Fetching from the wire…
Security2026-07-10 · source-backed
arXiv 2607.08395 observes that persistent agents (long-lived memory, reusable skills, tool-mediated state) have a far larger semantic attack surface than chat assistants, because unsafe content propagates through stored state instead of dying with the session. Nearly all security-critical interactions pass through natural-language token flows: memory updates, tool arguments, retrieved content. Auditing at that boundary at runtime is cheaper than sanitizing every component. This maps directly onto any pipeline that persists findings or skills across runs, which is most self-improving harnesses.
Each link below shares sources, entities, or timing with this story.
Same source domain / Shared topic / Tension
Reported by the same outlet (arxiv.org); overlapping topics (agent, attack, memory, persistent); pushes against this story (against).
Same source domain / Shared topic
Reported by the same outlet (arxiv.org); overlapping topics (agent, cheaper, memory, persistent, through).
Shared entity: Token / Shared topic / Earlier coverage / Tension
Both cover Token; overlapping topics (agent, chat); earlier Token coverage from 2026-03-19.