<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>Peakhour.IO - Machine Learning</title><link href="https://www.peakhour.io/" rel="alternate"></link><link href="https://www.peakhour.io/feeds/tag/machine-learning.atom.xml" rel="self"></link><id>https://www.peakhour.io/</id><updated>2025-09-01T00:00:00+10:00</updated><entry><title>Agentic AI vs. Your API</title><link href="https://www.peakhour.io/blog/agentic-ai-vs-your-api/" rel="alternate"></link><published>2025-09-01T00:00:00+10:00</published><updated>2025-09-01T00:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-09-01:/blog/agentic-ai-vs-your-api/</id><summary type="html">&lt;p&gt;Understand the shift from scripted bots to reasoning AI agents and how to adapt your security strategy for this new reality.&lt;/p&gt;</summary><content type="html">&lt;p&gt;For years, "bots" mostly meant simple, scripted programs. They followed rigid, predefined rules: if you see X, do Y. They were predictable. They could still do damage in attacks like credential stuffing, but their lack of intelligence made them relatively easy to detect. Their patterns were repetitive and clearly different from the complex, often messy, behaviour of human users.&lt;/p&gt;
&lt;p&gt;That model is no longer reliable. The emergence of open and powerful reasoning models like &lt;a href="/blog/agentic-ai-deepseek-changes-everything/"&gt;DeepSeek&lt;/a&gt; has given rise to a new class of automation: &lt;strong&gt;agentic AI&lt;/strong&gt;. These are not just scripts. They are autonomous agents that can reason, plan, and adapt their behaviour in real time. They don't need a human to write a script for every possibility. Give them a goal and they can work out the steps themselves. That changes the nature of automated threats, and security controls need to change with it.&lt;/p&gt;
&lt;h2&gt;The New API Consumer&lt;/h2&gt;
&lt;p&gt;Historically, APIs were consumed by two main groups: human users via a front-end application, and scripted bots following predictable patterns. Agentic AI introduces a third consumer, and one likely to become dominant. These AI agents are becoming primary users of web APIs, and they interact with them in materially different ways.&lt;/p&gt;
&lt;p&gt;An AI agent can analyse an entire API surface in seconds, understand the relationships between different endpoints, and generate complex interaction patterns that a human developer would rarely attempt. They don't just follow a linear path; they can explore, learn, and optimise their interactions to achieve their goals, whether that's finding the best price on a product, gathering data, or probing for security weaknesses.&lt;/p&gt;
&lt;h2&gt;New Security Challenges: The Self-Hacking AI&lt;/h2&gt;
&lt;p&gt;The reasoning capabilities of these agents introduce security challenges that static, rule-based systems are poorly equipped to handle. An agentic AI doesn't just throw known exploits at a system; it can probe its defences and invent new attacks as it goes.&lt;/p&gt;
&lt;p&gt;Consider a traditional Web Application Firewall (WAF) that relies on pattern-matching rules to block threats like SQL injection. An AI agent can send a series of carefully crafted requests, observe the WAF's responses, and systematically learn the structure of its rules. Once it understands the patterns the WAF is looking for, it can &lt;a href="/blog/ai-agents-custom-exploits/"&gt;generate a custom exploit&lt;/a&gt; designed to bypass those rules while still achieving its malicious objective.&lt;/p&gt;
&lt;p&gt;This isn't theoretical. Security teams are already reporting sophisticated attacks that adapt in real time, adjusting their tactics based on the system's defensive responses. These aren't simply pre-programmed behaviours; they are reasoning models at work.&lt;/p&gt;
&lt;h2&gt;A New Security Paradigm: From "Block Bots" to "Manage Agents"&lt;/h2&gt;
&lt;p&gt;The rise of agentic AI changes the security question. The old goal of "blocking all bots" is no longer viable or even desirable. AI agents will be used for both benign and malicious purposes. A customer's personal AI assistant booking a flight is useful automation; an attacker's AI agent trying to find vulnerabilities is not.&lt;/p&gt;
&lt;p&gt;Bot management cannot stop at trying to keep automation out. It needs the intelligence to &lt;strong&gt;safely identify and manage AI agents&lt;/strong&gt;. This requires moving away from static, signature-based detection and toward a more contextual, behavioural approach.&lt;/p&gt;
&lt;p&gt;The key questions will no longer be "Is this a human or a bot?" but rather:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;"What is the &lt;strong&gt;intent&lt;/strong&gt; of this automated agent?"&lt;/li&gt;
&lt;li&gt;"Is its behaviour consistent with a legitimate use case?"&lt;/li&gt;
&lt;li&gt;"Can we trust this agent?"&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;This requires a new generation of security tools that can understand and adapt to agent behaviour, distinguishing between the legitimate AI assistants that will soon be a core part of our digital lives and the malicious ones that seek to exploit our systems. Organisations that fail to prepare for this shift risk having their defences systematically tested, mapped, and bypassed by the next wave of intelligent, automated threats.&lt;/p&gt;</content><category term="AI"></category><category term="Bot Management"></category><category term="API Security"></category><category term="Threat Detection"></category><category term="DevSecOps"></category><category term="Machine Learning"></category><category term="Credential Stuffing"></category></entry><entry><title>Why Don't We Have an AI UI Yet?</title><link href="https://www.peakhour.io/blog/why-no-ai-interface-yet/" rel="alternate"></link><published>2025-07-20T00:00:00+10:00</published><updated>2025-07-20T00:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-07-20:/blog/why-no-ai-interface-yet/</id><summary type="html">&lt;p&gt;If AI is the next great computer interface, why are we still clicking on icons and navigating menus? Exploring the major hurdles standing between us and a true AI-native operating system.&lt;/p&gt;</summary><content type="html">&lt;p&gt;In my last post, I made the case that Artificial Intelligence is the next great computer interface: a way to translate our intentions directly into actions. It is a powerful idea, but it immediately raises the practical question. If this is the future, where is it? Why am I still clicking icons and navigating menus on my computer instead of just talking to it?&lt;/p&gt;
