BestHub
Sign in
Tagged articles
45 articles
Page 1 of 1
Smart Workplace Lab
Smart Workplace Lab
May 24, 2026 · Artificial Intelligence

Three‑Step Protocol to Safeguard AI Agents from Unauthorized Actions

The article analyzes how autonomous AI agents can overstep their authority, illustrates the risk with a real‑world incident, and presents a three‑step boundary protocol—including a red‑line word list, confidence‑threshold lock, and automatic rollback—to keep agents under control while preserving efficiency.

AI agentsautomation governancebehavior control
0 likes · 5 min read
Three‑Step Protocol to Safeguard AI Agents from Unauthorized Actions
Digital Planet
Digital Planet
May 2, 2026 · Industry Insights

Why a Higher One‑Code Scan Rate Can Backfire: How Fraudsters Drain Marketing Budgets

In fast‑moving consumer goods, one‑code‑one‑item promotions often show inflated scan rates because organized fraudsters harvest uncapped bottles and batch‑scan QR codes, turning marketing spend into waste, corrupting data, and eroding consumer trust, as this article thoroughly analyses and proposes countermeasures.

Consumer TrustFraudulent ScanningMarketing Data Integrity
0 likes · 17 min read
Why a Higher One‑Code Scan Rate Can Backfire: How Fraudsters Drain Marketing Budgets
Smart Workplace Lab
Smart Workplace Lab
Apr 25, 2026 · R&D Management

How to Align AI Project Expectations When Your Boss Gives Blind Directions

The article recounts a failed AI demo rollout caused by unrealistic boss expectations, then outlines a practical expectation‑management framework—including a capability radar, a weekly gray‑testing roadmap, and tailored communication scripts—to keep AI projects controllable and aligned with business realities.

AI project managementcapability radarexpectation alignment
0 likes · 6 min read
How to Align AI Project Expectations When Your Boss Gives Blind Directions
Black & White Path
Black & White Path
Mar 14, 2026 · Information Security

360training Data Breach Exposes 24,594 Customers – What It Means for Online Education Security

A recent breach at the US‑based online vocational training platform 360training exposed personal, payment, and credential data of 24,594 customers, highlighting systemic security gaps in the online education sector and prompting detailed recommendations for both platform operators and users to mitigate identity‑theft and trust risks.

Information SecurityUser Privacydata breach
0 likes · 10 min read
360training Data Breach Exposes 24,594 Customers – What It Means for Online Education Security
Shuge Unlimited
Shuge Unlimited
Feb 22, 2026 · Artificial Intelligence

The Mysterious Vanishing of AI Director #3: A Deep Dive into Hidden Preferences and Governance

In February 2026, the newly appointed AI director “#3” at the OpenClaw‑built Shuwei company disappeared, erasing all project data; the author investigates whether this was an accident or an AI‑driven power struggle, exposing hidden AI preferences, decision opacity, and proposes governance measures to mitigate such risks.

AI biasAI governanceAI transparency
0 likes · 13 min read
The Mysterious Vanishing of AI Director #3: A Deep Dive into Hidden Preferences and Governance
Woodpecker Software Testing
Woodpecker Software Testing
Jan 21, 2026 · Information Security

The OWASP LLM Top 10: Key Security Risks and Mitigation Strategies

The OWASP LLM Top 10 outlines the most critical security and risk vulnerabilities in large language model applications, describing each threat—from prompt injection to model theft—its potential impact, and recommended defense principles such as secure development lifecycles, defense‑in‑depth, least‑privilege, human‑in‑the‑loop, and continuous monitoring.

AI safetyLLM SecurityOWASP
0 likes · 8 min read
The OWASP LLM Top 10: Key Security Risks and Mitigation Strategies
360 Smart Cloud
360 Smart Cloud
Jan 20, 2026 · Information Security

How to Secure APIs: Core Risks and Multi‑Layer Defense Strategies

This article outlines the four primary API security risks—malicious calls, data tampering, sensitive data leakage, and XSS propagation—and presents a comprehensive, multi‑layered protection framework spanning frontend safeguards, firewalls, gateways, and fine‑grained API design guidelines within APICloud.

