Schlagwort: LLM

Veröffentlicht am

Small Language Models for Platform Engineering: Why 8B Parameters Beat API Dependencies

The economics of AI in platform engineering are shifting — fast. For the past two years, the default answer to „how do we add AI to our internal platform?“ has been „call an API.“ But with inference costs rising, data governance getting stricter, and a new generation of compact models matching much larger counterparts on critical benchmarks, that default is worth questioning. Small Language Models (SLMs) — particularly in the 7B–9B parameter range — have reached a threshold where they can handle the majority of platform engineering workloads without ever leaving your network.

The Benchmark Reality Check: 8B Is Not a Compromise

IBM’s Granite 4.1 8B, released in April 2026 under Apache 2.0, is a useful anchor for this conversation. On enterprise coding benchmarks, the 8B model matches IBM’s own 32B Mixture-of-Experts (MoE) variant. On HumanEval pass@1, the 8B scores 87.2% compared to 89.6% for the 30B model — a gap of less than 3 percentage points that is largely irrelevant for the deterministic, constrained tasks that platform teams actually run.

This pattern holds across the SLM landscape:

  • Phi-4 (14B) — Microsoft’s model excels at reasoning-heavy tasks, punching well above its weight on MATH and GPQA
  • Qwen-3 (8B) — Strong multilingual coding support, excellent for polyglot infrastructure codebases
  • Llama-3.3 (8B) — Meta’s workhorse, widely supported across inference frameworks
  • Mistral-Small (22B) — A good middle ground when you need more capacity without the frontier price tag

The takeaway: if you are still reaching for GPT-4 or Claude Sonnet to answer „why is this Helm chart failing?“ you are likely overspending.

Dense Non-Thinking Architecture: Why It Matters for Operations

Granite 4.1 uses what IBM calls a Dense Non-Thinking Architecture. In practice, this means the model does not execute an internal chain-of-thought (CoT) reasoning step before responding. For frontier models solving novel math problems, CoT is valuable. For a platform engineer asking „summarize this PagerDuty alert and suggest the top three actions,“ CoT overhead is pure latency and token cost with zero benefit.

Platform tasks are largely pattern-matching with context, not novel reasoning. Alert triage, PR description generation, runbook execution, code review comments — these are well-defined, repetitive, structured tasks where a fast, confident response beats a slow, deeply deliberative one. Dense models optimized for inference speed are a natural fit.

The FinOps Case: What Self-Hosting an 8B Model Actually Costs

Let’s put numbers on this. A mid-tier platform team might generate 50,000 LLM calls per month for internal tooling: PR review summaries, alert enrichment, documentation queries, CI/CD pipeline diagnostics.

At $0.002 per 1K tokens (input + output average), 50,000 calls at ~500 tokens each = $50/month in API costs. Manageable — until agents arrive.

Agentic workflows are not single API calls. A single „investigate this alert“ agent might issue 15–25 tool calls, each with full context. That same 50,000-event scenario becomes 750,000–1,250,000 LLM calls. At $0.002/1K tokens, that is now $1,500–$2,500/month — and growing linearly with adoption.

Self-hosting an 8B model on a single RTX 4090 (~$1,800 hardware) or a Mac Studio M4 Max (~$2,000) delivers:

  • ~30–50 tokens/second throughput (sufficient for internal tooling)
  • Zero marginal cost per call after hardware amortization
  • Full data residency — no tokens leave your network
  • Instant availability without rate limits or provider outages

At an agentic scale, the hardware pays for itself within 1–2 months. Beyond that, it is pure savings.

Platform Engineering Use Cases Where SLMs Shine

1. Alert Triage and Runbook Execution

The HolmesGPT pattern (CNCF Sandbox) demonstrates the right approach: give an SLM access to kubectl, PromQL, and Loki, and a structured Markdown runbook. With a well-crafted runbook, tool calls per investigation drop from 16+ to 2–4. An 8B model running locally handles this at millisecond latency with no data leaving the cluster.

2. CI/CD Pipeline Assistance

PR description generation, test coverage summaries, changelog drafting — these are low-complexity, high-volume tasks. An SLM integrated directly into your CI/CD pipeline (via Ollama’s REST API or a vLLM endpoint) can run as a pipeline step without any external dependency. No API key rotation. No rate limiting during a big release crunch.

