Blog
Engineering, thesis, and the post-incident reading list.
Long-form writing from the SynOI team. We will publish slowly. Each post earns its place: no growth-content churn, no thought-leadership filler.
In flight · draft routes live
Routes are up. Full content lands as each post finishes.
Thesis · Industry response · 2026-05-29
DraftWe are not building inside someone else's data cloud
On 2026-05-28, Snowflake announced intent to acquire Natoma (the managed MCP-gateway startup that was, until last week, the cleanest commercial product in our category). The category is real. The bundling is wrong. Here is the argument for keeping the agentic control plane open.
Engineering · Post-incident · 2026-05-24
DraftThe dependency that was never imported
Axios ships 100M downloads a week. On 2026-05-24 it was poisoned, and the attacker never touched the source code. One line in package.json, a remote-access trojan in 1.1 seconds, and the malware erased itself. Here's the divergence trace and the five signals this attack added to our spec.
Engineering · Post-incident
DraftThe Mini Shai-Hulud teardown
A worm with a valid signature, a legitimate build pipeline, and a 14-hour detection lag. What divergence-scoring catches that scanners don't.
Thesis · Founder note
DraftThe 32-day window
On Feb 19, 2026, SynOI transmitted a pre-seed memo under NDA. Thirty-two days later, CSA publicly named the same category. What that gap means, and what it doesn't.
Planned · drafting
Topics in the queue.
Why SRAID is a transparency log, not a database
AWS QLDB, Google Trillian, sigstore Rekor, and SRAID: same shape, four different applications. Why we chose this property package.
Conductor vs Control Tower
Open multi-vendor vs closed single-vendor. What ServiceNow + NVIDIA shipped, what SynOI specs, and where they overlap.
Cross-vendor verifiable memory: the open answer to single-vendor AI memory lock-in
Anthropic's memory feature is excellent, and locked to Anthropic. Here's the open alternative.