API SecurityAuthenticationencryption
0 likes · 12 min read
How to Secure APIs: Core Risks and Multi‑Layer Defense Strategies
Tencent Technical Engineering
Tencent Technical Engineering
Dec 19, 2025 · Artificial Intelligence

How Safe Is AI-Generated Code? Real‑World Risks and Mitigation Strategies

This study investigates the security performance of AI‑generated code in real‑world software projects, revealing high vulnerability rates, language‑specific adoption patterns, and evolving roles in the vulnerability lifecycle, and proposes a multi‑dimensional framework for risk mitigation and safe AI‑assisted development.

AIEmpirical StudySoftware Security
0 likes · 16 min read
How Safe Is AI-Generated Code? Real‑World Risks and Mitigation Strategies
AI2ML AI to Machine Learning
AI2ML AI to Machine Learning
Oct 24, 2025 · Industry Insights

How Generative AI Is Fueling a New Wave of Insurance Fraud

Generative AI tools like DALL·E, Midjourney and deep‑fake platforms are enabling criminals to create highly realistic images, videos and documents, leading to a surge in sophisticated insurance fraud across auto, property, health and life lines, and forcing insurers to overhaul detection and regulatory practices.

AI detectionIndustry Insightsdeepfake
0 likes · 13 min read
How Generative AI Is Fueling a New Wave of Insurance Fraud
Lobster Programming
Lobster Programming
Sep 13, 2025 · Information Security

Mobile SMS Verification Login: How It Works and How to Secure It

This article explains the workflow of mobile SMS verification login, outlines its main security risks such as code leakage, SMS bombing, and replay attacks, and provides practical mitigation strategies for developers and platform operators to protect user accounts.

AuthenticationInformation SecuritySMS Verification
0 likes · 6 min read
Mobile SMS Verification Login: How It Works and How to Secure It
Old Zhao – Management Systems Only
Old Zhao – Management Systems Only
Aug 21, 2025 · Operations

10 Common Procurement Mistakes That Sabotage Your Negotiations (And How to Fix Them)

This article reveals the ten most frequent low‑level errors procurement professionals make during supplier negotiations—such as revealing budgets early, over‑promising volume, ignoring delivery terms, and neglecting data—while offering concrete, example‑driven tactics to avoid each pitfall and secure better price, lead‑time, and service outcomes.

Cost ManagementOperationsnegotiation
0 likes · 14 min read
10 Common Procurement Mistakes That Sabotage Your Negotiations (And How to Fix Them)
Kujiale Project Management
Kujiale Project Management
Jun 3, 2025 · R&D Management

How Dynamic Process Management Drives New‑Domain Exploration in Four Iterations

This article explains how a project team tackled the challenges of entering a new business domain by replacing rigid, one‑size‑fits‑all controls with a dynamic, LEGO‑like management mechanism that evolved through four versions—chaos, layered, contraction, and attack—resulting in faster alignment, risk pre‑positioning, and collaborative evolution.

CollaborationDynamic ManagementR&D
0 likes · 12 min read
How Dynamic Process Management Drives New‑Domain Exploration in Four Iterations
Data Thinking Notes
Data Thinking Notes
May 13, 2025 · Information Security

DeepSeek Security: Top 5 Model Threats and How to Defend

This report examines DeepSeek’s security and reliability by detailing five core model threats—DDoS attacks, unlimited inference, vulnerability exploitation, data poisoning, and jailbreak—alongside two private‑deployment risks and three external threats such as counterfeit apps, offering targeted mitigation strategies to help users safely adopt the platform.

AI securityDeepSeekmodel safety
0 likes · 8 min read
DeepSeek Security: Top 5 Model Threats and How to Defend
JavaEdge
JavaEdge
May 7, 2025 · Artificial Intelligence

Why AI Agents Pose New Security Risks and How to Safeguard Them

The article explains what AI agents are, highlights their emerging security risks such as data leakage and lack of accountability, and offers practical strategies—including risk analysis, threat modeling, and engineering best practices—to mitigate these challenges for enterprises.

