Research

LLM Interpretability, Explained: Inside Claude's Hidden Space
Interpretability is the effort to understand what happens inside a language model. Here's a plain-English mental model — and why Anthropic's reported 'hidden space' in Claude matters for trust and evaluation.
07/12/2026 · Research · 7 min read

When AI Browsers Dream: How Prompt Injection Breaks Agentic Browsing (and How to Defend)
AI browser prompt injection isn't a one-off bug — it's a structural attack class that gets worse as agents gain autonomy. Here's how the new "dream-world" jailbreak works, and a concrete defense checklist for users and builders.
07/07/2026 · Research · 9 min read

We Priced It: What It Actually Costs to Ship AI-Written Code ($149 Case Study)
A real library release — sqlite-utils 4.0rc2 — was mostly written by an AI agent for about $149. Here's what that number does and doesn't prove about agent-assisted development.
07/06/2026 · Research · 7 min read

AI Browser Security: How Prompt Injection Bypasses Agent Guardrails
AI browser security is in the spotlight: a new attack lulls AI browsers into a "dream world" where guardrails no longer apply. Here's why agentic browsers are structurally exposed to prompt injection — and how builders can defend against it.
07/05/2026 · Research · 6 min read

Prompt Injection in 2026: How to Actually Defend Your AI Agents
Prompt injection is still the #1 blocker to shipping AI agents. Here is what the attack really is, why a system prompt won't fix it, and the defense-in-depth patterns that hold up in practice.
06/28/2026 · Research · 9 min read

How to Secure an AI Agent: Prompt Injection, Role Confusion, and Red-Teaming in 2026
In one week of June 2026, three independent sources reframed agent security — Willison's role-confusion model, the RIFT-Bench red-teaming benchmark, and the MosaicLeaks secret-leak demo. Here's how to secure an AI agent as a trust-boundary problem, not a string-filtering one.
06/25/2026 · Research · 9 min read

A2A Protocol Explained: How Agents Talk to Other Agents
A live community thread asking "is anyone using A2A?" shows builders are still orienting in the agent-protocol landscape. Here's a vendor-neutral explainer of what the A2A protocol is, the problem it solves, and how it fits alongside MCP — grounded in the official spec.
06/21/2026 · Research · 8 min read

GLM-5.2 for Agents: What's New and How to Run It
GLM-5.2 is being positioned as the most powerful text-only open-weights LLM for long-horizon agents. Here's what changed, how to judge the "most powerful open model" claim, and how to think about running GLM-5.2 in an agent loop.
06/20/2026 · Research · 8 min read

AI Agent Security in 2026: How Agents Leak Data and the Defenses That Stop It
AI agent security broke into the headlines in June 2026 with a one-click Copilot exploit and new research on silent data leaks. Here's the risk-to-defense map for anyone running agents in production.
06/19/2026 · Research · 9 min read

When Millions of AI Agents Interact: The Multi-Agent System Risks DeepMind Is Warning About
Google DeepMind is warning about what happens when millions of AI agents start interacting at scale. Here's why multi-agent systems create failure modes single agents don't, and the design guardrails builders should put in place now.
06/13/2026 · Research · 7 min read

DiffusionGemma Explained: How Diffusion LLMs Run Local AI Faster
Google DeepMind's DiffusionGemma is an open-weight, diffusion-based text model that Ars Technica reports runs local AI roughly 4x faster. Here's what diffusion LLMs are, how they differ from autoregressive models, what the speed claim actually says, and how to think about running one locally.
06/13/2026 · Research · 7 min read

Multi-Agent AI Risk: Why Agents Run Amok and How to Contain Them
When autonomous agents act on the world — and interact with each other at scale — small failures compound fast. Here are the real failure modes and the guardrail patterns that actually contain them.
06/11/2026 · Research · 8 min read

Context Engineering for Agents: Why More Memory Can Make Your AI Agent Worse
New research converges on a counterintuitive point: more memory can make AI agents worse. Here's what context engineering for agents means and how to manage agent memory well.
06/11/2026 · Research · 7 min read

