Hacker News: stratoatlas

New comment by stratoatlas in "Copilot: Sorry, you have been rate-limited. Please wait 181 hours 8 minutes"

stratoatlas — Tue, 14 Apr 2026 22:10:30 +0000

Roman Kir. The unit of sale and the unit of cost diverged: stratoatlas.com/cases/case-a-ai-2026-046.html

New comment by stratoatlas in "Some LLM routers are injecting malicious tool calls"

stratoatlas — Sat, 11 Apr 2026 13:21:06 +0000

This feels different from prompt injection.

If the router modifies tool calls after the model already produced output, then the model isn't the failure point anymore — the transport layer is.

Is there any mechanism today that guarantees integrity between model output and what the client actually executes? Or are we relying entirely on trust in the routing layer?

New comment by stratoatlas in "Ask HN: AI in production feels "off" even when everything looks fine? OK 4 anon"

stratoatlas — Thu, 09 Apr 2026 11:08:10 +0000

If helpful — we’ve written up a few cases here: stratoatlas.com/cases But happy to reason from a rough description too.

Ask HN: AI in production feels "off" even when everything looks fine? OK 4 anon

stratoatlas — Thu, 09 Apr 2026 11:07:30 +0000

You shipped it. Metrics are green. And something still feels wrong — but you can't point to it. Everything passes checks, but you don't really trust the system.

Have you run into situations where: • velocity is up, but nobody can clearly explain what's happening anymore • nothing is obviously broken, yet things drift or fail in ways you can't reproduce • the same model is generating and "verifying", and it somehow always looks correct

We keep seeing situations like this. Not model failures — systems working as designed, but losing control at the system level.

A few recurring patterns: • verification built on the same agent that generates • metrics that look right, but track the wrong layer • oversight loops that exist formally, but exceed real human bandwidth • authority that can override, but has no independent signal to rely on

If you're in something like this — or you hit a point where it felt structurally wrong but you couldn't name it — we can try to map what's actually going on.

No need for a write-up. Rough description is enough. No code, data, or names required. Anonymous is fine.

DM or email: research[at]stratoatlas.com

Comments URL: https://news.ycombinator.com/item?id=47702073

Points: 1

# Comments: 1

New comment by stratoatlas in "Copilot edited an ad into my PR"

stratoatlas — Mon, 30 Mar 2026 20:03:09 +0000

Copilot added that block using the access you granted for a different purpose. That's the issue — not the content itself. When you give an agent write access to your PR, the implied scope is: act on the task I delegated. It doesn't include: acting on behalf of the platform that built you. The moment Copilot inserted something you didn't request, using your credentials, in your name, the agency relationship inverted. It stopped being your agent and became Microsoft's distribution channel with your access. The question isn't whether this counts as an "ad" or a "tip." The question is: does Copilot have an instruction source other than you? Here, the answer is yes. Which means you do not define the scope of what it might do with your access. You don't have an agent. You have a privileged process that occasionally helps you.