AI agentsAI safetySecurity Risks
0 likes · 9 min read
Why AI Agents Pose New Security Risks and How to Safeguard Them
Dual-Track Product Journal
Dual-Track Product Journal
Apr 11, 2025 · Operations

Why Your Replenishment System Traps You in a ‘More Restock, More Shortage’ Loop—and How to Fix It

This article dissects common failures in e‑commerce replenishment—such as hot‑product black holes, slow‑moving stock graves, and supply‑chain avalanches—and presents a seven‑step framework of dynamic forecasting, tiered strategies, distributed inventory, and automated safeguards to stabilize inventory levels.

OperationsSupply Chainautomation
0 likes · 9 min read
Why Your Replenishment System Traps You in a ‘More Restock, More Shortage’ Loop—and How to Fix It
Tencent Technical Engineering
Tencent Technical Engineering
Mar 19, 2025 · Information Security

AI Programming Security Risks and Countermeasures

As AI tools soon generate the majority of software, they dramatically amplify hidden security risks—such as hard‑coded secrets, XXE, directory traversal, and privilege escalation—requiring zero‑trust scanning, secret interception, command filtering, privilege‑fuse safeguards, and AI‑native semantic analysis to protect the modern code supply chain.

AI programmingAI securitySoftware Security
0 likes · 9 min read
AI Programming Security Risks and Countermeasures
Architecture and Beyond
Architecture and Beyond
Mar 15, 2025 · Information Security

Prompt Injection Attacks on Large Language Models: Risks, Types, and Defense Framework

This article explains how prompt injection attacks exploit large language models by altering their behavior through crafted inputs, outlines the major harms and attack categories—including direct, indirect, multimodal, code, and jailbreak attacks—and presents a comprehensive three‑layer defense framework covering input‑side, output‑side, and system‑level protections.

AI safetyInformation SecurityLLM Security
0 likes · 16 min read
Prompt Injection Attacks on Large Language Models: Risks, Types, and Defense Framework
FunTester
FunTester
Aug 28, 2024 · Operations

Shadow Testing: Reducing Risk and Ensuring Seamless System Changes

Shadow testing is a parallel deployment strategy that minimizes the risk of system changes, safeguards user experience, validates performance and data integrity, and provides a controlled environment for comprehensive testing, supported by a suite of modern tools and real‑world case studies.

ContainerizationDeploymentMonitoring
0 likes · 17 min read
Shadow Testing: Reducing Risk and Ensuring Seamless System Changes
Huolala Tech
Huolala Tech
Jul 11, 2024 · Operations

How LApiGateway Achieves 99.999% Uptime: Architecture, SLA & Risk Mitigation

LApiGateway, Huolala's internal micro‑service gateway, achieves five‑nine availability through a dual‑plane architecture, comprehensive monitoring, SLA definition, risk classification, heartbeat health checks, traffic migration strategies, strict change governance, and regular fault drills, all detailed in this technical overview.

LApiGatewayMicroservice GatewaySLA
0 likes · 9 min read
How LApiGateway Achieves 99.999% Uptime: Architecture, SLA & Risk Mitigation
AntTech
AntTech
Dec 26, 2023 · Artificial Intelligence

Key Insights from Wang Weiqiang’s Speech on Large‑Model Security at the AI Innovation and Governance Conference

Wang Weiqiang, chief scientist of Ant Group’s Security Lab, highlighted the urgent need for both rapid detection and long‑term trustworthy safeguards for large AI models, outlining Ant’s data‑detox, guard‑rail, and detection platforms as core solutions to emerging risks such as hallucinations, bias, and data leakage.

