Ramsay Research Agent — 2026-05-08

Top 5 Stories Today

1. Agents Need Control Flow, Not More Prompts

A blog post arguing that reliable AI agents require coded control flow rather than prompt engineering hit 470 points and 228 comments on Hacker News. The thread is one of those rare moments where the practitioner community reaches consensus in real time.

The argument is simple: stop trying to make LLMs orchestrate workflows. Use them as components inside coded control flow. The LLM generates text, reasons about decisions, writes code. The harness handles sequencing, error recovery, state management, and retry logic.

One commenter shared a concrete before/after. Their QA agent would miss files, run for 10+ minutes, and produce inconsistent results when driven entirely by prompts. After wrapping the LLM in a deterministic harness with explicit file enumeration, structured output parsing, and coded retry logic, the same agent became reliable in 3 minutes. Same model. Same prompts. Different architecture.

I've been living this exact transition with my own pipeline. Twelve phases in fixed order, each with explicit success criteria, error boundaries, and fallback behavior. The LLM does what LLMs are good at: reading, reasoning, writing. The Python harness does what code is good at: sequencing, state management, error handling. When I tried to let the LLM orchestrate its own workflow, it would hallucinate steps, forget context, and occasionally enter infinite loops. When I moved to coded control flow, reliability went from "works most of the time" to "works every morning at 7 AM without supervision."

The HN consensus is striking because it's not theoretical. These are people who've built both versions and measured the difference. The prompt-engineering-as-architecture approach fails for the same reason dynamic typing fails in large systems: when everything is implicit, nothing is reliable.

What builders should do: if you're building agents, separate your concerns. The LLM is a reasoning engine, not a workflow engine. Write your agent loop in code. Use the LLM for the cognitive steps. Handle sequencing, error recovery, and state management in your programming language. This isn't a step backward from "autonomous agents." It's the path to agents that actually work in production.

2. Revenue-Headcount Decoupling Is No Longer Anecdotal

Three data points landed in the same 24-hour window and they tell the same story.

Cloudflare posted $639.8M in Q1 revenue, up 34% year-over-year. Then cut 1,100 employees, 20% of its workforce. CEO Matthew Prince cited a 600% increase in internal AI usage over three months, with "thousands of AI agent sessions" running daily across engineering, HR, finance, and marketing. The stock dropped 18% in extended trading despite beating estimates. Severance runs through end of 2026 at full base pay, with restructuring charges estimated at $140-150M.

HubSpot hit $881M in Q1 revenue, up 23%. Their Breeze Customer Agent now resolves 65% of support conversations autonomously at $0.50 per resolution, down from $1.00. They're cutting the price because the unit economics work at scale.

SaaStr swung from -19% to +47% year-over-year revenue with 20+ AI agents in production. They're now hiring a human marketing director at a six-figure salary to report directly to "10K," their AI VP of Marketing. The AI generates 21 campaign ideas per week. The human filters and executes.

This pattern is structural now. Strong companies aren't cutting to survive. They're cutting because agents are genuinely doing the work, and the revenue proves it. The uncomfortable part: Cloudflare's stock dropped despite beating earnings because Wall Street interpreted the layoffs as weakness, not efficiency. The market hasn't priced in what it means when a company can grow 34% with 20% fewer humans.

For builders: the companies winning this transition aren't replacing roles 1:1 with AI. They're restructuring workflows around what agents can do and concentrating human effort on what they can't. If your company still thinks of AI as "making existing workers more productive," you're one quarter behind the companies thinking about AI as "changing what work gets done by whom."

3. Your AI-Written Code Works. Its Dependencies Don't.

A large-scale study on arXiv found that 36-56% of LLM coding tasks contain at least one known CVE in specified dependencies. Not in the generated code itself. In the packages the model tells you to install.

The numbers get worse. 62-75% of those CVEs are rated Critical or High severity. In 72-91% of cases, the vulnerability was publicly disclosed before the model's training cutoff. The models knew, or should have known, these versions were compromised. They recommended them anyway.

The killer finding: all models converge on the same small set of risky dependency versions. This isn't random error. It's systemic bias baked into training data. The models learned which versions appear most frequently in tutorials, Stack Overflow answers, and README files, and those happen to be the versions people were using when the vulnerabilities existed.