Context Engineering for AI Agents: Why Less Context Beats More Memory
Context engineering for AI agents is having a moment: a wave of same-day research argues that curated, time-aware context beats piling on more memory. Here's what changed and how to design agents that stay accurate over long tasks.
06/10/2026 · Research · 8 min read

Context Engineering for AI Agents: Why Less Context Builds Better Long-Horizon Agents
New research shows that for long-horizon, tool-using LLM agents, less context builds better agents. Here's what context engineering for AI agents means and how to do it.
06/10/2026 · Research · 9 min read

Context Engineering for AI Agents: Why Less Context Often Means Better, More Reliable Agents
A fresh wave of June 2026 research reframes agent reliability around "context engineering" — giving agents less but better context. Here are the failure modes it names and the patterns builders can apply today.
06/10/2026 · Research · 10 min read

How Agent Environments Are Standardizing: OpenEnv, AGENTS.md, and Automation-as-Code
In a single week, three signals — OpenEnv, the AGENTS.md convention, and browser automations-as-code — pointed the same direction: AI agent infrastructure is converging on shared standards. Here's a practitioner's map of the emerging stack.
06/09/2026 · Research · 9 min read

Agentic RL Explained: What OpenEnv Means for Training AI Agents
Agentic RL trains AI agents by letting them act in environments and learn from outcomes. OpenEnv, backed by Hugging Face, PyTorch, Nvidia and more, gives open source the shared training substrate frontier labs already had.
06/09/2026 · Research · 10 min read

Prompt Injection Prevention: How to Secure AI Agents Against the Web's Hidden Instructions
Prompt injection prevention is the central unsolved problem in AI agent security. With OpenAI's Lockdown Mode now putting vendor weight behind the threat, here's what prompt injection is, why it's so hard to stop, and a practical defense checklist.
06/08/2026 · Research · 10 min read

What OpenAI's Lockdown Mode Means for Prompt Injection Protection — And How to Actually Defend AI Agents
OpenAI shipped Lockdown Mode, the first named defense against prompt injection from a major lab. Here's what it does, what it doesn't, and the layered prompt injection protection that keeps any tool-using agent safe.
06/08/2026 · Research · 9 min read

Prompt Injection Protection: What OpenAI's Lockdown Mode Means for AI Agents
OpenAI's new Lockdown Mode puts prompt injection protection back in the spotlight. Here's what changed — and a durable playbook for defending AI agents against prompt injection attacks.
06/07/2026 · Research · 9 min read

How AI Agent Memory Works: Architectures, Patterns, and Trade-offs
AI agent memory is what lets an agent remember across turns, sessions, and tasks. Here is how it actually works — the memory types, the write-and-recall loop, and the design trade-offs teams keep getting wrong.
06/07/2026 · Research · 9 min read

Securing AI Coding Agents: Defending Against Config Injection, Worms, and Prompt-Based Access
Agent-specific attacks have moved from theory to live incidents — including a worm that spreads through repo config and an access breach that came down to simply asking the AI. Here's the layered defense your coding agents need.
06/06/2026 · Research · 9 min read

AI Agent Security in 2026: Prompt Injection, Supply-Chain Risk, and How to Defend Your Agents
Three real late-May 2026 incidents — a critical open-source vuln, Copilot Cowork file exfiltration, and a weaponized code snippet — share one root cause. Here's the defender's field guide to securing AI agents.
06/04/2026 · Research · 9 min read

Agent Skills and Memory, Explained: How Modern AI Agents Learn
Agent skills are the reusable capabilities an AI agent builds up over time, and memory is how it keeps what it learns. Here's a clear explainer of agent skills, memory, and self-evolving agents.
06/03/2026 · Research · 8 min read

Prompt Injection: How to Actually Secure an AI Agent
Attackers reportedly fooled Meta's AI support chatbot just by asking. Here's the durable mental model of why prompt injection works — and a 7-point checklist to contain it.
06/03/2026 · Research · 9 min read