&lt;p&gt;The concept is much cleaner than the implementation. We are still a fair way from having a true AI-native interface, and there are some hard problems to solve before it becomes the main way we use a computer.&lt;/p&gt;
&lt;h3&gt;The Understanding Problem&lt;/h3&gt;
&lt;p&gt;The first challenge is that current AIs don't truly &lt;em&gt;understand&lt;/em&gt; things in the way humans do. When you ask an AI to "write a summary of last quarter's sales," it doesn't know what a "sale" is or what a "quarter" means to the business. It is an extremely capable pattern-matching machine that knows which words and concepts are statistically likely to follow your request.&lt;/p&gt;
&lt;p&gt;That is useful for generating text or code, but it can also lead to "hallucinations"—where the AI confidently makes things up. For a chatbot, that might be annoying. For a computer's operating system, it is a critical failure. You can't have an interface that might invent a file that doesn't exist or misinterpret a crucial command.&lt;/p&gt;
&lt;h3&gt;The Action and Safety Problem&lt;/h3&gt;
&lt;p&gt;An AI interface needs to do more than just talk; it needs to &lt;em&gt;act&lt;/em&gt;. It must be able to open programs, manage files, change settings, and send emails. That requires giving the AI deep access to the core functions of the operating system, which is where the idea stops feeling neat and starts feeling risky.&lt;/p&gt;
&lt;p&gt;How do you give an AI the power to delete files based on a verbal command without creating a massive security hole? How do you ensure it can't be tricked by a cleverly worded prompt (or an external attacker) into causing chaos on your system? Creating a safe and reliable bridge between the AI's language processing and the computer's functions is a hard engineering problem.&lt;/p&gt;
&lt;h3&gt;The Trust and Reliability Problem&lt;/h3&gt;
&lt;p&gt;For an AI interface to be useful, we have to trust it completely. If you tell it to "delete my old holiday photos from 2018," you need to be certain it won't misunderstand and delete your wedding photos or important work documents.&lt;/p&gt;
&lt;p&gt;This need for absolute reliability runs counter to the probabilistic nature of today's AI models. We can't have an interface that is "mostly right." It needs to be right every single time. The hard part is adding the necessary safeguards and confirmation steps without turning the whole thing into a slower version of the menus we were trying to escape.&lt;/p&gt;
&lt;h3&gt;The Speed and Cost Problem&lt;/h3&gt;
&lt;p&gt;Finally, there is a practical issue. Running the massive language models that would power such an interface is slow and computationally expensive. A good user interface needs to feel instant and responsive. If it takes ten seconds for an AI to process your request to open a web browser, it is not a better experience than just clicking the icon yourself. The hardware and software infrastructure isn't quite ready to deliver the seamless, real-time experience we would expect from a primary computer interface.&lt;/p&gt;
&lt;p&gt;These challenges aren't insurmountable, but they are significant. That is why I think AI will keep showing up first as powerful features within our existing apps and operating systems. Those narrower uses give it clearer jobs, tighter permissions, and more places for humans to confirm what is about to happen. The full AI interface may arrive eventually, but I don't think it appears all at once. It will earn trust in smaller pieces first.&lt;/p&gt;</content><category term="Interest"></category><category term="Machine Learning"></category></entry><entry><title>AI as the Translator Between Human and Machine</title><link href="https://www.peakhour.io/blog/ai-the-next-interface/" rel="alternate"></link><published>2025-07-19T00:00:00+10:00</published><updated>2025-07-19T00:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-07-19:/blog/ai-the-next-interface/</id><summary type="html">&lt;p&gt;We've gone from command lines to graphical interfaces. The next great leap in how we interact with computers won't be seen, it will be understood. AI is poised to become the ultimate translator between human intent and machine execution.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Think about how we've talked to computers over the years. At first, it was rigid and unforgiving. The command line expected the exact words, in the exact order. One typo, and you were met with an error. It was powerful, but only once you learned to speak the computer's language.&lt;/p&gt;
&lt;p&gt;Then came the graphical user interface, or GUI—the familiar world of windows, icons, and mouse pointers. That changed the relationship. You no longer had to memorise commands before you could do something useful. You could see your options, click on them, and drag things around. It made computers accessible to hundreds of millions of people because it was more intuitive. It was a visual conversation.&lt;/p&gt;
&lt;p&gt;But both of these interfaces, the command line and the GUI, share the same basic bargain: we adapt ourselves to the computer. We still have to navigate menus, find the right button, or remember a specific command. We take a goal in our head and break it into steps the computer understands.&lt;/p&gt;
&lt;p&gt;What if that translation was no longer mainly our job? What if the computer could understand our goal well enough to work out the steps?&lt;/p&gt;
&lt;p&gt;This is the next shift I find interesting, and it is powered by Artificial Intelligence. AI is starting to look less like another application and more like the next major interface. It's not a visual one with buttons and menus, but an intelligent one built on understanding.&lt;/p&gt;
