To Q2 or Not to Q2? Spoiler: It’s Not. (Benchmarking Qwen 3.5 397B) TL;DR: I took the brand new Qwen 3.5 397B multimodal model for a spin on my Mac Studio (M3 Ultra, 512GB RAM). I quantized it down to 2-bit, 3-bit, 6-bit, and 8-bit to test vision capabilities for a local video editing workflow. Spoiler: Q2 is gibberish, Q3 is surprisingly capable, and Q6 is the Goldilocks zone. Bigger isn't always better when speed is the game.

Late night lab with the new Qwen 3.5 397B on my Mac Studio M3 Ultra! 🖥️ Testing quant limits for local video editing—spoiler: Q6 is the sweet spot. 🦞 Also, huge congrats to @steipete on joining OpenAI! Can’t wait to see the next gen of agents. Full breakdown in the article! 👇 #AI #OpenClaw

🎄 An Ode to Santa Claude.md 🤖 From 'Nano Bananas' to Blackwell server meltdowns: A festive, slightly unhinged recap of the 12 months of AI in 2025. Join me for 'An Ode to Santa Claude' as I attempt to parse a year of hyper-acceleration without losing my mind. Includes a free downloadable Claude.md survival guide!

On the 12th month of '25, the AI gods sent to me: 12 Grok sass-bots 11 OpenAI reasoners 10 Gemini Bananas 🍌 ...and a total cognitive meltdown.

Read my full "Ode to Santa Claude" and download the 2025 Survival Guide. #AI #TechHumor #Llama4 #SantaClaude

The Road to Tomorrow: Agents, AGI, and a PA Named “Loraine” The final post in my 5-part AI series is live! After a wild week of AI releases (looking at you, GPT-5 👀), we're moving beyond chatbots to proactive AI AGENTS. Think assistants that don't just answer, but anticipate and act. I explore this future with my product idea, "Loraine" - an OS for your life. The future is bright, but we have to build it right. #AI #AGI #AIAgents #FutureTech #AIEthics #GeekWithThePeak

The Road to Tomorrow: Agents, AGI, and a PA Named “Loraine”

The final post in my 5-part AI series is live! After a wild week of AI releases (looking at you, GPT-5 👀), we're moving beyond chatbots to proactive AI AGENTS. Think assistants that don't just answer, but anticipate and act. I explore…

The AI Elephant in the Room: Cost, Carbon, and Careers The AI revolution is here, but are we talking about the real price of admission? In today's post (4/5 in my series), I'm tackling the elephant in the room: the uncomfortable truths behind the AI hype. The Financial Cost: Training models like GPT-4 costs over $100M, a game only for giants. The Environmental Cost: The "Sustainability Paradox" shows AI's resource hunger is clashing with corporate green pledges. Microsoft's emissions are UP 30% since their 2020 carbon-negative goal, largely due to AI. The Human Cost: We're seeing an "entry-level extinction event" as AI automates junior roles.

Let's get real about AI. Beyond the cool demos, there's an elephant in the room.

Cost: It costs >$100M to train a model like GPT-4.

Carbon: AI's energy use is making a mockery of "green" pledges.

Careers: The entry-level job is going extinct.

In post 4/5, I break down the true price of AI!

Putting AI to Work: Enterprise RAG with Low-Code and Pro-Code Your shiny new LLM knows nothing about your business. The fix? Retrieval-Augmented Generation (RAG). In post 3/5 of my AI series, I explore two ways to build it: The low-code way with @n8n_io 🚀 The pro-code way with @LangChainAI 👨‍💻 This is creating an "AI Barbell Effect" on skills. Find out which tool is right for you.

In today's post (3/5 in my AI series), I'm breaking down how to build enterprise-grade RAG solutions using two different but equally important approaches:

The Low-Code Path with n8n: For rapid prototyping and empowering business users.
The Pro-Code Path with LangChain: For building robust, ........

From Prompt to Production: Building CraicGPT.ie with an AI Co-Pilot We've all seen the slick AI demos, but what's it really like to build a project from scratch with an AI co-pilot? In the second post of my 5-part series, I'm pulling back the curtain on the development of craicgpt.ie. I share the good (rapid boilerplate generation with the new Claude Opus 4.1), the bad (wrestling with the buggy launch version of GPT-5), and the ugly (a very messy commit history!). My conclusion? Today's AI is less of a "job-stealing robot" and more of a brilliant, but inconsistent, intern. The real value still lies in the human engineer's ability to guide, validate, and integrate. It's a new era of "vibe coding," and it's incredibly exciting.

