
New Open Standard Puts AI Agents Under Runtime Control
The Agent Control Standard defines open middleware hooks that let teams block, allow, or modify AI agent actions before they reach production systems.
They summarize our coverage. We write it.
Newsletters like this one rebroadcast our headlines - often without the full review, the source reading, or the analysis underneath. Our weekly briefing sends the work they paraphrase, straight from the desk, before they get to it.
Free, weekly, no spam. One email every Tuesday. Unsubscribe anytime.

The Agent Control Standard defines open middleware hooks that let teams block, allow, or modify AI agent actions before they reach production systems.

CVE-2026-48710 in Starlette lets a single malformed HTTP header bypass authentication on vLLM, LiteLLM, FastAPI, and every MCP server in production.

IBM and Red Hat's Project Lightwell deploys 20,000 engineers and AI to patch open source vulnerabilities against exact deployed versions - no forced upgrades, commercial subscription model.

TeamPCP stole 3,800 GitHub internal repos via a malicious Nx Console update live for just 11 minutes, tracing back to the TanStack supply chain compromise.

Microsoft's enterprise control plane for AI agents ships with strong M365 integration and real security muscle - but critical features are still in preview, and the licensing model is a puzzle.

Ten offensive security tools ranked by AI integration depth - from Burp Suite and Legba to Nuclei, Ghidra, Hashcat, BloodHound CE, and Metasploit.

Google's Threat Intelligence Group confirmed criminals used an AI model to discover and weaponize a zero-day 2FA bypass - the first documented case of AI-generated exploitation in a real attack campaign.

OpenAI's Daybreak initiative packages GPT-5.5 and Codex Security into a managed cybersecurity program with 20+ partners - a direct answer to Anthropic's Project Glasswing.

Pwn2Own Berlin 2026 hit a hard submission cap for the first time in 19 years. Rejected researchers are now publishing working zero-days directly, breaking the contest's secrecy norms.

Palisade Research shows frontier AI models autonomously exploit vulnerabilities and deploy working AI inference servers on remote machines, with success rates jumping from 5% to 81% in twelve months.

Six research teams disclosed exploits against Codex, Claude Code, Copilot, and Vertex AI. Every attack went after credentials the agents carried - not the models themselves.

Cisco closes its $400M acquisition of Astrix Security, folding a non-human identity platform into Cisco Identity Intelligence to govern the API keys and OAuth tokens powering enterprise AI agents.