3. Code Review Comments

Automated first-pass code review — style enforcement, security pattern flagging, documentation gaps — is exactly the kind of task where an 8B model is sufficient. The model does not need to understand your entire business domain; it needs to apply consistent rules to code diffs. Fine-tuning on your internal codebase further improves relevance.

4. Documentation and Runbook Generation

Keeping runbooks current is a perennial platform team pain point. An SLM that can read infrastructure-as-code, observe recent incident patterns, and generate or update Markdown documentation solves a real operational problem — without requiring a cloud API call for every update.

Enterprise Trust: Granite’s Compliance Credentials

IBM Granite 4.1 ships with two features that matter disproportionately in regulated industries: Guardian Models and cryptographic signing.

Guardian Models are companion classifiers that can check model inputs and outputs for compliance — harmful content, PII exposure, prompt injection attempts. This is built into the model ecosystem, not bolted on afterward. For financial services or healthcare platform teams, this is a significant differentiator versus a generic open-source model.

The cryptographic signing (with ISO certification) means you can verify model provenance. In an era where supply chain security is central to platform governance (see SLSA, Sigstore, in-toto), being able to verify that the model running in your cluster is exactly the model IBM published is not a minor detail.

The Multi-Model Strategy: SLM + Cloud for 80/20 Coverage

The most practical approach is not „replace all cloud APIs with SLMs“ — it is to route intelligently:

  • ~80% of tasks → Local SLM: Alert triage, CI/CD assistance, doc generation, code review, runbook execution, structured queries against internal data
  • ~20% of tasks → Cloud frontier model: Novel architecture decisions, complex multi-step reasoning, tasks requiring broad world knowledge not captured in your fine-tuned model

This mirrors how mature platform teams already think about compute: use the right tool at the right cost tier. An internal platform that routes requests based on complexity signals (task type, token budget, confidence threshold) gives you both cost efficiency and capability headroom.

Getting Started: Self-Hosting in the Platform Engineering Stack

The barrier to running an 8B model is lower than most teams expect:

  • Ollama — Single-command model serving, REST API, model library with one-line pulls (ollama pull granite3.3:8b)
  • LM Studio — Desktop GUI for evaluation, good for initial benchmarking before committing to infrastructure
  • vLLM — Production-grade serving with OpenAI-compatible API, batching, and quantization support; the right choice for Kubernetes-native deployments

For Kubernetes, vLLM running as a Deployment with a GPU node selector and an HPA on request queue depth is a reasonable production starting point. Pair it with an OpenAI-compatible API shim and your existing LLM-integrated tooling requires zero code changes to switch endpoints.

The Connection to Agentic Infrastructure

The Agentic Compute Cliff is real: GitHub Copilot paused new signups in April 2026 due to capacity constraints, and multiple cloud providers are experiencing GPU shortages. As agentic workloads scale — where a single developer workflow might trigger hundreds of LLM calls per hour — dependency on cloud inference is a reliability and cost risk.

SLMs running on internal infrastructure are not just a cost play. They are a resilience play. Your internal platform keeps working when the cloud provider has an outage. Your agents are not rate-limited during a major incident response. Your data never transits a network boundary you do not control.

When 8B Is Not Enough

Intellectual honesty matters here. SLMs are not the answer for everything:

  • Novel architecture decisions requiring broad reasoning across domains
  • Complex multi-step debugging across large, unfamiliar codebases
  • Tasks requiring deep world knowledge beyond your training/fine-tuning window
  • High-stakes customer-facing generation where quality variance is unacceptable

The skill is in classification — building a platform that knows when to route locally and when to escalate to a frontier model. That routing logic, often just a simple task classifier, is itself a good candidate to run on a local SLM.

Conclusion: Make the Economics Argument

The conversation about SLMs in platform engineering is no longer theoretical. The benchmarks have arrived. The tooling (Ollama, vLLM, LM Studio) is mature. The hardware cost is justified within months at agentic scale. And the privacy and compliance benefits — data residency, Guardian Models, cryptographic provenance — increasingly matter as organizations bring AI deeper into their software delivery lifecycle.

The 8B parameter class is not a compromise. It is a deliberate choice that aligns cost, performance, privacy, and operational simplicity for the tasks that platform teams actually run. Start with one use case — alert triage is a natural first target — measure the results, and expand from there. The API dependency you are paying for today may be entirely optional.

