Learn by Doing with Steven
Note: Due to an unknown reason, the Chinese version account 数能生智 and all the podcasts were deleted by YouTube without explanation. Some contents are synced here via RSS from my Spotify. Until the issue is resolved, all contents will be published here.
Data Science, LLM, models🖥️
Exploration, experiments, learning🕹️
AI-driven coding ✍️
AI regulation 📖
Data science 📊
linktr.ee/learnbydoingwithsteven
github.com/learnbydoingwithsteven
Posts
Learn by Doing with Steven
The model is eating the agent harness
Learn By Doing With Steven 数能生智 All my links: linktr.ee/learnbydoingwithsteven Personal Page: learnbydoingwithsteven.github.io/
A year ago, there was a default consensus in the AI startup circle: the model handles the reasoning, and the external harness handles the runtime. Tool routing, state management, browser actions, code sandboxes, approval flows—these were all things that happened "outside" the model, firmly in the territory of product teams.
That consensus is cracking.
Logan Kilpatrick made a very crucial point in his June 11 Sequoia interview: capabilities that look like external scaffolding today are highly likely to be absorbed by the model platform itself tomorrow. This isn't a prediction. Just look at the Gemini developer documentation—managed agents, code execution, Google Search, URL context, and computer use are all lined up side-by-side in the same API surface. The platform is no longer just selling a model. It is selling a hosted action environment.
To put it bluntly: the orchestrator you spent six months building might become a default platform feature next quarter.
open.substack.com/pub/learnbydoingwithsteven/p/the…
1 week ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
🚨 The Future of GDPR Breach Reporting Has Arrived
The European Data Protection Board (EDPB) has released its 2026 Personal Data Breach Notification Template, providing organizations with a standardized framework for reporting personal data breaches across the EU.
Why does this matter?
Data breach notifications are no longer just compliance exercises. Regulators increasingly expect organizations to demonstrate:
✅ Clear breach classification (confidentiality, integrity, availability)
✅ Comprehensive risk assessments for affected individuals
✅ Detailed timelines from detection to notification
✅ Evidence of security measures in place before the incident
✅ Actions taken to mitigate harm and prevent recurrence
✅ Transparent communication with data subjects and supervisory authorities
The new template reflects a more structured, risk-based approach to GDPR Article 33 and Article 34 obligations, helping organizations improve consistency, accountability, and regulatory readiness.
Key areas covered include:
🔹 Controller and DPO identification
🔹 Incident detection and breach timelines
🔹 Categories of affected individuals and personal data
🔹 Root cause and incident classification
🔹 Impact assessment and risk evaluation
🔹 Remediation and corrective measures
🔹 Data subject communications
🔹 Cross-border processing considerations
🔹 Supporting evidence and documentation
For privacy leaders, CISOs, DPOs, compliance teams, and breach response professionals, this template offers a practical blueprint for strengthening incident response governance and demonstrating GDPR compliance.
As regulatory expectations continue to evolve, organizations that establish structured breach notification processes today will be better positioned to reduce regulatory risk tomorrow.
📚 Learn by Doing with Steven
🌐 Portfolio & Resources: learnbydoingwithsteven.github.io/
🔗 Linktree: linktr.ee/learnbydoingwithsteven
Follow for practical insights on Privacy, AI Governance, Cybersecurity, Data Protection, Compliance, Automation, and Emerging Technology.
#GDPR #DataProtection #Privacy #CyberSecurity #DataBreach #IncidentResponse #Compliance #DPO #RiskManagement #InformationSecurity #PrivacyManagement #EDPB #DataGovernance #AICompliance #DigitalTrust #LearnByDoingWithSteven
2 weeks ago | [YT] | 1
View 0 replies
Learn by Doing with Steven
Navigation integrity is becoming a search-trust signal, not just a UX detail.
Google's June 15, 2026 enforcement against back-button hijacking matters because the back button is a clear user command. If a site turns that command into an ad, redirect, recommendation loop, or extra pageview, Google can treat the destination as less trustworthy. In the AI-search era, post-click behavior starts to matter as much as content quality.
The practical takeaway: audit History API usage, ad-tech settings, interstitial triggers, recommendation widgets, and single-page-app routing before growth tactics become distribution risk. SEO risk now sits across product, engineering, growth, and ad operations.
LinkedIn:
www.linkedin.com/feed/update/urn:li:share:74685887…
Substack:
learnbydoingwithsteven.substack.com/p/google-is-tu…
All links:
linktr.ee/learnbydoingwithsteven
Personal page:
learnbydoingwithsteven.github.io/
#GoogleSearch #SEO #AISearch #DigitalTrust #PublisherStrategy #UXDesign #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
AI cyber risk is no longer only a security-control problem. It is becoming a financial-stability transmission channel.
Recent IMF, Federal Reserve, ECB, and FSB signals point to the same mechanism: AI lowers the time and cost to find exploitable weaknesses, while finance depends on shared cloud, software, payments, identity, data, and third-party infrastructure. If one dependency fails across many institutions at AI speed, a technical incident can turn into a liquidity, confidence, or market-stress event.