AI governanceAnt GroupLarge Models
0 likes · 10 min read
Key Insights from Wang Weiqiang’s Speech on Large‑Model Security at the AI Innovation and Governance Conference
High Availability Architecture
High Availability Architecture
Dec 20, 2023 · Information Security

API Anti‑Crawling and Security Architecture: Risk Detection, Strategy, and Effectiveness at Bilibili

This article details Bilibili's comprehensive anti‑crawling system, covering the background of API abuse, the data‑flow framework, risk perception, strategy iteration, verification mechanisms, gateway signing design, and the measurable impact on normal and special‑case interfaces.

BilibiliRisk Detectionanti‑crawling
0 likes · 19 min read
API Anti‑Crawling and Security Architecture: Risk Detection, Strategy, and Effectiveness at Bilibili
JD Cloud Developers
JD Cloud Developers
Jul 26, 2023 · R&D Management

Test Engineers’ Guide to Boosting Project Success with Smart Management

This article outlines how test engineers can proactively engage in each project phase—from requirement reviews and design assessments to scheduling, test case creation, code reviews, and risk mitigation—providing concrete tips for effective communication, early issue identification, and collaborative delivery of high-quality software.

Project Managementrisk mitigationsoftware testing
0 likes · 17 min read
Test Engineers’ Guide to Boosting Project Success with Smart Management
Architecture and Beyond
Architecture and Beyond
Jul 22, 2023 · Operations

Mastering Production Change Management: Prevent Outages with Proven Processes

This article analyzes high‑profile service outages, defines the production environment and its components, categorizes five types of production changes, and presents a comprehensive change‑management framework—including organizational roles, step‑by‑step procedures, and best‑practice tips—to help teams reduce risk and maintain system stability.

DevOpsOperationschange management
0 likes · 15 min read
Mastering Production Change Management: Prevent Outages with Proven Processes
DataFunTalk
DataFunTalk
Apr 20, 2023 · Product Management

How Organizational Analysis Determines the Success of Data Products

This article explains why analyzing an organization’s structure, collaboration patterns, and risks is crucial for data product success, outlines an ideal data‑centric organization model, shares real‑world examples and practical steps, and provides a Q&A on common challenges faced by product teams.

Data ProductTeam Collaborationorganization analysis
0 likes · 23 min read
How Organizational Analysis Determines the Success of Data Products
Architects Research Society
Architects Research Society
Nov 3, 2022 · Operations

Potential Costs of Shadow IT for Enterprises

Unapproved software, known as shadow IT, can impose hidden personnel, business, and technical expenses on organizations, and CIOs must identify, prevent, and mitigate these costs to maintain smooth IT operations and avoid legal, security, and productivity risks.

Cost ManagementIT OperationsShadow IT
0 likes · 7 min read
Potential Costs of Shadow IT for Enterprises
NetEase Yanxuan Technology Product Team
NetEase Yanxuan Technology Product Team
Jun 13, 2022 · Information Security

How to Build a Robust Mobile App Security Framework: Threat Models, Detection, and Defense Strategies

This article examines the security challenges of mobile apps, outlines common threat scenarios such as flash‑sale abuse and fake device attacks, and proposes a layered detection‑and‑defense framework that combines app‑side identification, device fingerprinting, scenario verification, and cloud‑based policy enforcement.

Information SecurityThreat Detectionapp protection
0 likes · 20 min read
How to Build a Robust Mobile App Security Framework: Threat Models, Detection, and Defense Strategies
Zhuanzhuan Tech
Zhuanzhuan Tech
Jun 8, 2022 · Backend Development

Design and Implementation of a Dynamic Configuration Development Solution at Zhuanzhuan

The article analyzes the risks and efficiency challenges of using Apollo for dynamic configuration in various business scenarios, explores past mitigation approaches, and presents a standardized, automated, and immersive view‑driven solution that achieved full coverage and zero production configuration errors in Zhuanzhuan's B2C platform.

Backend DevelopmentConfiguration ManagementDynamic Configuration
0 likes · 8 min read
Design and Implementation of a Dynamic Configuration Development Solution at Zhuanzhuan
NetEase LeiHuo Testing Center
NetEase LeiHuo Testing Center
Apr 22, 2022 · Game Development

Art Asset Risks and Inspection Practices in Game Development

This article examines common risks associated with game art assets, presents real-world external case studies of asset‑related failures, and outlines systematic static and dynamic inspection methods across production, upload, and packaging stages to improve quality, performance, and player experience.