Veröffentlicht am

AI Gateways: The Security Control Plane for Enterprise LLM Operations

## The LiteLLM Wake-Up Call

On March 24, 2026, LiteLLM—a Python library with 3 million daily downloads powering AI integrations across tools like CrewAI, DSPy, Browser-Use, and Cursor—was compromised in a supply chain attack. Malicious versions 1.82.7 and 1.82.8 silently exfiltrated API keys, SSH credentials, AWS secrets, and crypto wallets from anyone with LiteLLM as a direct or transitive dependency.

The attack was detected within three hours, reportedly after a developer’s laptop crash exposed the breach. But for those three hours, millions of developers were vulnerable—not because they did anything wrong, but because they trusted their dependencies.

This incident crystallizes a fundamental truth about enterprise AI operations: the infrastructure layer between your applications and LLM providers is now a critical attack surface. And that’s exactly where AI Gateways come in.

## What Is an AI Gateway?

An AI Gateway is a reverse proxy that sits between your applications (or AI agents) and LLM providers. Think of it as an API Gateway specifically designed for AI workloads—but with capabilities that go far beyond simple routing.

┌─────────────────────────────────────────────────────────────────┐
│                        AI Gateway                                │
├─────────────────────────────────────────────────────────────────┤
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────────┐ │
│  │   Request   │  │   Policy    │  │      Observability      │ │
│  │  Inspection │  │ Enforcement │  │   & Cost Management     │ │
│  └─────────────┘  └─────────────┘  └─────────────────────────┘ │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────────┐ │
│  │ PII/Secret  │  │   Model     │  │   Rate Limiting &       │ │
│  │  Redaction  │  │   Routing   │  │   Quota Management      │ │
│  └─────────────┘  └─────────────┘  └─────────────────────────┘ │
│  ┌─────────────┐  ┌─────────────────────────────────────────┐  │
│  │  Prompt     │  │        Failover & Load Balancing        │  │
│  │  Injection  │  └─────────────────────────────────────────┘  │
│  │  Defense    │                                               │
│  └─────────────┘                                               │
└─────────────────────────────────────────────────────────────────┘
         │                    │                    │
         ▼                    ▼                    ▼
   ┌──────────┐        ┌──────────┐        ┌──────────┐
   │ OpenAI   │        │ Anthropic│        │  Azure   │
   │   API    │        │   API    │        │  OpenAI  │
   └──────────┘        └──────────┘        └──────────┘

The key insight is that AI workloads have unique security requirements that traditional API Gateways weren’t designed to handle:

  • Prompt inspection: Detecting injection attacks, jailbreak attempts, and policy violations
  • PII detection and redaction: Preventing sensitive data from reaching external providers
  • Model-aware routing: Directing requests to appropriate models based on content classification
  • Semantic rate limiting: Throttling based on token usage, not just request count
  • Response validation: Scanning outputs for hallucinations, toxicity, or data leakage

## The MCP Gateway: Controlling Agentic Tool Calls

As organizations deploy AI agents that can invoke tools and APIs, a new control plane emerges: the MCP Gateway. The Model Context Protocol (MCP), introduced by Anthropic and now stewarded by the Agentic AI Foundation, standardizes how AI models connect to external tools—but it also introduces significant security risks.

### The N×M Problem

Without a gateway, each agent needs custom authentication and routing logic for every MCP server (Jira, GitHub, Slack, databases). This creates an explosion of point-to-point connections that are impossible to audit, monitor, or secure consistently.

### What MCP Gateways Provide

Capability Description
Centralized Routing Single entry point for all tool calls with protocol translation
Identity Propagation JWT-based auth with per-tool scopes and least-privilege access
Tool Allow-Lists Runtime blocking of unauthorized server connections
Audit Logging Complete record of tool calls, inputs, and outputs for compliance
Response Validation Screening for injection patterns before responses reach the model
Context Management Filtering oversized payloads to prevent context overflow attacks

## The Current Landscape: Gateway Solutions Compared

### TrueFoundry AI Gateway

TrueFoundry has emerged as a performance leader, delivering approximately 3-4ms latency while handling 350+ requests per second on a single vCPU. Key enterprise features include:

  • Model access enforcement with spend caps
  • Prompt and output inspection pipelines
  • Automatic failover across providers
  • Full MCP gateway integration with identity propagation

### Lasso Security

Focused specifically on security, Lasso provides real-time content inspection with PII redaction, prompt injection blocking, and browser-level monitoring for shadow AI discovery.