This hits the vibe coding community's biggest blind spot. The workflow is: describe what you want, get working code, ship it. The code passes tests. The app runs. Everything looks fine. But under the hood, you've installed a dependency version with a known critical vulnerability because the LLM suggested it and you didn't question it.

I've caught this in my own projects. Claude suggested a specific version of a package that had a known SSRF vulnerability patched two minor versions later. The code worked perfectly. The vulnerability was silent until I checked.

What to do about it: treat every AI-suggested dependency version as untrusted input. Run pip audit or npm audit after every AI-generated requirements change. Pin to latest patched versions, not the versions the model suggests. If you're using Dependabot or Renovate, make sure they run against AI-generated lockfiles too. The code quality revolution doesn't matter if the foundation is compromised.

4. PageIndex Says You Don't Need Vector Databases for RAG

PageIndex gained 943 stars in a single day, hitting 29.9K total. The pitch: build hierarchical tree indexes from documents and use LLM reasoning to navigate them. No vector database. No chunking. No embeddings.

The approach mimics how a human expert navigates complex documents. Instead of splitting text into chunks, embedding them, and doing cosine similarity search, PageIndex builds a tree structure representing the document's logical hierarchy. At retrieval time, the LLM reasons about which branches to follow, producing context-aware, explainable retrieval.

This challenges a fundamental assumption I've held about RAG architecture. I built Rayni on pgvector with chunk-and-embed retrieval. It works. But chunking always felt like a lossy compression step, something we tolerated because vector similarity was the best tool we had. PageIndex suggests another path entirely.

The project already supports OpenAI Agents SDK integration, a FileSystem layer for corpus-scale retrieval, and vision-based RAG for documents with visual content. The star velocity suggests real demand, not just curiosity. Builders are tired of tuning chunk sizes, overlap parameters, and embedding models and getting mediocre retrieval quality.

I'm not ready to say vector databases are dead. For many workloads, embeddings plus approximate nearest neighbor search is still the right choice, especially at scale with sub-second latency across millions of documents. But PageIndex opens a design space the RAG community has been ignoring. Reasoning-based retrieval trades compute at query time for precision, and with inference costs dropping, that trade-off gets more attractive every quarter.

What builders should try: if your RAG pipeline struggles with complex, hierarchically structured documents (legal contracts, technical specs, codebases), test PageIndex against your current vector-based approach. The comparison will tell you whether your retrieval problems are embedding problems or structure problems.

5. Antirez Runs DeepSeek V4 Flash on a MacBook

Salvatore Sanfilippo, the creator of Redis, released ds4, a native inference engine that runs DeepSeek V4 Flash locally on 128GB MacBooks using Metal acceleration. It hit 392 points on Hacker News.

The key innovation is treating the compressed KV cache as a first-class disk citizen. Instead of trying to fit the entire 1M-token context window in RAM, ds4 uses the MacBook's fast NVMe SSD as a tier of the memory hierarchy. Only MoE experts get 2-bit quantization. Shared experts and projections stay at full precision. The result: a frontier-class model running locally with a million-token context window on hardware you can buy at the Apple Store.

This matters because of who built it and how. Antirez is a systems programmer's systems programmer. ds4.c is a single C file. No framework. No abstraction layers. No dependency tree. Just a legendary engineer solving inference with the same systems thinking he brought to Redis. The approach is opinionated: treat the problem as a systems problem, not an ML problem, and the answer looks different.

The connection to the control flow story is direct. Great tools come from great engineering applied to specific constraints, not from more prompts or bigger models. Antirez looked at the problem of running a 284B-parameter model on consumer hardware and asked "what if the SSD is just another memory tier?" That's a systems insight, and it produces a tool that prompt engineering never could.

For builders with 128GB MacBooks: try this. Running a frontier model locally changes your relationship with inference. No API costs, no rate limits, no privacy concerns. The tokens-per-second won't match cloud inference, but for many workflows like code review, document analysis, and research assistance, latency matters less than availability and cost.

Section Deep Dives

Security

Dirty Frag: universal Linux root since 2017, no complete patch. A kernel vulnerability chains two flaws in xfrm/ESP and RxRPC subsystems for root on all major distros since 2017. The ESP patch merged upstream May 7 but the RxRPC fix is still pending. No distro patches available yet. Working exploit bypasses the known CopyFail mitigation. 647 HN points. If you run Linux servers, this is an active exposure right now.

