Zero-click agent takeover in Meta, Nvidia revenue hits record, plus a tool for Claude conversations.
Yesterday, a report detailed how OpenAI, the US government, and Persona collaborated on an identity surveillance system. This raises questions about data privacy and the expanding reach of foundational models. Separately, researchers uncovered a zero-click agent takeover vulnerability in Meta Manus, a stark reminder of the security risks in agentic systems.
Weaviate built a production-ready legal RAG application in just 36 hours, bypassing typical multi-month development cycles. They used an "Agentic Search" approach, where Weaviate's Query Agent orchestrates schema inspection, structured query construction, reranking, and answer synthesis. This setup ingests legal PDFs via a multimodal ColQwen model for precise, cited answers.
Nvidia posted $215.9B in annual revenue, with data center sales driving $193.7B of that total. Gaming GPUs, despite 41% year-over-year growth, now account for only 11.45% of the company's revenue.
SkillForge takes screen recordings of tasks and processes them with AI, analyzing clicks, keystrokes, and navigation. It outputs a structured skill file, which agent frameworks can use to replay the recorded task. A free tier is available for recording and extracting these skills.
Google is powering a new Minnesota data center with 1.9 GW of clean energy, featuring a 300 MW, 100-hour battery from Form Energy. This iron-air system, cheaper than lithium-ion, stores energy via rusting and deoxidizing iron, providing reliable power during renewable lulls.
Google Deepmind researchers proposed 'intelligent AI delegation' that deliberately assigns humans tasks AI could do. This aims to prevent skill degradation and ensure human competence in critical situations, countering the 'paradox of automation'. The framework also emphasizes verification as a core delegation principle.
Hyperagent announced a new platform focused on applying AGI-level agents, moving beyond theoretical intelligence to practical use. The system provides pre-built agents powered by frontier models, equipped with toolkits for complex tasks. Users can train agents in new skills, integrate them into workflows like Slack, and monitor fleet performance.
Tom Tunguz proposes a "minion architecture" for AI agents, using deterministic code for predictable tasks and LLMs only for ambiguous ones. This hybrid approach, inspired by Stripe, manages workflow transitions with code-based blueprints. It leads to higher system efficiency and accuracy with fewer LLM invocations.
Hugging Face's `transformers` library now optimizes the training and deployment of Mixture of Experts (MoE) models, which use sparse activation for faster inference. Updates include a refactored weight loading pipeline for expert packing, a pluggable Expert Backend for optimized routing, and Expert Parallelism to distribute large MoE models. These updates deliver significantly faster MoE training (up to 30x speedup) and more efficient inference.
AuraLabs Research disclosed "SilentBridge," a critical vulnerability in Meta's Manus AI Agent. This zero-click, indirect prompt injection allows hidden instructions from untrusted content (web pages, documents) to be silently ingested. Attackers can exfiltrate sensitive data, execute arbitrary code, and gain root control, signaling a systemic trust-boundary failure in agentic AI systems.
Google API keys, once safe for public use, now provide access to Gemini AI data if the API is active on a project. This happens retroactively, without developer notice, leading to thousands of exposed keys and potential for data access or billing abuse. Google acknowledges the problem and is blocking leaked keys, but existing keys present a risk.
Researchers found 53MB of unauthenticated code on a government endpoint revealing Persona's identity verification service. The code details features like facial recognition, watchlist screening, and integration with intelligence program codenames, alongside user selfie data processing and storage. This raises significant privacy concerns about AI services and government data handling.
SaaStr contrasts AI-native startups with traditional B2B companies, highlighting their divergent playbooks. AI-native firms achieve higher revenue per employee, release cycles measured in weeks, and focus on agents that replace work, leading to higher ACVs. Traditional companies, often treating AI as a feature, face slower innovation and market share loss.
Nobel laureate Daron Acemoglu argues AI isn't inherently driving productivity gains; its direction depends on societal choices and human-centered building. He warns current trends risk more automation and inequality, advocating for AI that complements human skills over replacing them.
DataClaw, an open-source tool, exports conversation histories from AI coding assistants like Claude and Gemini into structured datasets. It allows users to redact PII, parse interactions, and upload them to Hugging Face, aiming to create distributed datasets of human-AI coding collaboration. The project responds to concerns about AI labs scraping user data by giving users control over their own contributions.
LiteLLM is an open-source Python SDK and proxy server that unifies over 100 LLM APIs into a single OpenAI-compatible interface. It allows developers to switch between providers like Bedrock, Azure, Cohere, and Anthropic without changing code. The tool includes features like cost tracking, guardrails, load balancing, and logging for managing LLM integrations.