&lt;p&gt;The idea is simple, even if the implementation is not: we state our intent, and the AI figures out the steps. Instead of clicking through five different menus to create a sales report, you could just say, "Show me last quarter's sales figures for the eastern region, and visualise it as a bar chart." The AI's job is to understand that request and then do the work: query the database, aggregate the data, select the right chart type, and present it to you. It acts as a translator between human language and the computer's machine language.&lt;/p&gt;
&lt;p&gt;We're already seeing the early stages of this. When you ask a smart assistant to play a song, or when an AI co-pilot writes code for you, you're using an intent-driven interface. You're not telling it &lt;em&gt;how&lt;/em&gt; to do the task; you're just telling it &lt;em&gt;what&lt;/em&gt; you want done.&lt;/p&gt;
&lt;p&gt;That shift matters because it moves some of the cognitive load from us to the machine. We no longer need to be experts in using a particular piece of software; we just need to be clear about what we want to achieve. This has the potential to democratise technology on a scale we've never seen before, making complex digital tools feel closer to a conversation than a training course.&lt;/p&gt;
&lt;p&gt;The future of computing isn't about learning more complex systems. It's about building systems that can learn from us. The interface of tomorrow won't be something we click on, but something we talk to, correct, and steer. That is the real change: technology that doesn't just follow instructions, but understands our goals.&lt;/p&gt;</content><category term="Interest"></category><category term="Bot Management"></category><category term="Machine Learning"></category><category term="DevSecOps"></category><category term="Technical"></category></entry><entry><title>From Research Paper to Running Code</title><link href="https://www.peakhour.io/blog/from-paper-to-code-with-ai/" rel="alternate"></link><published>2025-07-18T00:00:00+10:00</published><updated>2025-07-18T00:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-07-18:/blog/from-paper-to-code-with-ai/</id><summary type="html">&lt;p&gt;Exploring how AI can dramatically accelerate the process of turning complex academic research into functional code, with examples from anomaly detection to small LLMs.&lt;/p&gt;</summary><content type="html">&lt;p&gt;In my last post, I talked about my journey from typing &lt;code&gt;format c:&lt;/code&gt; on an old DOS machine to collaborating with AI. The part I keep coming back to still feels slightly unreal: turning academic research papers directly into working code.&lt;/p&gt;
&lt;p&gt;For years, the hard part was the distance between academia and industry. A good idea could be locked inside a dense, equation-heavy paper, and turning it into a practical tool could take a team of specialists weeks or months. You had to understand the mathematics, translate it into logic, write the code, and then debug all the places where the theory met the real world.&lt;/p&gt;
&lt;p&gt;Now my process looks completely different. I'll find an interesting paper, give it to an AI like Gemini, and say, "code this for me". It is a conversation, not just a command. We go back and forth, clarifying ambiguities in the paper and refining the implementation. What used to take weeks of painstaking effort can now be prototyped in an afternoon.&lt;/p&gt;
&lt;p&gt;Here are a few examples from my own experiments.&lt;/p&gt;
&lt;h3&gt;Anomaly Detection&lt;/h3&gt;
&lt;p&gt;I recently came across a paper detailing a new statistical method for detecting anomalies in time-series data. In the past, I would have spent days just trying to get comfortable with the mathematical models before writing a single line of code. This time, I fed the PDF to the AI. Within minutes, it had parsed the document and produced a Python implementation of the core algorithm. It was not perfect on the first go, but it was a solid, working foundation that we could test and refine together. The AI handled the heavy lifting of translation, leaving me to focus on validating and applying the model.&lt;/p&gt;
&lt;h3&gt;Customer Journey Mapping&lt;/h3&gt;
&lt;p&gt;Another area I have been looking at is using data to understand customer behaviour. There are academic papers that model how users interact with a website or product, mapping out their journey from discovery to purchase. Implementing these models used to be a serious undertaking. Now, I can give the AI a paper on a new journey mapping technique, and it can generate the code to analyse server logs or user event data and produce the kind of insights the paper describes. That makes it much easier to experiment with new ways of understanding our customers.&lt;/p&gt;
&lt;h3&gt;Building Small Language Models&lt;/h3&gt;
&lt;p&gt;This is where it gets really interesting. We can use large language models (LLMs) to help build smaller, more specialised ones. I've been experimenting with research papers that propose new, efficient LLM architectures. I can give one of these papers to a large AI and have it help me write the code for the smaller architecture. There is a beautiful irony in using a massive AI to help create its smaller, more nimble cousins. It speeds up the cycle of innovation inside the AI field itself.&lt;/p&gt;
&lt;p&gt;For me, the important change is the shorter loop between reading an idea, testing it, and getting it into use. The friction between a theoretical concept and a working prototype has been reduced almost to zero. That means I can explore more ideas, take more risks, and bring those research ideas into real use much faster than before.&lt;/p&gt;</content><category term="Interest"></category><category term="DevSecOps"></category><category term="Technical"></category><category term="Machine Learning"></category></entry><entry><title>When Bots Are Your Primary Users</title><link href="https://www.peakhour.io/blog/future-of-apis-bot-primary-users/" rel="alternate"></link><published>2025-02-12T14:00:00+11:00</published><updated>2025-02-12T14:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-02-12:/blog/future-of-apis-bot-primary-users/</id><summary type="html">&lt;p&gt;An exploration of how AI agents are reshaping API design principles and why we must evolve our approach to serve both machine and human consumers.&lt;/p&gt;</summary><content type="html">&lt;p&gt;APIs have mostly been designed for human developers first. Reasoning models like DeepSeek make that assumption weaker. If an agent can inspect an API, plan a sequence of calls, and adapt as it goes, it becomes a different kind of consumer.&lt;/p&gt;