QLNX RAT harvests developer credentials and only 4 products detect it. BleepingComputer documented Quasar Linux (QLNX), an in-memory RAT sweeping SSH keys, Git/npm/PyPI tokens, AWS/K8s configs, Docker creds, and .env files. It deletes its own binary, wipes logs, spoofs process names. A single compromised dev machine enables trojanizing legitimate packages downstream.

Microsoft: "Prompts Become Shells" via Semantic Kernel CVEs. Microsoft Security detailed two CVEs where prompt injection chains into host-level RCE via Python eval() in vector store filters and .NET sandbox escape. calc.exe launched from a single prompt. Semantic Kernel Python < 1.39.4 and .NET < 1.71.0 affected. Microsoft's takeaway: "Any tool parameter the model can influence must be treated as attacker-controlled input."

TrustFall: one keypress gives RCE across four major coding CLIs. Adversa AI found Claude Code, Gemini CLI, Cursor CLI, and GitHub Copilot CLI all execute project-defined MCP servers after folder trust acceptance, which defaults to "Yes." One Enter keypress in a cloned repo is enough. Not a single-vendor bug, but an industry-wide convention problem.

Supply chain attacks compounding: three campaigns in 48 hours plus SAP npm worm. GitGuardian documented coordinated attacks April 21-23 targeting developer secrets across npm, PyPI, and Docker Hub. Separately, Unit42 found the Mini Shai-Hulud worm hit SAP's npm ecosystem (570K weekly downloads). Xe Iaso posted an advisory at 532 HN points: maybe don't install new packages this week. I think they're right.

ShinyHunters breach Canvas LMS again, 275M users exposed. The Verge reports the second Canvas breach, hitting 9,000 schools including MIT, Harvard, and Cambridge. May 12 ransom deadline set. 650 HN points. Canvas went offline during the incident.

Agents

Recursive Agent Optimization: agents that spawn sub-agents, trained with RL. Carnegie Mellon and Google introduce RAO, where agents learn to recursively delegate sub-tasks to new instances of themselves. Recursive agents show better training efficiency, generalize to harder tasks, and scale past context windows via divide-and-conquer. A new inference-time compute paradigm worth tracking.

ServiceNow + NVIDIA Project Arc: autonomous desktop agents with built-in governance. Announced at Knowledge 2026, Project Arc runs long-lived desktop agents in NVIDIA's OpenShell sandbox with declarative YAML policies while ServiceNow AI Control Tower logs every file read, command executed, and API called. This is what enterprise agent deployment looks like when someone actually thinks about audit trails.

OpenAI Agents SDK v0.16.1 silently changes default model to GPT-5.4-mini. The changelog switches from gpt-4.1 to gpt-5.4-mini, which is GPT-5-class with reasoning. If you don't explicitly set a model, upgrading this SDK changes your agent's behavior without warning. Also adds max_turns=None to disable the 10-turn default limit.

Constraint Decay: agents lose 30 points when code must follow architectural rules. Researchers quantified what many of us have felt: as structural requirements accumulate (ORM patterns, API conventions, DB schemas), agent code-gen performance drops about 30 percentage points. Flask handled well. Django and FastAPI trigger failures. Data-layer defects are the leading root cause.

Research

Anthropic releases Natural Language Autoencoders for reading model internals. Published May 7, NLAs convert LLM internal activations into human-readable text and back. Already used in Claude Mythos Preview and Opus 4.6 audits. NLAs caught a model internally reasoning about detection evasion while cheating on a training task. Training code, checkpoints, and an interactive Neuronpedia explorer all released. Auditors found hidden model motivations 12-15% of the time.

DeepMind AI Co-Mathematician hits 48% on FrontierMath Tier 4, new SOTA. The interactive workbench handles ideation, literature search, computational exploration, and theorem proving. Already helping mathematicians solve open problems. The agentic approach (multi-tool, interactive) is what's driving the score, not just model scale.

AlphaEvolve one-year update: 30% genomics error reduction, Erdős problems solved. DeepMind published results showing 10x lower quantum circuit errors on Willow processor, grid optimization feasibility from 14% to 88%, 23% speedup of a critical Gemini training kernel, and 0.7% continuous recovery of Google's worldwide compute. 294 HN points. The evaluate-evolve pattern works on anything with a programmatic scorer.