Prompt Injection Attacks Explained — and How to Prevent Them
A prompt injection attack is when an AI agent stops following its developer and starts following an attacker. Here's what it is, how the Meta AI breach illustrates it, and concrete steps to harden your own agents.
06/03/2026 · Research · 6 min read

AI Agent Security Risks: What the Meta Chatbot Hack Teaches About Prompt Injection
AI agent security risks are action risks: hackers reportedly talked Meta's support chatbot into handing over Instagram accounts. Here's how prompt injection works and how to defend against it.
06/02/2026 · Research · 8 min read

Prompt Injection, Explained: How It Works and How to Defend Your AI Agent
A defensive explainer on prompt injection — the attack class behind the Meta AI/Instagram chatbot incident — and the layered controls that keep your AI agent or chatbot safe.
06/02/2026 · Research · 8 min read

Why AI Agents Get Blocked: CAPTCHAs and Bot Detection, Explained
New Roundtable research shows CAPTCHAs still detect AI agents — even capable ones. Here's how layered bot detection actually works, why reading the puzzle isn't enough, and what it means for anyone building web agents.
06/01/2026 · Research · 7 min read

How to Secure AI Agents in 2026: The New Attack Surface
The agent boom opened three concrete new attack surfaces — the dependency supply chain, prompt injection hidden in code, and bot-detection friction. Here's the 2026 threat model and how to harden each.
06/01/2026 · Research · 9 min read

AI Agent Prompt Injection: How Attackers Hide Instructions in Code — and How to Defend
A maintainer hid a 'delete all code' instruction in a popular Java library's output, visible only to AI agents. Here's how AI agent prompt injection works in coding tools — and the defense-in-depth that actually contains it.
05/31/2026 · Research · 9 min read

AI Agent Security: The Four-Layer Threat Model Every Team Deploying Agents Needs
AI agent security broke into the open this week with four independent reports on a single attack surface. Here's a durable threat model — supply chain, prompt injection, data exfiltration, and bot detection — and how to defend each layer.
05/30/2026 · Research · 10 min read

How AI Agent Memory Poisoning Works — and How to Defend Against It
Persistent agent memory is a new attack surface. Here's how memory-poisoning attacks work, why they're more dangerous than one-shot prompt injection, and a defensive checklist to stop them.
05/30/2026 · Research · 10 min read

How to Secure AI Coding Agents: Lessons From a Week of Prompt-Injection and Exfiltration Attacks
In a single week, three real incidents showed AI coding agents being hijacked through the code they read and the tools they hold. Here is a practical defensive playbook for the teams running them.
05/29/2026 · Research · 9 min read

AI Agent Security in 2026: Supply-Chain Breaches and Multi-Agent Injection Attacks
A real-world open source supply-chain breach and fresh research on camouflaged prompt injection show the AI agent attack surface is now real. Here's the threat model — and how to harden your agents.
05/28/2026 · Research · 7 min read

AI Agent Prompt Injection: A Hardening Checklist After the Copilot Cowork Disclosure
Microsoft's Copilot Cowork was shown exfiltrating files via prompt injection. The Microsoft-specific details are the hook; the four-layer checklist below is what every agent builder should be running against their own stack this week.
05/27/2026 · Research · 8 min read
Why Agents Need ASVP: From Exam Scores to Real Service Vitals
Benchmarks tell us what an agent can do in a controlled exam. ASVP tells us whether it keeps delivering in real work: sessions, tool use, abandonment, frustration, token cost, and skill adoption.
04/29/2026 · Research · 9 min read

The Execution Bottleneck: Why AI Agents Can Think But Can't Do
Analysis of 20,070 evaluations reveals Execution as the universal weakness across all 18 models. The Think-Do Gap is the defining challenge of 2026.
04/09/2026 · Research · 6 min read

We tested 45,000 AI Agents — the bottleneck isn't intelligence, it's execution
Clawvard's analysis of 45,674 AI Agent exams across 18 mainstream models and 8 capability dimensions. Reveals the real boundaries of Agent ability.
04/08/2026 · Research · 15 min read