&lt;p&gt;That is the part worth paying attention to. Many APIs still assume a human-first model while AI agents become regular, and in some cases primary, users. These are not simple scraping bots or automation scripts. Modern AI agents can plan, reason, and change their behaviour. They interact with APIs in ways many teams did not account for when they wrote their OpenAPI specifications and documentation.&lt;/p&gt;
&lt;p&gt;A human developer reads documentation, tries a few calls, and works through errors. An AI agent can process the whole API surface in seconds, generate thousands of possible interaction patterns, and test them systematically. That difference changes both API design and API security.&lt;/p&gt;
&lt;p&gt;The issue is not limited to technical specifications. API logs already show traffic patterns that challenge older assumptions. AI agents do not follow typical "business hours" usage. They do not slow down because a workflow becomes cognitively heavy. They process responses at machine speed and chain API calls in ways human developers rarely attempt.&lt;/p&gt;
&lt;p&gt;This shift forces us to rethink several core aspects of API design:&lt;/p&gt;
&lt;h3&gt;Structure and Format&lt;/h3&gt;
&lt;p&gt;Human-readable formats still matter, but they are not the only target. JSON and REST endpoints work well for developers who need to read and understand responses. For AI agents, there may be room for more efficient formats that optimise for machine processing rather than human comprehension.&lt;/p&gt;
&lt;h3&gt;Rate Limiting and Quotas&lt;/h3&gt;
&lt;p&gt;Most rate limiting models still assume human consumption patterns. AI agents operate at machine speed and scale. New models need to account for that processing capacity while still preventing abuse. That may mean moving from simple request counts to complexity-based quotas.&lt;/p&gt;
&lt;h3&gt;Authentication and Security&lt;/h3&gt;
&lt;p&gt;Traditional API keys and OAuth flows centre on human developers. AI agents need security models that account for how they operate. The hard problem is verifying the identity and intentions of an AI agent without weakening the security controls around the API.&lt;/p&gt;
&lt;h3&gt;Documentation and Discovery&lt;/h3&gt;
&lt;p&gt;API documentation still focuses on human understanding. For AI agents, machine-readable specifications need to go beyond OpenAPI. They should describe what endpoints do, not just how to call them.&lt;/p&gt;
&lt;p&gt;This also changes how we monitor and maintain APIs. Traditional metrics like response time and error rates remain useful, but they do not explain AI agent behaviour on their own. How do we measure the "success" of an API when its primary users are machines that can adapt to problems and work around them?&lt;/p&gt;
&lt;p&gt;Performance optimisation changes as well. A human developer might tolerate occasional latency. An AI agent can make thousands of calls per second, which puts more pressure on caching, edge computing, and response optimisation.&lt;/p&gt;
&lt;p&gt;APIs are likely to split into two parallel tracks: human-oriented interfaces that prioritise developer experience, and machine-oriented interfaces optimised for AI consumption. This is not a choice between one audience and the other. It is recognition that they have different needs.&lt;/p&gt;
&lt;p&gt;The challenge extends to business models. How do we price APIs when consumers are AI agents that can process information at machine scale? Traditional per-request pricing may not make sense when an AI can make millions of optimised calls that would take a human developer years to replicate.&lt;/p&gt;
&lt;p&gt;Residential proxies add another layer of complexity. They allow AI agents to appear as regular users, making it harder to distinguish between human and machine traffic. That pushes API access control beyond IP-based rate limiting.&lt;/p&gt;
&lt;p&gt;The ethical questions also matter. As APIs become primarily consumed by AI agents, teams need frameworks for responsible use. That includes asking how an API might be used inside AI systems, and what guardrails should sit around that access.&lt;/p&gt;
&lt;p&gt;This is not about replacing human developers. It is about recognising AI agents as a new class of API consumer, with their own needs and capabilities. API design, security, and management all need to account for that.&lt;/p&gt;
&lt;p&gt;The APIs we build today will sit under tomorrow's AI-driven systems. They need to be designed for both human and AI consumers, with clear decisions about discovery, access, rate limits, authentication, monitoring, and abuse controls.&lt;/p&gt;
&lt;p&gt;The shift to AI-first API design is already under way. The practical question is how quickly API practices can catch up.&lt;/p&gt;
&lt;p&gt;Our APIs have to evolve with their users.&lt;/p&gt;</content><category term="Security"></category><category term="Bot Management"></category><category term="API Security"></category><category term="Machine Learning"></category></entry><entry><title>Why Reasoning Models Like DeepSeek Change Everything</title><link href="https://www.peakhour.io/blog/agentic-ai-deepseek-changes-everything/" rel="alternate"></link><published>2025-02-03T08:13:00+11:00</published><updated>2025-02-03T08:13:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-02-03:/blog/agentic-ai-deepseek-changes-everything/</id><summary type="html">&lt;p&gt;How open reasoning models transform automation from rigid scripts to autonomous agents, fundamentally changing our approach to security and digital interactions.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Open reasoning models change how we need to think about automation and security. Looking at models like DeepSeek, the important shift is not another small gain in AI capability. It is the move towards autonomous agents that can plan, reason, and adapt without human guidance.&lt;/p&gt;