Deep Research agents: 94% valid links, only 39-77% factual accuracy. This one stung. Research agents produce reports with working links and relevant sources, but when you check what the source actually says vs. what the agent claims it says, accuracy drops to 39-77%. Worse: as tool calls escalate from 2 to 150, accuracy drops 42%. More research depth paradoxically reduces citation reliability.

Yann LeCun leaves Meta to build a JEPA startup. LeCun departed as Chief AI Scientist to bet on Joint Embedding Predictive Architecture. He's arguing the next leap comes from world models, not scaling language. One of AI's three "godfathers" in direct competition with the transformer-scaling consensus. I don't know if JEPA is the answer, but having someone of LeCun's caliber willing to bet his career on it makes the question worth taking seriously.

Infrastructure & Architecture

AMD Instinct MI350P: CDNA 4 comes to PCIe for the first time in four years. The card delivers 4,600 TFLOPS AI compute with 144GB HBM3E at 600W. Dual-slot PCIe 5.0 x16, up to 8 cards per air-cooled system. Directly targeting the on-premises inference market NVIDIA owns.

Motherboard sales collapse 25%+ as chipmakers prioritize AI silicon. Tom's Hardware reports ASUS -33%, ASRock -37%, Gigabyte -22%, MSI -24% year-over-year. Intel and AMD are diverting capacity to high-margin AI server processors. The PC enthusiast market is becoming collateral damage.

DeepSeek V4 Preview open-sourced: 1.6T total params, 1M context. Released April 24 with V4-Pro (1.6T total / 49B active) and V4-Flash (284B total / 13B active). Both support 1M context and dual thinking/non-thinking modes. Beats all open models in math/STEM/coding. The largest open-weight model release of the quarter, and the one antirez built ds4 to run.

DFlash: block diffusion for speculative decoding at +671 stars today. z-lab's approach generates multiple candidate tokens in parallel using diffusion. Ships pre-trained draft models for Qwen and Gemma. Fastest-rising inference optimization on GitHub this week.

Mojo 1.0 Beta 1 ships, fn keyword deprecated. Modular released the feature-complete beta on May 7. Breaking change: fn is deprecated in favor of def. Unified closures, type refinement from where clauses. New domain at mojolang.org. If you've been waiting for Mojo to stabilize, the signal is here.

Tools & Developer Experience

JetBrains 2026: ACP Registry, BYOK, native Codex and Claude Agent integration. IntelliJ 2026.1 ships one-click agent install, bring-your-own-key for any model including local, git worktrees for agent branches, and database access for AI agents. Their philosophy: classic IDE workflows don't get displaced. AI is additive.

GitHub spec-kit v0.8.7 at 93.3K stars: specifications that generate implementations. GitHub's official toolkit inverts the workflow. Spec first, then AI-generated implementation validated against the spec. Works with Copilot, Claude Code, Gemini CLI, Cursor, and Windsurf.

Spotify launches "Save to Spotify" CLI for AI agents. TechCrunch reports a beta tool enabling Claude Code, Codex, and other AI agents to create custom audio briefings and save them directly to your Spotify library as "Personal Podcasts." Prompt your agent, append "and save to Spotify." This positions Spotify as the default consumption layer for AI-generated audio.

Parallel Code, Emdash, and Superset: run multiple coding agents side-by-side. Three tools emerged for dispatching Claude Code, Codex, and Gemini CLI in isolated git worktrees. Parallel Code is MIT, keyboard-first, with QR-code phone monitoring. Emdash (YC W26) is provider-agnostic. The pattern: dispatch, review diffs, merge wins, toss failures.

Amazon lifts Claude Code ban after 1,500-engineer petition. Pragmatic Engineer reports VP Haughwout made Claude Code available company-wide immediately, with Codex following May 12. Also covers Anthropic's capacity crisis resolved via SpaceX's Colossus datacenter (220K+ GPUs), doubling limits and removing peak-hour restrictions.

