68% of the time — the best results yet. And the models, Clinton said, tend to improve with every new release.

Hedge Fund Secrets

Evaluating any of this is hard. Design choices in everything from how often the models run to what assets they trade makes a big difference. And the default test for a trading strategy — running it backward through history to see how it would have performed — doesn’t really work for AI. 

A model asked in 2026 how it would have traded in March 2020 already knows what March 2020 looked like. That contamination, known as lookahead bias, has challenged the frameworks underlying academic and quantitative finance for decades. LLMs have to be assessed in live markets instead, hence the proliferation of benchmarks and arenas.

Perhaps because they mostly lose money, AI trading arenas tend to run for only short periods of time. With the low barriers to entry, many are set up by individuals or startups using the platforms as a launchpad for other products.

Nof1 is preparing season two of Alpha Arena, which will give each AI model the ability to search the web, ponder for longer, access more data sources and take multiple steps. But ultimately the firm’s business is a system enabling retail traders to build AI trading agents for their own strategies.

“Giving an LLM money right now and just having it go — that’s not a thing yet,” said Azhang.

Most of the public experiments are still too short and too noisy to support firm conclusions, reckons Jim Moran, who writes the Flat Circle blog and who previously co-founded alternative-data provider YipitData. These arenas also have natural disadvantages, including limited access to proprietary stock research and inferior execution.

“If you took one of these agents from one of these arenas and you just moved it over to operate inside of a high-end hedge fund, they should perform better,” he said.

Alexander Izydorczyk, formerly head of data science at the hedge fund Coatue Management and now at NX1 Capital, recently wrote that no AI trading bot he tracks has yet shown a lasting edge. He argued the arenas are limited by what they cannot see in their training data: the practical quant techniques used inside secretive trading shops.

He suggested the same secrecy is also a preview of where any AI that does begin to work will eventually go.

“But beginners sometimes see things incumbents cannot,” Izydorczyk wrote on his personal blog. “The outsiders, if successful, will also learn quickly that success in liquid, competitive markets pays better than the marginal X follower. When LLM agent trading strategies start working, you will not hear about it for a while.” 

This article was provided by Bloomberg News.

 



Source link