### Netskope One AI Gateway

Pairs with existing identity infrastructure for enterprise-grade DLP, combining traditional network security capabilities with AI-specific controls like prompt injection defense.

### Kong AI Gateway

Brings the proven Kong API Gateway architecture to AI workloads, with plugins for rate limiting, authentication, and multi-provider routing.

### Bifrost

Optimized for microsecond-latency routing, Bifrost targets high-scale production deployments where every millisecond matters.

## Addressing the OWASP LLM Top 10

AI Gateways provide the control plane needed to address the 2026 OWASP LLM Top 10 risks:

Risk Gateway Control
LLM01: Prompt Injection Input validation, pattern matching, semantic anomaly detection
LLM02: Insecure Output Handling Response sanitization, content filtering
LLM03: Training Data Poisoning Not directly addressed (training-time risk)
LLM04: Model Denial of Service Semantic rate limiting, request throttling
LLM05: Supply Chain Vulnerabilities Centralized dependency management, provenance verification
LLM06: Sensitive Information Disclosure PII detection/redaction, DLP integration
LLM07: Insecure Plugin Design Tool allow-lists, MCP gateway controls
LLM08: Excessive Agency Least-privilege tool access, action approval workflows
LLM09: Overreliance Confidence scoring, uncertainty flagging
LLM10: Model Theft Access controls, usage monitoring

## Shadow AI: The Visibility Challenge

According to recent surveys, 68% of organizations have employees using unapproved AI tools. AI Gateways provide the visibility needed to discover and govern shadow AI usage:

  • Traffic Analysis: Identify which LLM providers are being accessed across the organization
  • Usage Patterns: Understand who is using AI tools and for what purposes
  • Policy Enforcement: Redirect unauthorized traffic through approved channels
  • Gradual Migration: Provide managed alternatives to shadow tools

## Implementation Patterns

### Pattern 1: Centralized Gateway

All LLM traffic routes through a single gateway deployment. Simple to implement but creates a potential bottleneck and single point of failure.

### Pattern 2: Sidecar Gateway

Deploy gateway logic as a sidecar container alongside each application. Eliminates the single point of failure but increases resource overhead.

### Pattern 3: Service Mesh Integration

Integrate gateway capabilities into your existing service mesh (Istio, Linkerd). Leverages existing infrastructure but may have limited AI-specific features.

### Pattern 4: Edge + Central Hybrid

Lightweight edge proxies handle routing and caching, while a central gateway provides security inspection and policy enforcement.

## Getting Started: A Phased Approach

### Phase 1: Observability (Week 1-2)

Deploy a gateway in passthrough mode to gain visibility into current LLM usage patterns without disrupting existing workflows.

### Phase 2: Basic Controls (Week 3-4)

Enable rate limiting, basic authentication, and usage tracking. Start capturing audit logs for compliance.

### Phase 3: Security Policies (Month 2)

Implement PII detection, prompt injection defense, and content filtering. Define model access policies.

### Phase 4: MCP Integration (Month 3)

If using agentic AI, deploy MCP gateway controls for tool call governance and audit logging.

### Phase 5: Continuous Improvement

Establish feedback loops from security findings to policy refinement. Regular reviews of blocked requests and anomalies.

## The Organizational Imperative

The LiteLLM incident demonstrates that AI security isn’t just a technical problem—it’s an organizational one. Platform teams need to establish AI Gateways as the standard path for all LLM interactions, not as an optional security layer.

Key questions for your organization:

  1. Do you know which LLM providers your developers are using today?
  2. Can you detect if sensitive data is being sent to external AI services?
  3. Do you have audit logs for AI tool invocations by your agents?
  4. How quickly could you rotate credentials if a supply chain attack occurred?

AI Gateways don’t solve all AI security challenges, but they provide the foundational control plane that makes everything else possible. In a world where AI agents are becoming autonomous actors in your infrastructure, that control plane isn’t optional—it’s essential.

## Looking Forward

As AI systems evolve from simple chat interfaces to autonomous agents with real-world capabilities, the security surface area expands dramatically. The organizations that establish strong AI Gateway practices now will be positioned to adopt agentic AI safely. Those that don’t will face the same painful lesson that LiteLLM’s users learned: in AI operations, trust without verification is a vulnerability waiting to be exploited.

