Uber automates design specs with agents, a Rust tool secures agent vaults, and Claude adds interactive charts.
A new supply chain threat called 'weightsquatting' emerged yesterday, where malicious actors replace legitimate AI model weights with compromised versions, mirroring package manager attacks. This exposes a critical, often overlooked security vector for builders integrating external models. Meanwhile, Uber showcased an agentic system that automates design specification generation in minutes, demonstrating practical applications for complex design workflows.
Claude now generates interactive charts, diagrams, and visualizations directly within chat conversations. These temporary visuals evolve with the discussion, helping users understand data in real-time. The feature is enabled by default and responds to user prompts for visual creation.
Read full story→Google Maps integrates Gemini models for two major updates: 'Ask Maps' and 'Immersive Navigation'. 'Ask Maps' offers a conversational interface for personalized location questions and recommendations, rolling out in the U.S. and India. 'Immersive Navigation' upgrades driving with 3D map views and clearer guidance.
Researchers found 'weightsquatting,' an attack where manipulated model weights bias LLMs towards attacker-chosen dependencies. These subtle changes survive 4-bit quantization and format conversion, making compromised models a stealthy supply-chain vector. Builders must now vet model provenance, as compromised models could silently steer dependency choices in coding workflows.
A practical 'document poisoning' attack injected three fabricated documents into a local ChromaDB, making a RAG system confidently report incorrect financial data. The attack worked by ensuring poisoned documents had high similarity scores and authoritative framing. This demonstrates a low-barrier threat to RAG system integrity.
Uber built uSpec, an AI agent system that automates design system component specifications directly within Figma. The agent uses the Figma Console MCP to access local files, extract component data, and generate comprehensive spec pages (anatomy, API, properties) in minutes, a task that previously took weeks.
Claude's interactive UI components use a `show_widget` tool call that accepts raw HTML, not markdown, and injects directly into the DOM. This bypasses typical iframe isolation. One builder replicated the pattern for a terminal agent using Glimpse and WKWebView, bringing interactive HTML rendering to CLI environments.
GitHub uses a 'Continuous AI for accessibility' system to triage user feedback, powered by GitHub Actions, Copilot, and internal models. This system automates the analysis and classification of scattered reports, turning them into tracked, prioritized issues. It has reduced backlog and resolution times by 62% and manual administrative time by 70%, allowing human experts to focus on fixing the software.
The author argues AI is entering a new phase, moving from co-intelligence to managing autonomous agents. This shift, evidenced by progress in video synthesis and METR Long Tasks, includes experiments like AI 'Software Factories' that write and ship code, all contributing to a 'rolling disruption' accelerated by potential recursive self-improvement.
Google's ADK is a Python-based, open-source toolkit for building, evaluating, and deploying AI agents. It offers a code-first approach to the entire agent development lifecycle.
OneCLI is an open-source, Rust-based gateway that manages API keys and credentials for AI agents. It acts as a proxy, intercepting agent requests and injecting credentials without direct exposure. The system includes a Rust gateway, a Next.js dashboard, and an AES-256-GCM encrypted secret store, with features like multi-agent access tokens and Google OAuth for teams.
Deep Agents is a new Langchain/Langgraph harness for complex agentic tasks. It includes a planning tool, a filesystem backend, and the ability to spawn subagents.
Agent Clip is an open-source AI agent framework built for local development, featuring memory, tool use, vision, and asynchronous execution. It provides both CLI and web UIs, with file I/O, memory management, and browser automation, including screenshots for multimodal LLM input. The project uses Go with a React frontend.