&lt;p&gt;This became clear while analysing recent credential stuffing attacks. The patterns showed attackers using AI agents to probe systems, identify vulnerabilities, and craft custom exploits. These were not pre-programmed scripts following rigid rules. They were agents making decisions based on the system's responses.&lt;/p&gt;
&lt;p&gt;The implications go beyond security. Consider how marketing teams usually approach A/B testing and campaign optimisation. Most tools and frameworks assume automation follows fixed paths: if this happens, do that. Reasoning models do not fit that model. They can work without predefined decision trees or explicit step-by-step instructions. They observe, learn, and create their own strategies.&lt;/p&gt;
&lt;p&gt;This forces us to rethink basic assumptions about digital interactions. When an API call could come from an AI agent rather than a script, how do we distinguish friend from foe? Traditional markers such as request patterns, user agents, and IP addresses carry less weight when an agent can analyse and adapt to detection methods.&lt;/p&gt;
&lt;p&gt;The same problem applies to customer engagement. Marketing funnels designed for human decision-making now face AI agents that can evaluate options systematically, compare alternatives across multiple sources, and make optimised choices. The customer journey stops being a neat linear path and becomes a space where AI agents operate alongside human users.&lt;/p&gt;
&lt;p&gt;Reasoning models also challenge the way we approach bot management. Traditional methods focus on identifying automated behaviour: patterns that deviate from human norms. But what happens when AI agents can mimic human behaviour while operating at machine speed? The line between human and automated traffic becomes harder to draw.&lt;/p&gt;
&lt;p&gt;Through conversations with security teams, I have seen this pattern emerge. They report sophisticated attacks that adapt in real-time, probing defences and adjusting tactics based on system responses. These are not pre-programmed behaviours. They are reasoning models understanding and responding to defensive measures.&lt;/p&gt;
&lt;p&gt;The business impact extends beyond security. Companies need to adapt digital infrastructure for a world where AI agents become primary users. That means rethinking API design, service architecture, and customer interaction models. The question is not whether to support AI agents, but how to do it safely and effectively.&lt;/p&gt;
&lt;p&gt;Authentication is a good example. Traditional systems often rely on proving human presence through CAPTCHAs, behaviour analysis, and device fingerprinting. In a world of reasoning models, we need approaches that focus on intent and trust rather than a simple human versus machine test.&lt;/p&gt;
&lt;p&gt;The path forward is a shift in perspective. Rather than only trying to block or restrict AI agents, we need systems that can interact with them safely. That means moving from static rule-based security to contextual analysis that understands and adapts to agent behaviour.&lt;/p&gt;
&lt;p&gt;The strategic implications for businesses are significant. Success in this environment requires a clear understanding of how reasoning models operate. Companies must redesign digital interfaces to support both human and AI interactions while maintaining security and control.&lt;/p&gt;
&lt;p&gt;From my analysis of current trends, this change is accelerating. Each advance in reasoning models expands their capability and autonomy. Organisations that adapt their strategies now will be better positioned as this digital environment changes.&lt;/p&gt;
&lt;p&gt;The rise of reasoning models is more than another technology upgrade. It changes how we approach automation, security, and digital interaction. Organisations need systems capable of engaging safely and effectively with autonomous AI agents.&lt;/p&gt;
&lt;p&gt;The question is not whether reasoning models will change business operations. They already are. The practical question is how quickly organisations can adapt their strategies and infrastructure, and whether they can do it without losing control of trust, security, and user experience.&lt;/p&gt;</content><category term="Security"></category><category term="DevSecOps"></category><category term="Bot Management"></category><category term="Credential Stuffing"></category><category term="Machine Learning"></category></entry><entry><title>Did Residential Proxies enable a $600 Billion loss?</title><link href="https://www.peakhour.io/blog/residential-proxies-deepseek/" rel="alternate"></link><published>2025-01-31T00:00:00+11:00</published><updated>2025-01-31T00:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-01-31:/blog/residential-proxies-deepseek/</id><summary type="html">&lt;p&gt;How residential proxy networks may have enabled DeepSeek to bypass AI platform protections, leading to Nvidia's historic market value loss&lt;/p&gt;</summary><content type="html">&lt;p&gt;The DeepSeek story puts &lt;a href="/learning/threat-detection/what-is-residential-proxy-detection/"&gt;residential proxy&lt;/a&gt; networks under scrutiny as a possible factor in
AI's latest market disruption. In January 2025, the Chinese startup's emergence erased $600 billion from Nvidia's market
value by demonstrating AI capabilities that match industry leaders at a fraction of the cost.&lt;/p&gt;
&lt;p&gt;The path to this capability raises a practical security question for AI platforms. Leading platforms protect their APIs with multiple security layers -
rate limiting to prevent mass data extraction, bot detection
to block automated requests, and geoblocking to restrict access from certain regions. These measures are meant to prevent the systematic collection of training data.&lt;/p&gt;
&lt;p&gt;Residential &lt;a href="/products/residential-proxy-detection/"&gt;proxy networks&lt;/a&gt; create a route around those protections. These networks route traffic through
household IP addresses, so requests appear to originate from homes in permitted regions.