Veröffentlicht am

AI Observability: Why Your AI Agents Need OpenTelemetry

The Black Box Problem in AI Agents

When you deploy an AI agent in production, you’re essentially running a complex system that makes decisions, calls external APIs, processes data, and interacts with users—all in ways that can be difficult to understand after the fact. Traditional logging tells you that something happened, but not why or how long or at what cost.

For LLM-based systems, this opacity becomes a serious operational challenge:

  • Token costs can spiral without visibility into per-request usage
  • Latency issues hide in the pipeline between prompt and response
  • Tool calls (file reads, API requests, code execution) happen invisibly
  • Context window management affects quality but rarely surfaces in logs

The answer? Observability—specifically, distributed tracing designed for AI workloads.

OpenTelemetry: The Standard not only for AI Observability

OpenTelemetry (OTEL) has emerged as the industry standard for collecting telemetry data—traces, metrics, and logs—from distributed systems. What makes it particularly powerful for AI applications:

Traces Show the Full Picture

A single user message to an AI agent might trigger:

  1. Webhook reception from Telegram/Slack
  2. Session state lookup
  3. Context assembly (system prompt + history + tools)
  4. LLM API call to Anthropic/OpenAI
  5. Tool execution (file read, web search, code run)
  6. Response streaming back to user

With OTEL traces, each step becomes a span with timing, attributes, and relationships. You can see exactly where time is spent and where failures occur.

Metrics for Cost Control

OTEL metrics give you counters and histograms for:

  • tokens.input / tokens.output per request
  • cost.usd aggregated by model, channel, or user
  • run.duration_ms to track response latency
  • context.tokens to monitor context window usage

This transforms AI spend from „we used $X this month“ to „user Y’s workflow Z costs $0.12 per run.“

Practical Setup: OpenClaw + Jaeger

At it-stud.io, we tested OpenClaw as our AI agent framework – already supporting OTEL by default – and enabled full observability with a simple configuration change:

{
  "plugins": {
    "allow": ["diagnostics-otel"],
    "entries": {
      "diagnostics-otel": { "enabled": true }
    }
  },
  "diagnostics": {
    "enabled": true,
    "otel": {
      "enabled": true,
      "endpoint": "http://localhost:4318",
      "serviceName": "openclaw-gateway",
      "traces": true,
      "metrics": true,
      "sampleRate": 1.0
    }
  }
}

For the backend, we chose Jaeger—a CNCF-graduated project that provides:

  • OTLP ingestion (HTTP on port 4318)
  • Trace storage and search
  • Clean web UI for exploration
  • Zero external dependencies (all-in-one binary)

What You See: Real Traces from AI Operations

Once enabled, every AI interaction generates rich telemetry:

openclaw.model.usage

  • Provider, model name, channel
  • Input/output/cache tokens
  • Cost in USD
  • Duration in milliseconds
  • Session and run identifiers

openclaw.message.processed

  • Message lifecycle from queue to response
  • Outcome (success/error/timeout)
  • Chat and user context

openclaw.webhook.processed

  • Inbound webhook handling per channel
  • Processing duration
  • Error tracking

From Tracing to AI Governance

Observability isn’t just about debugging—it’s the foundation for:

Cost Allocation

Attribute AI spend to specific projects, users, or workflows. Essential for enterprise deployments where multiple teams share infrastructure.

Compliance & Auditing

Traces provide an immutable record of what the AI did, when, and why. Critical for regulated industries and internal governance.

Performance Optimization

Identify slow tool calls, optimize prompt templates, right-size model selection based on actual latency requirements.

Capacity Planning

Metrics trends inform scaling decisions and budget forecasting.

Getting Started

If you’re running AI agents in production without observability, you’re flying blind. The good news: implementing OTEL is straightforward with modern frameworks.

Our recommended stack:

  • Instrumentation: Framework-native (OpenClaw, LangChain, etc.) or OpenLLMetry
  • Collection: OTEL Collector or direct OTLP export
  • Backend: Jaeger (simple), Grafana Tempo (scalable), or Langfuse (LLM-specific)

The investment is minimal; the visibility is transformative.

At it-stud.io, we help organizations build observable, governable AI systems. Interested in implementing AI observability for your team? Get in touch.