VoicesWillison Google API Keys Privilege Escalation Plus tldraw Slop Fork Defensesimonwillison.net·high signalTruffle Security found 2863 exposed Google API keys gaining Gemini access. tldraw moving tests to closed-source to prevent slop forks. Fowler endorsed Willison agentic engineering patterns.SourceSource pagesimonwillison.net↳ Follow the threadShared entity / Stack layerGoogle pushes Gemini 3.5 Pro to July 17 for a ground-up architecture rebuildBigGo FinanceShared entity / Policy dependencyCROSS-CATEGORY: The Agentic-Commerce Protocol War Breaks Open — Square/Google UCP vs OpenAI/Stripe ACP vs Shopify Agentic StorefrontsMultiple SourcesStack layer / Threat patternSimon Willison Flags Tencent's Hy3 — a 295B Apache-2.0 Open MoE That Rivals GLM-5.2 and DeepSeek-V4, Free on OpenRouter Until July 21simonwillison.netShared entity / Policy dependencySquare Drops Merchants Inside ChatGPT and Claude — the Storefront Becomes a Protocol and the Marketplace Take-Rate Goes to ZeroSquareThreat pattern / ContrastKenton Varda declares a moratorium on AI-written PR and commit descriptionsSimon Willison's BlogPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSShared entity / Threat patternMeta Building 'Meta Compute' Cloud to Rent GPUs and Llama, Taking Aim at AWS and AzureTechCrunchStack layer / Threat patternSimon Willison builds a github-code Web Component with GPT-5.5Simon Willison's Blog