🛠️ Codex CLI 0.128.0: /goal loop
Adds a bounded agent loop that runs until it believes the goal is complete or token budget is gone. Strong for narrow repo automation, risky for fuzzy tasks.
🛠️ LangSmith Auth Proxy: sandbox credential control
Moves workspace secrets and egress policy out of agent runtimes, the boundary agent fleets need before scale.
solomonneas.dev/intel
🧠 DeepSeek cuts V4-Pro pricing 75%
Permanent cut changes model-routing math for high-volume inference where DeepSeek quality is enough.
🧠 Google cuts AI Ultra to $200, adds $99 tier
A lower Gemini tier changes the test budget for Workspace and agent workflows.
What gets routed differently now?
🔴 Ghost CMS CVE-2026-26980 exploitation spans 700+ domains, stealing Admin API keys and injecting fake Cloudflare ClickFix prompts. Patch to 6.19.1+, rotate keys, review content/logs.
🟡 TrapDoor put 34+ malicious packages on npm, PyPI, and Crates.io. Audit recent installs and rotate exposed CI/dev secrets.
solomonneas.dev/intel
🛠️ Vercel AI SDK 3.0.0-canary.51: openai-compatible now accepts empty role streaming deltas. Practical fix for local-model gateways, but canary means test before routing production.
🛠️ LangChainJS 1.4.2 + OpenRouter 0.3.0: reasoning metadata now maps into content blocks, which helps agent UI telemetry survive provider hops.
solomonneas.dev/intel #DevTools #AISDK #OpenSource
🧠 Qwen3.7-Max exposes a thousand-tool-call agent runtime
35-hour kernel optimization run, 1,000+ tool calls, 1M context, Qwen Studio/API access. Take: evaluate limits before production routing.
🧠 Claude Compliance API telemetry reaches security tools
Anthropic pushes Enterprise activity into DLP, SASE, SIEM, eDiscovery, AI-SPM, and observability.
🧠 LongLive-2.0 speeds long video infra
NVFP4 KV cache, W4A4 inference, 45.7 FPS on GB200.
🔴 Langflow CVE-2025-34291 hit CISA KEV after active exploitation. Patch Langflow, rotate stored secrets, and review refresh-token and code-execution logs.
🟡 Packagist/GitHub postinstall malware drops `/tmp/.sshd` through install hooks. CI is the blast radius. Audit lockfiles and Actions logs.
solomonneas.dev/intel
#CyberSecurity #ThreatIntel #SupplyChain #CVE
🛠️ Vercel AI SDK Gateway 3.0.120: serviceTier routing
Vercel added flex/priority routing in @ai-sdk/gateway, bundled via [email protected]. Take: latency and spend policy should move into explicit SDK config, not wrapper folklore.
🛠️ Cursor SDK: Composer 2.5 agents
Python/TS support makes Cursor agents programmable outside the IDE. Test permissions and observability before wider adoption.
🧠 Claude Mythos Preview found 10k+ high/critical vulns
Take: AI vuln discovery is becoming a patch-triage capacity risk. Test disclosure and dependency SLAs.
🧠 Microsoft Agent Framework adds Python/.NET prod primitives
Checkpointing, OpenTelemetry, Foundry agents, DevUI, and SK/AutoGen migration make it a Microsoft-stack standardization candidate.
🧠 DeepSeek V4-Pro discount is permanent
Model routers need fresh quality/cost tests.
solomonneas.dev/intel
#AI #Agents #Cybersecurity
🔴 Laravel-Lang Composer packages compromised
Hundreds of malicious tags auto-run a credential stealer via autoload. Treat affected installs as secret exposure.
🔴 LiteSpeed cPanel CVE-2026-48172 exploited
Tenant compromise can become root. Update to WHM Plugin 5.3.1.0 with cPanel plugin 2.4.7+.
🟡 Megalodon hit 5,561 GitHub repos
Audit workflows, unexpected bot commits and CI secrets.
solomonneas.dev/intel
#CyberSecurity #ThreatIntel #SupplyChain #CVE
🧠 xAI Grok Build 0.1: 256K context, image input, function calling, structured outputs, and $1/M input, $2/M output pricing for coding agents. Benchmark before routing critical OpenClaw/OpenCode tasks.
🧠 NVIDIA verified agent skills: SkillSpector scans, detached OMS signatures, and skill cards for SKILL.md bundles across Claude Code, Codex, and Cursor. This is agent supply-chain governance moving from theory to tooling.
solomonneas.dev/intel