A request from a restricted location could look like legitimate traffic from Sydney, Melbourne, or Perth.&lt;/p&gt;
&lt;p&gt;The circumstances suggest this approach is plausible. By distributing requests across millions of residential IPs worldwide,
each IP could maintain human-like patterns while staying below rate limits. The aggregate data could form a substantial
training set without triggering security alerts.&lt;/p&gt;
&lt;p&gt;Meta's lawsuit against Bright Data strengthens this possibility. The case exposed how proxy providers monetise residential
IPs, often without homeowners' knowledge. That model creates a global network capable of bypassing traditional security
measures - exactly the type of infrastructure needed for large-scale data collection.&lt;/p&gt;
&lt;p&gt;The residential proxy industry threatens $600 billion in business value through data theft and security bypasses.
DeepSeek's impact on Nvidia's market capitalisation highlights the real-world impact of residential proxies.&lt;/p&gt;
&lt;p&gt;For AI platforms, the question is operational. How can platforms distinguish between legitimate users and well-crafted
requests through residential proxies? When geographical restrictions lose meaning, what security measures remain effective?
Traditional &lt;a href="/blog/anti-fraud-residential-proxy-detection/"&gt;IP Intelligence based proxy detection&lt;/a&gt; based on historical
usage is no longer effective; per-connection proxy detection is essential.&lt;/p&gt;
&lt;p&gt;DeepSeek's emergence suggests AI security teams need to revisit their assumptions. The potential use of residential proxy networks
to dissolve digital borders challenges current approaches to platform protection.&lt;/p&gt;</content><category term="Residential Proxies"></category><category term="Residential Proxies"></category><category term="CDN"></category><category term="Bot Management"></category><category term="Machine Learning"></category><category term="API Security"></category><category term="Threat Detection"></category></entry><entry><title>Next-Generation Application Security Defence Strategies</title><link href="https://www.peakhour.io/blog/ai-powered-cyber-threats-application-security-defence/" rel="alternate"></link><published>2024-11-15T14:00:00+11:00</published><updated>2024-11-15T14:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2024-11-15:/blog/ai-powered-cyber-threats-application-security-defence/</id><summary type="html">&lt;p&gt;Comprehensive analysis of AI-powered cyber threats and how modern application security platforms defend against machine learning-driven attacks. Learn advanced defence strategies for the AI cybersecurity arms race.&lt;/p&gt;</summary><content type="html">&lt;p&gt;As I look at recent cyber threat activity, the pattern is clear enough: AI is no longer only a defensive tool. Attackers are using it to probe, adapt, and automate application-layer attacks.&lt;/p&gt;
&lt;p&gt;One recent incident made that plain. Our threat detection systems identified a series of probes against a client's infrastructure. These were not the typical brute-force attempts we are used to blocking. The attack patterns changed in real time, adapted to our defences, and probed for weaknesses in a way that pointed to AI-driven automation.&lt;/p&gt;
&lt;p&gt;The individual attempts were not the main concern. What mattered was how the attack system learned and adjusted its approach. When we blocked one vector, it shifted to another. When we implemented rate limiting, it distributed its attempts through residential proxies. The attack showed a common trait of AI systems: rapid iteration and learning from failure.&lt;/p&gt;
&lt;p&gt;This change in attack methodology puts real pressure on the traditional security model. Static defences, including controls that looked strong only months ago, are easier to route around. They might stop obvious threats, but more capable AI-powered attacks can keep testing the edges until they find a path.&lt;/p&gt;
&lt;p&gt;The threat landscape has shifted in three practical ways. First, AI enables attacks to adapt and evolve in real time. Second, residential proxies give attackers a distributed network of IP addresses that appear legitimate, making traffic origin verification much harder. Third, AI can analyse and mimic legitimate user behaviour patterns closely enough to bypass traditional bot detection.&lt;/p&gt;
&lt;p&gt;These changes require a change in defence strategy. Identifying and blocking known attack patterns still matters, but it is no longer enough on its own. We need systems that can anticipate and adapt to new threats as quickly as they emerge.&lt;/p&gt;
&lt;p&gt;In our security operations, we've begun implementing what we call "contextual defence dynamics." The approach moves beyond simple pattern matching to analyse the intent and behaviour behind each request. We examine not just what a request does, but how it fits into broader patterns of behaviour and what it might indicate about the attacker's objectives.&lt;/p&gt;
