InfoQ Homepage Articles
-
/articles/securing-autonomous-ai-agents-kubernetes/en/smallimage/securing-autonomous-ai-agents-kubernetes-thumbnail-1777378848477.jpg)
Securing Autonomous AI Agents on Kubernetes: Trust Boundaries, Secrets, and Observability for a New Category of Cloud Workload
Autonomous AI agents break Kubernetes security assumptions with dynamic dependencies, multi-domain credentials, and unpredictable resource use. This article covers production-tested patterns: Job-based isolation, Vault for scoped short-lived credentials, a four-phase trust model from shadow mode to autonomous operation, and observability for non-deterministic reasoning cycles.
-
/articles/dpop-key-storage-unsolved-problem/en/smallimage/dpop-key-storage-unsolved-problem-thumbnail-1777296488937.jpg)
The DPoP Storage Paradox: Why Browser-Based Proof-of-Possession Remains an Unsolved Problem
DPoP closes a real gap in OAuth 2.0. Sender-constrained tokens are a meaningful upgrade over bearer tokens for any client that can implement them. But RFC 9449's silence on browser key storage creates the need for an architectural decision that each team must confront deliberately — there is no safe default that works everywhere.
-
/articles/ai-code-guardian/en/smallimage/ai-code-guardian-thumbnail-1776157217464.jpg)
CodeGuardian: A Model Context Protocol Server for AI-Assisted Code Quality Analysis and Security Scanning
CodeGuardian is an MCP server that extends AI coding assistants with comprehensive code quality and security analysis capabilities. By implementing eleven specialized tools, CodeGuardian enables developers to access enterprise-grade analysis directly through their AI assistant, eliminating context-switching and reducing friction in adopting secure coding practices.
-
/articles/mcp-java-architectural-strategy-llm-integrations/en/smallimage/mcp-java-architectural-strategy-llm-integrations-thumbnail-1776772947180.jpg)
MCP in the Java World: Bringing Architectural Strategy to LLM Integrations
Discover how the Model Context Protocol (MCP) Java SDK is establishing a new architectural discipline for enterprise LLM integrations. By defining explicit contracts and leveraging MCP servers as anti-corruption layers, it ensures governance, loose coupling, and security alignment with the JVM ecosystem and existing operational practices, moving integrations beyond fragility to resilience.
-
/articles/orchestrating-agentic-multimodal-ai-pipelines-apache-camel/en/smallimage/orchestrating-agentic-multimodal-ai-pipelines-apache-camel-thumbnail-1776763980414.jpg)
Orchestrating Agentic and Multimodal AI Pipelines with Apache Camel
In this article, author Vignesh Durai discusses how agentic and multimodal AI systems can be engineered using Apache Camel and LangChain4j technologies. The key components in the solution include LLM-based reasoning, retrieval-augmented generation (RAG), and image classification.
-
/articles/sovereign-fault-domains-cloud-resilience/en/smallimage/sovereign-fault-domains-cloud-resilience-thumbnail-1776430533702.jpg)
When a Cloud Region Fails: Rethinking High Availability in a Geopolitically Unstable World
Sovereign fault domains are failure boundaries defined by legal, political, or physical jurisdiction rather than hardware topology. The article maps geopolitical events to known distributed-systems failure modes, argues multi-region should replace multi-AZ as the HA baseline for systems crossing jurisdictions, and outlines design patterns, chaos experiments, and an ALE model to justify the spend.
-
/articles/redesign-pdf-table-extraction/en/smallimage/redesign-pdf-table-extraction-thumbnail-1776414059821.jpg)
Redesigning Banking PDF Table Extraction: a Layered Approach with Java
PDF table extraction often looks easy until it fails in production. Real bank statements can be messy, with scanned pages, shifting layouts, merged cells, and wrapped rows that break standard Java parsers. This article shares how we redesigned the approach using stream parsing, lattice/OCR, validation, scoring, and selective ML to make extraction more reliable in real banking systems.
-
/articles/building-trpc-api-typescript/en/smallimage/building-trpc-api-typescript-thumbnail-1776246612091.jpg)
Building Production-Ready tRPC APIs: the TypeScript Alternative to Apollo Federation
This article details our migration from Apollo Federation to a TypeScript-based tRPC stack, which resulted in an 89% reduction in bugs and 67% faster response times. It also covers the mistakes we made, the unexpected performance gains, and an overview of the production architecture we use today to handle 2.4 million daily requests with 99.97% uptime.
-
/articles/lakehouse-sql-identifier-rules/en/smallimage/lakehouse-sql-identifier-rules-thumbnail-1776241856705.jpg)
Lakehouse Tower of Babel: Handling Identifier Resolution Rules across Database Engines
Lakehouse architectures enable multiple engines to operate on shared data using open table formats such as Apache Iceberg. However, differences in SQL identifier resolution and catalog naming rules create interoperability failures. This article examines these behaviors and explains why enforcing consistent naming conventions and cross-engine validation is critical.
-
/articles/lambda-extension-deferred-flush/en/smallimage/lambda-extension-deferred-flush-thumbnail-1775648097720.jpg)
Using AWS Lambda Extensions to Run Post-Response Telemetry Flush
At Lead Bank, synchronous telemetry flushing caused intermittent exporter stalls to become user-facing 504 gateway timeouts. By leveraging AWS Lambda's Extensions API and goroutine chaining in Go, flush work is moved off the response path, returning responses immediately while preserving full observability without telemetry loss.
-
/articles/enterprise-grade-observability-extension-docker/en/smallimage/enterprise-grade-observability-extension-docker-thumbnail-1775560652994.jpg)
Beyond One-Click: Designing an Enterprise-Grade Observability Extension for Docker
Docker Extensions boost developer speed but create a "visibility gap" by isolating telemetry. To meet enterprise needs, extensions must act as bridges to centralized platforms. This article details how to use OpenTelemetry, policy-as-code, and encryption to build secure pipelines. Learn to balance developer productivity with the governance required for scalable, compliant observability.
-
/articles/spring-team-spring-7-boot-4/en/smallimage/spring-team-spring-7-boot-4-thumbnail-1775634533622.jpg)
The Spring Team on Spring Framework 7 and Spring Boot 4
InfoQ recently spoke with key members of the Spring team about the significant architectural and functional advancements in Spring Framework 7 and Spring Boot 4. This conversation explores the strategic shift toward core resilience by integrating features such as retry and concurrency throttling directly into the framework, alongside the performance benefits of modularizing auto-configurations.