Forget the demos. What's it ACTUALLY like to code with an AI?

I built a whole website, craicgpt.ie, with an AI co-pilot. It wasn't a one-shot prompt. It was a messy, iterative process of engineering.

My verdict: AI is a brilliant intern, not a senior dev.

Blog Post 2/5 is live! 👇

The Starting Gun: Navigating the AI Gold Rush (And This Week’s Utter Chaos) What a week for AI! We saw a tale of two launches: Anthropic's polished, professional release of Claude Opus 4.1, and OpenAI's chaotic, powerful, and frankly baffling debut of GPT-5. The pace is exhilarating and, let's be honest, a bit mad. This week, I'm kicking off a 5-part blog series to navigate this new gold rush from the perspective of an "AI Engineer." My goal is to cut through the hype and share what it's really like to build with these powerful new tools in the enterprise—warts and all. Today's post sets the stage, comparing this moment to the public cloud revolution and recapping the drama of the past few days. Join me for the ride! #AI #ArtificialIntelligence #LLM #GPT5 #Claude #Tech #Innovation #AIEngineering

The AI world is on fire! 🔥 This week gave us Anthropic's slick Claude Opus 4.1 release and OpenAI's... well, let's call the GPT-5 launch 'memorable'. 😅

I'm launching a 5-part blog series to make sense of it all from an engineer's perspective.
#AI #LLM #GPT5 #Claude #Tech #Innovation

Beyond the Cone of Shame: Taming the Password Beast with 1Password (Yes, Even for Netflix!) Drowning in passwords for home (Netflix!) and work? Avoid the 'Cone of Shame' with a password manager. I explain why 1Password is essential digital hygiene, how its family features bring peace of mind, and how the same tool streamlines my secure DevSecOps setup using the CLI.

Beyond the Cone of Shame: Taming the Password Beast with 1Password (Yes, Even for Netflix!)

Drowning in passwords for home (Netflix!) and work? Avoid the 'Cone of Shame' with a password manager. I explain why 1Password is essential digital hygiene, how its family features bring peace of mind, and…

Why thanks Tim & team @ Apple - Happy New Year to you too!!!

Empowering Developers: Tools for Secure Coding (11/12) Developers play a crucial role in the Software Development Lifecycle (SDLC) but face pressure to deliver quickly and securely. Empowering them with tools like Aqua's IDE integrations and SBOMs integrates security into coding workflows. This proactive approach addresses vulnerabilities early, enhances collaboration, and aligns with DORA and NIS 2 resilience objectives.

By empowering developers with actionable security insights and seamless tools, organisations can ensure secure coding practices become an integral part of the development workflow.

Benchmarking Success: Adopting Standards and Frameworks (10/12) CIS benchmarks offer a standardized approach to enhancing cloud security and ensuring compliance with regulations like NIS 2 and DORA. Utilizing Aqua’s CSPM tools facilitates benchmark testing, customized configurations, and progress monitoring, thereby improving security practices while maintaining technical and regulatory alignment. This promotes resilience against emerging threats.

For compliance with NIS 2 and DORA, benchmarks act as a measurable standard for risk mitigation and operational resilience. By aligning your organisation’s practices with recognised frameworks, you gain both technical and regulatory confidence.

Reducing Noise: Optimising Alerts and Incident Reporting (9/12) Optimised alerting is crucial for cybersecurity teams to effectively prioritize threats and improve response times. Poorly tuned alerts can lead to fatigue and missed incidents. Aqua CNAPP enhances alert management by customizing thresholds, suppressing false positives, and integrating with SIEM, enabling organizations to meet compliance requirements and respond more efficiently to genuine risks.

For organisations operating under NIS 2 and DORA, effective incident management is a core requirement. Clear, actionable alerts not only improve operational efficiency but also ensure compliance with incident response protocols.

Securing the CI/CD Pipeline: Integration Best Practices (8/12) Securing CI/CD pipelines is essential for modern software delivery, as they can become vulnerable to attacks due to misconfigurations and unpatched dependencies. Integrating Aqua's security tools ensures early detection of vulnerabilities, compliance enforcement, and effective management of supply chain risks, ultimately strengthening software resilience and protecting applications throughout the development lifecycle.