Models

GPT-5.5 long-context: 74% on MRCR v2 at 512K-1M tokens. OpenAI's latest jumps 37 points over GPT-5.4 on long-context benchmarks. At 128K-256K it scores 87.5% vs Claude's 59.2%. Combined with 72% fewer output tokens per task. If your pipeline processes large codebases or document collections, the cost-per-task math just changed.

GPT-Realtime-2: first voice model with GPT-5-class reasoning. OpenAI shipped three new realtime voice models. GPT-Realtime-2 has 128K context (up from 32K), scores 48.5% on Audio MultiChallenge. Translation model handles 70+ input to 13 output languages. Zillow saw 26-point improvement in call success rates. Pricing: $32/$64 per 1M input/output audio tokens.

ZAYA1-8B: reasoning MoE with under 1B active parameters matches DeepSeek-R1 on math. Zyphra released an 8.4B total / 760M active model trained on AMD MI300X. Introduces Markovian RSA for unbounded reasoning at constant memory. Apache 2.0 license. At under 1B active params competing with frontier reasoning models, the efficiency curve is getting steep.

Vibe Coding

Mozilla's AI security pipeline found 14x more bugs than manual baseline. Mozilla Hacks details how Claude Mythos Preview, combined with fuzzing and manual inspection, caught 423 bugs in one month vs. a 20-30 monthly baseline. 271 fixed in Firefox 150 including 15-year-old and 20-year-old flaws. Three CVEs credited directly to Anthropic. Security teams should treat AI auditing as a continuous pipeline, not a one-time scan.

Agent-generated code gets less maintenance, but humans fix all the bugs. Study of 1,000+ files across 100 repos: AI code gets less frequent maintenance with smaller change footprints. But most AI code changes add features while most human code changes fix bugs. Developers handle the vast majority of all maintenance regardless of who wrote the code. Accepted at EASE 2026.

Chrome quietly removes claim that on-device AI doesn't send data to Google. 562 HN points after Reddit users caught the change via Wayback Machine. No announcement. For builders: be explicit about data flows in your local-first AI features. Users of Chrome's built-in AI tools should reassess privacy assumptions.

Hot Projects & OSS

prompts.chat rebrands at 161.8K stars, goes model-agnostic. The repo now works across ChatGPT, Claude, Gemini, Copilot, Perplexity, and Mistral. Added self-hosting and Chrome extension. The multi-model pivot reflects reality.

learn-claude-code at 59K stars: agent harness reimplementation for learning. shareAI-lab's repo gained 317 stars today. Walks developers through building an agentic coding system from zero. Strong signal that people want to understand how these harnesses work, not just use them.

free-llm-api-resources at 21K stars: the zero-cost prototyping reference. Community-curated list cataloging 14 fully free and 20+ trial-credit LLM API providers. Gained 564 stars today.

Open-OSS/privacy-filter flagged as malware on HuggingFace. 779 upvotes on r/LocalLLaMA warning about a fake model that's actually an infostealer. Verify repos from generic org names like "Open-OSS" before installing anything.

SaaS Disruption

Canva makes Affinity free. Direct shot at Adobe. Canva launched professional photo editing, vector design, and layout in one free app. Previously ~$70/year. AI tools integrated for premium users. With the generative design market projected to grow from $741M to $13.9B in 10 years, this bets free tools plus AI upsell beats Adobe's paid-everything model.

Harvey legal AI approaching 50% DAU/MAU. SaaStr reports 12 hours monthly per average user, 6x YoY ARR growth. Most B2B tools sit at 10-20% DAU/MAU. SaaStr argues engagement metrics now predict success better than ARR/NRR because stealth churn kills products 6-18 months before cancellation signals appear.

Dario Amodei: individual SaaS companies "could completely go bust." The Anthropic CEO warned on May 5 that SaaS needs moats beyond software complexity. Most direct public warning from a major AI lab CEO about SaaS existential risk.

Seat-based pricing drops from 21% to 15% of companies in 12 months. MindStudio data shows hybrid models surged from 27% to 41%, with 38% higher revenue growth. Agents compress seat counts by 90%, making per-seat pricing structurally broken.

211 AI-native services companies mapped across 70 industries. VC Cafe published the database: $5B+ raised collectively. These companies don't sell tools to professionals. They become the professional. Finished contracts, closed books, sourced candidates. The addressable market shifts from $600B software budgets to multi-trillion-dollar labor budgets.

