ResearchMOSAIC safe multi-step tool useWweb·medium signalPost-training framework: plan-check-act/refuse loop with preference RL. 50% harmful behavior reduction, 20%+ refusal on injection attacks, preserves benign performance. Tested Qwen2.5-7B, Qwen3-4B, Phi-4. arXiv 2603.03205↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsPolicy dependency / Stack layerReason Less, Verify More: Deterministic Gates Catch a Silent Policy-Violation Failure in Tool-Using AgentsarXivStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivStack layer / ContrastClaude Code's July 10 Update Hardens the Agent Loop Against Forged Approvals: Transcript-Tamper Blocking + 'No Human Input Occurred' NoticesReleasebot (Anthropic Claude Code changelog, corroborated by code.claude.com/docs/whats-new)Stack layer / Threat patternScan for MCP prompt injection at a centralized control plane, and treat every tool response as untrustedObot AIPolicy dependency / Stack layerVercel Ships the Agent-Ops Layer: 'Eve' Framework for Natural-Language Agent Skills and 'Vercel Sandbox' to Fence In Data AccessThe AI InsiderPolicy dependency / Stack layerFirst Recon AI ships AI Security Runtime GA — inline policy enforcement on every agent-to-agent and agent-to-tool callBusiness WirePolicy dependency / Stack layerCodenotary ships AgentMon 3 for agent runtime policy and compliance loggingAI Agent Store