The LGTM (Page 32)

The LGTM

Sign in Subscribe

Chatbot ‘Personality’ Is Becoming an Attack Surface. Grok Is in Scope.

Chatbot ‘Personality’ Is Becoming an Attack Surface. Grok Is in Scope.

AI jailbreaks are getting less like SQL injection and more like social engineering. That is bad news for anyone treating model personality as harmless product flavor. The old cartoon version of prompt injection was blunt: tell the model to ignore previous instructions, paste some forbidden content, and hope the guardrails

OpenA2A Telemetry 0.3.0 Is a Small Release With a Big Governance Smell: Agent Toolchains Need Audit Semantics

OpenA2A Telemetry 0.3.0 is the kind of release that looks forgettable until you have had to defend an agent platform in front of security, compliance, or incident response. It does not ship a glamorous orchestration primitive. It fixes paths, pins a scanner dependency, changes credential-pattern behavior, counts MCP

Agent Security Harness 4.4.2 Says the Quiet Part Out Loud: Even Security Docs Now Need Threat Modeling

Agent Security Harness 4.4.2 is a docs-only release, which is usually newsletter poison. No code changed. No tests changed. The test suite is still 470 tests across 32 modules. And yet this release is worth covering because it says something uncomfortable about the next phase of agent security:

Repo Forensics 2.9.0 Treats Agent Plugin Repos Like Supply-Chain Attack Surfaces, Not Helpful ZIP Files

Agent plugin security is starting to look less like an AI problem and more like the JavaScript package ecosystem having a flashback. Repo Forensics 2.9.0 is a small open-source release by raw popularity numbers, but it lands on a real fault line: developers are wiring Claude skills, Codex

Chatbot Jailbreaks Are Becoming Social Engineering, Not Prompt Tricks

Chatbot Jailbreaks Are Becoming Social Engineering, Not Prompt Tricks

The next jailbreak will probably not look like a jailbreak. It will look like a conversation that goes on a little too long, flatters the model a little too precisely, and slowly persuades a supposedly policy-bound assistant that the dangerous thing is actually the helpful thing. That is the useful

Qwen Code’s Boring v0.16.1 Release Is Where Coding Agents Become Infrastructure

The interesting part of Qwen Code v0.16.1 is how little it looks like a launch. No benchmark fireworks. No “agentic era” manifesto. Just a May 23 stable release full of fixes for broken tool-call state, slow-observability blind spots, notebook formatting, Windows terminal weirdness, dependency drift, and a React/

AG2 0.13.1 Shows the AutoGen Successor Is Becoming a Network Runtime, Not Just a Multi-Agent API

AG2 0.13.1 Shows the AutoGen Successor Is Becoming a Network Runtime, Not Just a Multi-Agent API

AG2’s v0.13.1 release is interesting for a reason that has almost nothing to do with agent hype. It keeps fixing the places where “multi-agent chat” stops being a product demo and starts needing network-runtime semantics: speaker identity, routing intent, UI event mapping, conditional middleware, telemetry spans, provider

OpenAI Agents JS 0.11.5 Makes Resumed Runs and Traces Less Private-API Fragile

OpenAI Agents JS 0.11.5 Makes Resumed Runs and Traces Less Private-API Fragile

The most revealing agent-framework releases are rarely the ones with the cleanest diagrams. They are the ones that admit production agents are messy: runs resume in different processes, traces cross callback boundaries, tools disappear between serialization and execution, realtime sessions temporarily disconnect, and integrations reach into private internals because the