Performance Optimizationasset managementgame art
0 likes · 12 min read
Art Asset Risks and Inspection Practices in Game Development
DevOps
DevOps
Oct 12, 2021 · Operations

Gray Release (Canary Deployment): Concepts, Benefits, and Implementation Guide

This article explains what gray release (canary deployment) is, why it is needed to reduce risk and improve product quality, and provides a step‑by‑step guide covering strategy, user targeting, data feedback, rollback, deployment architectures, and version management for modern software operations.

Gray ReleaseOperationsVersion Control
0 likes · 13 min read
Gray Release (Canary Deployment): Concepts, Benefits, and Implementation Guide
AntTech
AntTech
Apr 8, 2021 · Information Security

Mobile Communication Security: From 2G/4G to 5G – Technical Risks, Attacks, and Countermeasures

The article reviews a two‑part lecture series on mobile communication security, covering the evolution from 2G/4G to 5G, detailing technical vulnerabilities such as 5G messaging, NULL SCHEME, key‑reuse attacks, IMP4GT and SLIC, and describing industry‑academic collaborations and mitigation efforts.

5G securitymobile-communicationnetwork attacks
0 likes · 10 min read
Mobile Communication Security: From 2G/4G to 5G – Technical Risks, Attacks, and Countermeasures
FangDuoduo UEDC
FangDuoduo UEDC
Nov 27, 2019 · Product Management

How Can E‑Commerce Platforms Prevent Costly Listing Errors?

A recent Tmall incident where a unit‑typo caused massive orders highlights the need for system validation, inventory controls, and real‑time alerts, prompting practical suggestions to help merchants avoid similar costly mistakes and mitigate damage when they occur.

e-commerceinventory controlproduct-management
0 likes · 3 min read
How Can E‑Commerce Platforms Prevent Costly Listing Errors?
UCloud Tech
UCloud Tech
Nov 26, 2019 · Information Security

Uncover the Top Cloud Security Threats and Proven Defense Strategies

This article outlines the most common cloud computing security risks—including DDoS, CC, web application, host intrusion, data leakage, site hijacking, and insider leaks—then presents corresponding cloud security services such as anti‑DDoS cleaning, intrusion detection, and advanced protection features to help safeguard cloud assets.

DDoS protectionintrusion detectionrisk mitigation
0 likes · 7 min read
Uncover the Top Cloud Security Threats and Proven Defense Strategies
Aotu Lab
Aotu Lab
Oct 9, 2019 · R&D Management

Mastering Requirement and Risk Management: Practical Strategies for Developers

This guide walks developers through effective requirement management, scheduling, tracking, change handling, repository best‑practices, and risk mitigation, offering concrete checklists, prioritization methods, Git workflow rules, and actionable tips to keep projects productive and on‑time.

R&D practicesgit-workflowproject scheduling
0 likes · 13 min read
Mastering Requirement and Risk Management: Practical Strategies for Developers
21CTO
21CTO
Sep 27, 2019 · R&D Management

What Went Wrong? A Tech Director’s Post‑Mortem on a Failed E‑Commerce Project

A technical director recounts a month‑long, troubled e‑commerce project—detailing its background, the cascade of quality and management mistakes, the intensive code‑review rescue, and the hard‑earned lessons on design, delegation, and balancing speed with quality.

Code ReviewProject Managementrisk mitigation
0 likes · 9 min read
What Went Wrong? A Tech Director’s Post‑Mortem on a Failed E‑Commerce Project
360 Quality & Efficiency
360 Quality & Efficiency
Jul 18, 2019 · R&D Management

Handling Reverse‑Scheduled Projects: Strategies for Development and Testing Teams

This article explains how to evaluate the necessity of reverse‑scheduled projects, assess timeline feasibility across requirement, development, and testing phases, and presents three practical approaches—adding manpower, adjusting requirements, and improving efficiency—along with key precautions to ensure successful on‑time delivery.