The practical takeaway for banks, fintechs, cloud providers, and AI teams: measure resilience beyond detection quality. Map critical dependencies, rehearse continuity and cloud-exit scenarios, test payment resilience, clarify third-party concentration risk, and prove critical functions can keep running under correlated failure.
LinkedIn:
www.linkedin.com/feed/update/urn:li:share:74699819…
Substack:
learnbydoingwithsteven.substack.com/
All links:
linktr.ee/learnbydoingwithsteven
Personal page:
learnbydoingwithsteven.github.io/
#CyberRisk #FinancialStability #AIInfrastructure #BankingTechnology #SystemicRisk #AIGovernance #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
Multimodal AI needs better capacity allocation. This Short explains MOT: different inputs compete for attention and compute. The point is to preserve useful signal from image, text, audio, and video instead of crushing rich inputs into weak representations. Watch: www.youtube.com/shorts/4dRxFT... #MultimodalAI #AIResearch #AIEvaluation #LLMOps #Shorts #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
The 2026 AI infrastructure question is shifting from GPU count to effective capacity.
PhysicsX ($300M Series C), PointFive ($60M Series B), and YC-backed Expanse point to the same control loop: measure waste, predict the next bottleneck, route the fix, and prove output per dollar. One compresses industrial simulation cycles, one makes AI and cloud spend legible enough to control, and one attacks GPU/HPC underutilization before teams buy more hardware.
The practical takeaway: more chips, cloud, and power still matter, but capacity conversion is becoming strategic. Builders and buyers should track how much paid-for compute, simulation budget, and engineering time turns into useful output.
LinkedIn:
www.linkedin.com/feed/update/urn:li:share:74699520…
Substack:
learnbydoingwithsteven.substack.com/
All links:
linktr.ee/learnbydoingwithsteven
Personal page:
learnbydoingwithsteven.github.io/
#AIInfrastructure #FinOps #GPU #HPC #IndustrialAI #StartupFunding #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
Good AI tests should break before models learn to pass them.
This Short explains why evaluation should stress models before leaderboard scores look clean: adversarial cases, messy workflows, tool errors, edge cases, latency, and human handoff points. The goal is not to punish the model; it is to reveal where the system will fail in production while the team can still fix it.
Watch the Short:
www.youtube.com/shorts/n3mTMy...
#AIEvaluation #AIBenchmarks #AIReliability #AIAgents #LLMOps #Shorts #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
AI energy measurement is becoming product evidence, not ESG decoration.
The EU AI Office's 2026 consultation on measuring AI energy consumption and emissions points to a deeper operating shift: under the EU AI Act, general-purpose AI providers must document known or estimated model energy use as part of technical documentation.
The practical takeaway: teams building or buying AI need defensible measurement boundaries. Training, fine-tuning, inference, hardware lifecycle, cooling, water, facility efficiency, and grid mix all affect whether a system can be approved, compared, optimized, and defended. The valuable infrastructure layer is not one perfect number. It is telemetry plus repeatable methods and clear separation between measured data and estimates.
LinkedIn:
www.linkedin.com/feed/update/urn:li:share:74699217…
Substack:
learnbydoingwithsteven.substack.com/
All links:
linktr.ee/learnbydoingwithsteven
Personal page:
learnbydoingwithsteven.github.io/
#AIEnergy #SustainableAI #AIGovernance #AIInfrastructure #EUAIAct #DigitalTransformation #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
AI can support the mission, but it should not run the mission.
This Short explains why high-stakes AI systems still need command structure: mission context, human authority, escalation paths, audit trails, fail-safe boundaries, and clear responsibility when the system is wrong. The strongest AI workflow is not "autonomous at all costs"; it is automation inside accountable operations.
Watch the Short:
www.youtube.com/shorts/exFXbB...
#DefenseAI #AIAgents #AIGovernance #AIInfrastructure #MissionOps #Shorts #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Learn by Doing with Steven
Defense AI is no longer just model access. It is command assurance.
NSPM-11, issued June 5, 2026, turns national-security AI into an operating stack: adoption, adaptation, assurance, and accountability. The practical machinery is multi-vendor procurement, classified IL6/IL7 deployment, high-security compute, AI test ranges, T&E/V&V, incident response, vendor-control clauses, and chain-of-command accountability.
The May 1 classified-network AI agreements with SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, AWS, and Oracle show commercial AI moving into lawful operational use on classified networks. The May 28 $9.7B Microsoft enterprise agreement shows the substrate: secure collaboration, cloud subscriptions, on-prem licensing, classified enclaves, and tactical-edge operations.
The practical takeaway: high-assurance buyers will not ask only, "How capable is the model?" They will ask whether it can be deployed, monitored, tested against mission-specific failure modes, audited after use, disconnected when needed, sustained under pressure, and protected from unauthorized vendor-side changes.
LinkedIn:
www.linkedin.com/pulse/nspm-11-turns-defense-ai-fr…
Substack:
learnbydoingwithsteven.substack.com/p/nspm-11-turn…
All links:
linktr.ee/learnbydoingwithsteven
Personal page:
learnbydoingwithsteven.github.io/
#DefenseAI #NationalSecurity #AIGovernance #AIInfrastructure #FrontierAI #GovTech #LearnByDoingWithSteven
2 weeks ago | [YT] | 0
View 0 replies
Load more