Two and a half years ago I wrote a piece arguing personal AI would be the durable category, not enterprise chatbots. The 2025 version of that bet is partway right and wrong in interesting ways. Worth being clear about what landed and what didn't.
If your AI infra depends on third-party container images, you don't control your supply chain. Forgejo on store-01 as the source-of-truth git host, Harbor on engine-01 as the registry plus image-signing layer. The sovereign-infra argument, and why mirroring is non-negotiable now.
OPA and Rego had a quiet decade as the policy-as-code layer for Kubernetes and IaC pipelines. The AI agent wave is making them load-bearing in a way they weren't before. The renaissance is real and the reasons are structural.
The AI security track at Black Hat this year was the most-attended track. The substance under the hype was a real category forming, prompt injection, model exfiltration, agent privilege abuse, that maps closer to 2014 cloud security than anyone wants to admit.
Not every AI workload belongs on Kubernetes. Some belong nowhere else. The patterns that hold up, separating CPU and GPU tiers, sizing autoscaling for serving versus batch, picking the right foundation, and the ones that fall apart at the first real load.
Cloud lock-in in 2010 was bad. AI lock-in in 2025 is worse for reasons most teams aren't thinking about. The data, the prompt patterns, the agentic surface, the fine-tunes, none of it ports cleanly. Worth being clear about why before you commit.
The right unit for AI cost tracking isn't tokens, isn't requests, isn't users. It's conversations. The cost story makes sense when you measure it that way and gets impossible when you don't.
The IDE-agent products that have stuck for me through a year of daily use share one thing: a strong plan-then-execute workflow. The tools without it produce flashier demos and worse outcomes. Worth being explicit about why this is the actual product.
The personal AI assistant pattern wants to read everything you have. The honest engineering pattern is the opposite, design the assistant to be useful while structurally unable to see the data that shouldn't go to it. Worth being concrete about how.
What to actually buy if you're starting a home AI setup in mid-2025. Not the maximalist build; the right-size build for the workloads that justify owning the hardware.
Six months in on Operator, plus Mariner, plus Computer Use. The browser-agent category is real and the durable use cases are smaller than the demos suggested. Worth being concrete about what the category does and doesn't do well.
Tekton, Argo CD, GitHub Actions, Jenkins X, four answers to model deploys. You can't unit-test a model, so eval suites become the test substitute. Versioning, rollback, blue-green serving. Pipeline config as the Decisions as Code surface, projected per environment.