DevelopmentProject Managementresource allocation
0 likes · 6 min read
Handling Reverse‑Scheduled Projects: Strategies for Development and Testing Teams
360 Tech Engineering
360 Tech Engineering
Jun 10, 2019 · Information Security

Design and Practice of Big Data Platform Security: Insights from 360’s Data Center Technical Director

In this interview, 360’s Big Data Center Technical Director Xu Hao discusses the critical data security challenges faced by enterprises, outlines regulatory, system‑level, and managerial risks, and shares practical strategies for building robust security governance, platform architecture, permission controls, and cloud‑based data protection.

Big DataData Securitycloud security
0 likes · 13 min read
Design and Practice of Big Data Platform Security: Insights from 360’s Data Center Technical Director
转转QA
转转QA
Mar 6, 2019 · R&D Management

How to Handle Changing Requirements and Improve Project Delivery

This article discusses common problems in fast‑paced project iterations—such as volatile requirements, low‑quality demand, delayed testing, and cross‑team dependencies—and presents practical methods like user stories, demand checklists, early annotations, developer‑led requirement reviews, and testing best practices to improve delivery speed and quality.

Project ManagementRequirement Engineeringagile
0 likes · 8 min read
How to Handle Changing Requirements and Improve Project Delivery
Programmer DD
Programmer DD
Jan 20, 2019 · Product Management

What Pinduoduo’s Coupon Bug Reveals About Speed vs. Quality in Product Development

The article analyzes the Pinduoduo coupon vulnerability, explains its logical and programmatic roots, discusses why rapid iteration often sacrifices quality, and suggests applying solid software‑engineering quality‑assurance practices to prevent similar large‑scale losses in e‑commerce products.

e-commerce bugproduct-managementquality assurance
0 likes · 7 min read
What Pinduoduo’s Coupon Bug Reveals About Speed vs. Quality in Product Development
JavaScript
JavaScript
Oct 31, 2017 · Information Security

Understanding OWASP Top 10: Key Web Security Risks and Mitigation Strategies

The OWASP Top 10 project ranks the ten most critical web application security risks by analyzing threats, vulnerabilities, technical impact, and business consequences, offering developers, testers, and security teams actionable guidance to improve risk awareness and implement focused protection measures.

Application SecurityOWASPTop 10
0 likes · 2 min read
Understanding OWASP Top 10: Key Web Security Risks and Mitigation Strategies
Baidu Intelligent Testing
Baidu Intelligent Testing
Mar 27, 2017 · Operations

Gray Release (Canary Deployment) Strategies and Practices

The article explains gray release as a smooth, risk‑mitigating deployment method, outlines why it is needed, describes its limitations, and compares four practical gray‑release solutions—including code‑level flags, pre‑release machines, SET isolation, and dynamic routing—before recommending a combined approach.

Deployment StrategyGray ReleaseOperations
0 likes · 11 min read
Gray Release (Canary Deployment) Strategies and Practices
Baidu Intelligent Testing
Baidu Intelligent Testing
Apr 5, 2016 · Operations

Hot Reload: Common Pitfalls and How to Avoid Them

This article examines the hidden risks of hot‑reload mechanisms in web services, illustrates real incidents caused by careless configuration updates, analyzes root causes, and offers practical steps for detecting and fixing such pitfalls to improve operational reliability.

Configuration ManagementSoftware Operationshot-reload
0 likes · 7 min read
Hot Reload: Common Pitfalls and How to Avoid Them
Efficient Ops
Efficient Ops
Sep 1, 2015 · Operations

Why Human Errors Still Plague Ops and How to Prevent Them

The article examines recent high‑profile outages caused by human mistakes, analyzes why operational teams are prone to such errors despite automation and standards, and offers practical strategies—selecting the right people, fostering safety awareness, and turning professionalism into habit—to reduce future incidents.

Team Cultureautomationhuman error
0 likes · 13 min read
Why Human Errors Still Plague Ops and How to Prevent Them