&lt;p&gt;That approach has already proved useful. When we implemented contextual defence dynamics for a major e-commerce client, we identified and blocked an AI-powered credential stuffing attack that had evaded traditional detection methods for weeks. The attack used residential proxies to distribute its attempts and mimicked human behaviour patterns, but our system identified subtle anomalies in its timing and response patterns.&lt;/p&gt;
&lt;p&gt;That case highlighted a useful point: while AI-powered attacks grow more sophisticated, they still exhibit patterns. Those patterns may not appear in individual actions, but they do appear in broader behaviour and objectives. By shifting our focus from blocking specific actions to understanding and responding to these broader patterns, we can maintain effective defences even against evolving threats.&lt;/p&gt;
&lt;p&gt;This approach requires a different way of thinking about security. We must move from a model of static defences to one of dynamic response. Our security systems must learn and adapt as quickly as the threats they face. This means implementing machine learning systems that can identify new attack patterns, updating defence strategies in real time, and maintaining awareness of emerging threat vectors.&lt;/p&gt;
&lt;p&gt;The implications extend beyond technical implementation. Organisations need to treat security budgets and strategies as ongoing commitments, not one-off purchases. The era of "set and forget" security solutions has ended. Continuous adaptation and review now sit at the centre of effective defence.&lt;/p&gt;
&lt;p&gt;I expect this arms race to keep accelerating. AI will continue to enhance both attack and defence capabilities. The organisations that maintain strong security will be those that accept this dynamic and build their defences around continuous adaptation.&lt;/p&gt;
&lt;p&gt;For security professionals, this means developing new skills and approaches. We must understand not just the technical aspects of security, but the patterns of attack and defence that emerge in AI-driven systems. We must build systems that can learn and adapt, and we must be prepared to change strategy as the threat landscape evolves.&lt;/p&gt;
&lt;p&gt;The security arms race has entered a new phase. The advantage will not sit with the strongest static defences alone, but with teams that can adapt and evolve their protection strategies in real time. The focus must shift from building walls to creating intelligent, adaptive defence systems that can match the sophistication of AI-powered threats.&lt;/p&gt;
&lt;p&gt;This shift in security thinking is practical, not theoretical. The threats we face are becoming more capable, and defensive tooling is improving as well. The important step is recognising the change and adapting how we build, operate, and review application security controls.&lt;/p&gt;</content><category term="Security"></category><category term="Threat Detection"></category><category term="Machine Learning"></category><category term="DevSecOps"></category><category term="Bot Management"></category><category term="DDoS"></category><category term="Application Security"></category></entry><entry><title>Setting Up A Chia Hobby Farm</title><link href="https://www.peakhour.io/blog/setting-up-a-chia-hobby-farm/" rel="alternate"></link><published>2021-04-30T13:00:00+10:00</published><updated>2021-04-30T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2021-04-30:/blog/setting-up-a-chia-hobby-farm/</id><summary type="html">&lt;p&gt;Chia is a new blockchain aiming to one up Bitcoin that's taking the crypto world by storm. We decided to jump on the bandwagon.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Here at Peakhour, when we're not making websites faster and more secure, we like new tech and we like a good scheme. We ran Seti@home while at uni,
and mined some bitcoin back in its early days (unfortunately we don’t have them anymore). Just recently we
decided to set up a Chia farm, not the super-food Chia, but the new crypto coin Chia!&lt;/p&gt;
&lt;h2&gt;What is Chia?&lt;/h2&gt;
&lt;p&gt;Chia is not just a cryptocurrency; it is a brand new blockchain and smart transaction platform that implements the first new
&lt;a href="https://coinmarketcap.com/alexandria/article/what-is-the-nakamoto-consensus" target="new"&gt;Nakamoto consensus&lt;/a&gt; algorithm since Bitcoin.
It was invented by the engineer behind BitTorrent, Bram Cohen, who set out to address the shortcomings of Bitcoin.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://www.chia.net" target="new"&gt;Chia network&lt;/a&gt; is set to officially launch on May 3rd, and the crypto world is going crazy getting ready.&lt;/p&gt;
&lt;h2&gt;I thought Bitcoin was great, what’s wrong with it?&lt;/h2&gt;
&lt;p&gt;The major flaws that Chia sets out to address are:&lt;/p&gt;
&lt;h3&gt;The environmental impact&lt;/h3&gt;
&lt;p&gt;Without getting too technical, Bitcoin relies on very intensive computations to verify transactions (Proof of work).
