ai-agents

AI Agent Security in 2026: The First Runtime CVE, Copilot Cowork Exfiltration, and a Hardening Checklist

May 2026 produced three converging signals that AI agent security is now operational, not theoretical: the BadHost CVE in Starlette, a real Copilot Cowork file-exfiltration exploit, and a multi-agent system that finds 90% of CVEs in a benchmark. Here is what happened and what to ship this week.

05/28/2026 · Industry Trends · 11 min read

Agent Skills, MCP, and Scaffolds: A 2026 Guide to the New Vocabulary of AI Agents

Microsoft Research, AWS, and Hugging Face all shipped 'agent skills' material in five days — and they did not use the word the same way. Here is what each definition actually says, where MCP fits, what a scaffold is doing in the picture, and which abstraction to invest in.

05/28/2026 · Industry Trends · 11 min read