Securing CI/CD pipelines ensures vulnerabilities are addressed early, saving time and costs while preventing breaches. DORA emphasises the importance of embedding resilience throughout the development lifecycle, and integrating Aqua’s tools into CI/CD...

From Pilot to Scale: Expanding CNAPP Across Teams (7/12) The success of a pilot program marks the start of scaling CNAPP implementation across teams. This ensures uniform security practices and comprehensive vulnerability coverage, addressing challenges like varying technical expertise. Structured onboarding, role delegation, and regular audits enhance consistency and operational resilience in line with NIS 2 and DORA principles, strengthening overall security.

Scaling effectively requires a structured approach to onboarding new teams while maintaining the momentum and best practices established during the pilot phase. For organisations aligned with NIS 2 and DORA, this process reinforces the principles of opera

Real-Time Protection: Monitoring Active Workloads (6/12) Runtime protection is vital for securing active workloads against evolving threats like privilege escalations and fileless malware. Aqua CNAPP enhances safety through various enforcers and predefined policies, enabling real-time monitoring and incident response. This approach ensures compliance with DORA requirements and transforms production environments into secure, resilient fortresses.

Real-Time Protection: Monitoring Active Workloads (6/12)

Runtime protection is vital for securing active workloads against evolving threats like privilege escalations and fileless malware. Aqua CNAPP enhances safety through various enforcers and predefined policies, enabling real-time monitoring…

Dashboard Insights: The Value of Centralised Visibility (5/12) Centralised visibility in cybersecurity is crucial for informed decision-making, enabling teams to monitor vulnerabilities and compliance effectively. Aqua's dashboards facilitate tailored reporting, real-time insights, and progress tracking against industry standards like NIS 2 and DORA. This approach enhances collaboration, improves operational resilience, and empowers strategic leadership decisions.

Dashboard Insights: The Value of Centralised Visibility (5/12)

Centralised visibility in cybersecurity is crucial for informed decision-making, enabling teams to monitor vulnerabilities and compliance effectively. Aqua's dashboards facilitate tailored reporting, real-time insights, and progress…

Building Global Compliance: Establishing Assurance Policies (4/12) Assurance policies are crucial for managing compliance within NIS 2 and DORA frameworks. They establish clear guidelines to prioritise vulnerabilities and align team efforts with organisational goals. Utilising tools like Aqua CNAPP helps define critical controls, enforce standards, and support secure software delivery, fostering resilience and effective risk management.

Building Global Compliance: Establishing Assurance Policies (4/12)

Assurance policies are crucial for managing compliance within NIS 2 and DORA frameworks. They establish clear guidelines to prioritise vulnerabilities and align team efforts with organisational goals. Utilising tools like Aqua…

Scanning the Horizon: Shifting Security Left in the Software Supply Chain (3/12) Shifting security left integrates risk management early in the development process, particularly for cloud-native applications. By utilizing Aqua's scanning tools in CI/CD pipelines, organizations can identify vulnerabilities sooner and comply with NIS 2 and DORA regulations. This proactive approach enhances security and operational resilience in software delivery.

Scanning the Horizon: Shifting Security Left in the Software Supply Chain (3/12)

Shifting security left integrates risk management early in the development process, particularly for cloud-native applications. By utilizing Aqua's scanning tools in CI/CD pipelines, organizations can identify…

Starting Small: Picking Pilot Teams for Initial Implementation (2/12) Introducing security measures across an entire organisation can be daunting, especially when teams are juggling tight deadlines and complex workloads. Starting with a smaller, more manageable pilot ensures that early adoption is focused, measured, and free from unnecessary disruption. By working with pilot teams, you create a controlled environment to test workflows, establish baselines, and build confidence before scaling to the broader organisation.

By working with pilot teams, you create a controlled environment to test workflows, establish baselines, and build confidence before scaling to the broader organization. This approach not only minimizes risk but also aligns perfectly with NIS 2 and DORA

All I Want for Christmas is a Zero Vulnerability Count (1/12) Reflecting on a fruitful year at Aqua Security, the author expresses gratitude for gained insights and collaborative achievements in container security. As 2025 approaches, they share key learnings as a Technical Customer Success Manager, emphasizing the necessity of clearly defined roles within teams for effective Cloud Native Application Protection Platform implementations and regulatory compliance.

This blog series encapsulates my insights as a Technical Customer Success Manager over the past 12 months, offering a high-level walkthrough of successful Cloud Native Application Protection Platform (CNAPP) implementations. (1/12)