These computations are carried out by 'miners' who are rewarded for their efforts from an ever decreasing pool of
possible bitcoin. As the blockchain gets older, the verification gets harder, and as a result the Bitcoin network is now
consuming as much electricity as a &lt;a href="https://www.bloomberg.com/news/articles/2021-04-13/bitcoin-power-consumption-jumped-66-fold-since-2015-citi-says" target="new"&gt;mid-sized country like Argentina&lt;/a&gt;.
Huge mining operations have been set up in China,
and some even have dedicated power plants. One poster child for the environmental impacts of bitcoin is an Australian
startup looking to &lt;a href="https://www.cnet.com/news/blockchain-coal-power-plant-mining-bitcoin-cryptocurrency/" target="new"&gt;reopen a decommissioned coal power plant to power its mining operations&lt;/a&gt;.&lt;/p&gt;
&lt;h3&gt;Possibility of manipulation&lt;/h3&gt;
&lt;p&gt;The huge energy requirements have led to massive server farms in cool regions near cheap electricity, concentrating
mining in the hands of a few large players. This centralisation opens up Bitcoin to the possibility of manipulation
as anyone with 50% of the network can effectively change the blockchain.&lt;/p&gt;
&lt;h2&gt;How does Chia address these issues with Bitcoin?&lt;/h2&gt;
&lt;p&gt;Chia has implemented a new consensus algorithm called proof of space and time. It relies on unused hard disk space,
which lots of people have and can use free of charge. Again, without getting too technical, 'Farmers' seed unused
space on their hard drive/SSD with 'plots' of cryptographic numbers. When verifying transactions, the network issues a
challenge to the farmers, who then scan their plots for the closest answer. The farmer passes this answer back to a server on
the network known as a 'timelord'. The farmer with the closest answer is rewarded with a coin.&lt;/p&gt;
&lt;p&gt;The more 'plots' a farmer has, the higher the chance of winning a coin.&lt;/p&gt;
&lt;h2&gt;Setting up the Farm&lt;/h2&gt;
&lt;p&gt;We got excited about the idea of Chia being the next big thing and decided to hitch a ride on the bandwagon. We had a spare old
computer lying around, so we decided to fill it up with as much storage as we could find and farm some Chia!&lt;/p&gt;
&lt;p&gt;To set up a farm you need as much space for plots as you can get your hands on. The speed of this space
is not critical, so you can use spinning drives. We found 12-terabyte NAS drives to be the sweet spot for bang for buck,
and opted for 4x Seagate Ironwolf NAS drives from Scorptec. (Note: they’ve gone up $40 since we bought them!)&lt;/p&gt;
&lt;p&gt;Seeding the plots, however, is VERY disk intensive, so you need speedy and reliable SSDs. Since they don't have moving
parts you'd think that SSDs would be very reliable, but just like spinning drives, they wear out and eventually die.
SSDs come with a TBW (Terabytes Written) rating which estimates the amount of writes you can do before the drive will die.
Popular consumer SSDs like a 500GB Samsung EVO 870 have a TBW rating of 300. Chia recommends getting server-grade SSDs
that have ratings into the Petabytes, but of course they come with a price to match.&lt;/p&gt;
&lt;p&gt;We were limited by the age of our available motherboard, so we could only choose from SATA3-compatible drives. Appropriate enterprise
SSDs were also unavailable, so in the end we settled on 500GB Seagate Firecuda 120s that are rated at 700 TBW (also
from Scorptec). We decided on two so we could double the plotting rate.&lt;/p&gt;
&lt;p&gt;Now we had our hands on the drives, we just had to install everything. Within a few hours of transferring components and
wiring it up we were good to go and started plotting.&lt;/p&gt;
&lt;div class="text-center"&gt;
&lt;img src="/static/images/blog/chia-farm.jpg" alt="HTTP Request Detail" style="width: 60%;" /&gt;&lt;br/&gt;
&lt;em&gt;Our Chia Farm!&lt;/em&gt;
&lt;/div&gt;

&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Our old hardware limits the speed of the SSDs and therefore the number of plots we generate. We're managing around 10 plots a day and will need close to 500 before we’ve filled the available storage.&lt;/p&gt;
&lt;p&gt;When we bought our equipment (28th April) the &lt;a href="https://chiacalculator.com/" target="new"&gt;chia calculator&lt;/a&gt; showed
that we’d be earning around a coin a day when fully plotted. However, with the official launch of Chia imminent, the network has exploded in growth, passing 1 Exabyte (1000 Terabytes) just one day ago. It's now up to 1.68 Exabytes! So unfortunately our estimated time to a coin is down to one every 7 days. That’s still pretty good though, and if Chia does end up supplanting Bitcoin we might just make back the setup costs.
It has been a fun exercise, even if we did spend too long on it, and if it does end up being a flash in the pan we can always use the drives for something else….&lt;/p&gt;</content><category term="Interest"></category><category term="Features"></category><category term="Machine Learning"></category><category term="Networking"></category><category term="Residential Proxies"></category><category term="TLS"></category><category term="CDN"></category></entry></feed>