Mihai Maruseac

@mihaimaruseac
19 Followers
35 Following
49 Posts
Supply chain security @ Google OSS Security Team. Previously TensorFlow Security & OSS (@ Google); Haskell+differential privacy+ML @ LeapYear.
Bloghttps://mihai.page
Mihai MaruseacDec 5
On today's installment of "blog-every-day-until-xmas", I talk about how Anna Karenina applies to the basics of linear algebra (or am I?) https://mihai.page/anna-karenina-linear-algebra/
Why Anna Karenina applies to linear algebra?

All zero vectors are alike; each non-zero vector is a vector in its own way

Show threadMihai MaruseacNov 20

Now, there is some time to reflect and determine what are the next steps to be taken in this space to increase impact. I might have already hinted at some, but next year's conference talks will be about them :)

Thankful again for the entire community! Remember that we need to ensure now that the intelligent creations we are now making with AI don't become the security nightmares of tomorrow.

Mihai MaruseacNov 20
Yesterday I delivered the last talk about model signing, finishing the year with the most conference talks for me. I had an amazing time at all these events throughout the year and it's been awesome to see how we went from releasing model signing in April to getting several adopters by now. There is still a lot of work to be done and I'm grateful for everyone in the @openssf and CoSAI communities that are working in this space.
Mihai MaruseacOct 15
OpenSSFOct 14

Heading to #PyTorchCon 2025? Don’t miss our BoF on Applying DevSecOps Lessons to MLSecOps (Oct 23 | 10:30 AM PDT).

Join Jeff Diecks + @mihaimaruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.

πŸ‘‰ https://sched.co/27QQG

#OpenSSF #MLSecOps

Mihai MaruseacSep 18

> Vibe coding with AI is cool until you get hacked :)

Here are 3 different resources that can help with that, all developed by amazing people at the @openssf AI/ML working group and other OpenSSF WGs.

First, https://openssf.org/blog/2025/09/16/new-openssf-guidance-on-ai-code-assistant-instructions/ is an exceptional guidance on using AI for writing code securely.

Next, a Tech Talk about a secure ML lifecycle: https://openssf.org/resources/tech-talks/securing-the-ai-lifecycle-trust-transparency-tooling-in-open-source/

Finally OpenSSF will soon launch a new @linuxfoundation course, LFEL1012, on using AI coding assistants. Stay tuned!

New OpenSSF Guidance on AI Code Assistant Instructions – Open Source Security Foundation

Mihai MaruseacSep 17

A Pythagoreic date like today's only occurs once a century

>>> for m in [1,2,3]:
... for d in [1,2,3,4,5]:
... y=m**2 + d**2
... y_sq=int(math.sqrt(y))
... if y_sq * y_sq==y:
... print(f"{m**2}/{d**2}/20{y}")
...
9/16/2025

Mihai MaruseacJul 28

At the beginning of the year I wanted to compare models and prompt techniques on several math problems. I also got a common sense one. Today I publish the last article in the series, where I use a vibe-coded Colab to analyze which models are better than others and which prompt techniques are useful.

https://mihai.page/ai-2025-10/

Concluding the AI 2025 puzzle competition

In this article, we summarize the AI puzzle competition from my blog and answer two questions: which model is better and which prompt engineering hint is giving better results. The answers might surprise you, so give this a read :)

Mihai MaruseacJul 9
Some weeks ago, I started doing some work within the scientific Python community (amazing group!). As part of that, we were thinking of extracting pytrees out of JAX, since the scientific computing world would benefit from them. Turns out there is a standalone library providing support, so we wrote a blog post about that and with some examples on how pytrees are useful. You can read it at https://blog.scientific-python.org/pytrees/
Blog - Pytrees for Scientific Python

This blog introduces PyTrees β€” nested Python data structures (such as lists, dicts, and tuples) with numerical leaf values β€” designed to simplify working with complex, hierarchically organized data. While such structures are often cumbersome to manipulate, PyTrees make them more manageable by allowing them to be flattened into a list of leaves along with a reusable structure blueprint in a _generic_ way. This enables flexible, generic operations like mapping and reducing from functional programming. By bringing those functional paradigms to structured data, PyTrees let you focus on what transformations to apply, not how to traverse the structure β€” no matter how deeply nested or complex it is.

Mihai MaruseacJun 21

There are so many quotable bits in this article, but I'll only go for

> We shouldn't have to be telling developers "oh just run it all in Docker". We should have designed this to be fundamentally secure from the get-go.

We really need to create security-by-default AI-tools where tech debt is actually managed, not added to at an exponential rate.

https://xeiaso.net/blog/2025/rolling-ladder-behind-us/

Rolling the ladder up behind us

Who will take over for us if we don't train the next generation to replace us? A critique of craft, AI, and the legacy of human expertise.

Mihai MaruseacJun 15

> economy runs on money, not GitHub stars

That's why we need sustainable open source.

(from https://xeiaso.net/blog/2025/avoiding-becoming-peg-dependency/)

Avoiding becoming the lone dependency peg with load-bearing anime

Xe Iaso's personal website.