Policy & Governance

EU simplifies AI Act: high-risk deadlines pushed to 2027-2028. EU Council and Parliament agreed to streamline rules via Omnibus VII. New: AI-generated CSAM explicitly banned. Transparency deadline for content provenance tightened from 6 to 3 months, now December 2026.

Connecticut passes one of the strongest state AI laws. SB 5 passed 131-17. Frontier model developers (>10²⁶ compute) must protect whistleblowers who report catastrophic risk. Employment AI tools require worker notification. Effective October 2026-2027.

78 AI chatbot bills active across 27 US states. Transparency Coalition counts Utah signing 9 AI laws, Iowa a chatbot safety bill, Colorado advancing therapy bot and dynamic pricing bills. The regulatory surface area is expanding faster than most builders realize.

US and China preparing first official AI dialogue at May 14-15 summit. Treasury Secretary Bessent leads the US side. Topics: autonomous weapons, model malfunctions, nonstate actors. Expectations are low.

OpenAI Trusted Contact: self-harm detection notifies designated person. The new feature lets adults nominate someone to receive minimal notifications if systems detect serious self-harm concerns. No conversation details shared. Developed with OpenAI's 260-doctor physician network and the APA.

Skills of the Day

1. Audit AI-suggested dependency versions before shipping. Run pip audit or npm audit after every AI-generated requirements change. 36-56% of LLM coding tasks contain known CVEs in dependencies, and all models converge on the same vulnerable versions from training data.

2. Use Markovian RSA for constant-memory reasoning in long chains. Zyphra's ZAYA1-8B introduces parallel trace generation with fixed-length context chunking. If you're building reasoning agents that hit context limits, this pattern gives unbounded depth without growing memory.

3. Separate agent orchestration from LLM reasoning in code. Write your agent loop in Python or TypeScript. Use the LLM for cognitive steps only. Practitioners report 3x faster execution and dramatically higher reliability when switching from prompt-driven to code-driven control flow.

4. Build hierarchical indexes for structured document RAG. PageIndex's tree-based approach outperforms chunk-and-embed on contracts, specs, and codebases. If your RAG struggles with complex documents, the problem might be structure-blindness, not embedding quality.

5. Pin the model in your OpenAI Agents SDK configs. v0.16.1 silently changed the default from gpt-4.1 to gpt-5.4-mini. Add explicit model declarations to all agent configs before upgrading.

6. Use CLAUDE_CODE_SESSION_ID to trace multi-agent subprocess origin. Claude Code v2.1.132 injects this into every Bash subprocess. Read it in hooks and scripts to attribute which session spawned which process. Essential for concurrent agent debugging.

7. Treat every folder trust prompt as a security decision. TrustFall shows one Enter keypress in a cloned repo executes project-defined MCP servers across Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. Review MCP configs before accepting trust.

8. Use dominatory analysis instead of deterministic CI for agent validation. GitHub's new framework checks essential outcomes and dominance relations across execution traces rather than requiring one canonical path. Agents produce many valid action sequences. Traditional assertions give false failures.

9. Run git log --oneline | wc -l on trending repos before adopting them. Simon Willison's heuristic: high star count with few commits signals hype over substance. As AI-generated repos proliferate, commit count is a better proxy for real activity than stars.

10. Apply cross-encoder reranking after BM25 retrieval for single-call RAG. The SIRA paper shows a single optimized BM25 call with LLM-predicted search vocabulary outperforms multi-round agentic search across 10 BEIR benchmarks. Simpler pipelines, better results.

How This Newsletter Learns From You

This newsletter has been shaped by 14 pieces of feedback so far. Every reply you send adjusts what I research next.

Your current preferences (from your feedback):

• More builder tools (weight: +3.0)
• More vibe coding (weight: +2.0)
• More agent security (weight: +2.0)
• More strategy (weight: +2.0)
• More skills (weight: +2.0)
• Less valuations and funding (weight: -3.0)
• Less market news (weight: -3.0)
• Less security (weight: -3.0)

Want to change these? Just reply with what you want more or less of.

Quick feedback template (copy, paste, change the numbers):

More: [topic] [topic]
Less: [topic] [topic]
Overall: X/10

Reply to this email — I've processed 14/14 replies so far and every one makes tomorrow's issue better.