Policy dependency / Stack layer
IAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agents
IAPS
Policy dependency / Stack layer
Guillermo Rauch Argues the Next Battle Is 'Splitting Models From Agents' — and Shows Vercel's Hand With Eve and Sandbox
TechCrunch
Stack layer / Threat pattern
Unit 42 and Zscaler catch web-based indirect prompt injection tricking AI agents into crypto payments in the wild
Unit 42 (Palo Alto Networks)
Policy dependency / Stack layer
CROSS-CATEGORY: The Agentic-Commerce Protocol War Breaks Open — Square/Google UCP vs OpenAI/Stripe ACP vs Shopify Agentic Storefronts
Multiple Sources
Stack layer / Update thread
Simon Willison Flags Tencent's Hy3 — a 295B Apache-2.0 Open MoE That Rivals GLM-5.2 and DeepSeek-V4, Free on OpenRouter Until July 21
simonwillison.net
Stack layer / Contrast
Chinese Open Models Take Up to 46% of US Developer Token Use as Costs Surge
CNBC
Stack layer / Threat pattern
Data-Injection Attacks Widen the Agent Threat Model Beyond Prompt Injection
arXiv
Stack layer / Threat pattern
'The MCP Governance Illusion' — Why Governing Tools Isn't Enough
Cyera / Hacker News