What changed: Argentina proposed a bill to create a new category of "non-human corporations" where AI agents or robots would run company operations, but a human administrator must formally oversee decisions and remain liable for outcomes. The reform would make Argentina the first country to explicitly recognize AI-run companies in corporate law, while confirming that firms remain responsible for any damage caused by AI or algorithmic systems.
Why it matters: Founders exploring AI-first or AI-run businesses can test aggressive automation models, but will still need named human directors and governance processes if they operate in or sell into Argentina. The emphasis on liability and digital IDs for AI agents signals that regulators expect clear accountability trails, which will shape how agentic systems are documented and audited.
Try/watch: Map where AI agents already make operational decisions in your company and assign explicit human owners for each domain, so you are ready if similar rules spread beyond Argentina.
What changed: Cryptonite announced its Personal AI Agent Hub, positioning it as an "Intelligence Command Center" that lets members connect and orchestrate multiple external large language models alongside native Cryptonite agents. The hub uses the Model Connection Protocol (MCP), an open standard acting as a universal connector, enabling multi-agent workflows with intelligent handoffs for research, deal sourcing, outreach, due diligence, and strategic execution.
Why it matters: Instead of building custom glue code for every model and agent, operators can use hub-style platforms to coordinate different specialized agents in one place, reducing integration overhead and speeding up experimentation. This architecture, where a primary orchestrator agent manages context and delegates tasks to other models, offers a practical blueprint for many internal "AI ops" stacks.
Try/watch: Start by defining one end-to-end workflow—such as sourcing and qualifying deals—and test hub-based orchestration with a central coordinator agent plus a few task-specific agents, measuring throughput and error rates.
What changed: A security blog reports that the first half of 2026 has seen a shift from simple AI-assisted attacks to highly automated, multi-stage operations driven by AI tools and agents. On May 10, 2026, investigators documented a fully autonomous post-exploitation attack in which an LLM-driven agent compromised an internet-exposed marimo notebook via a specific CVE, harvested cloud credentials, and navigated local directories with goal-oriented independence in under an hour.
Why it matters: As organizations deploy generative models and autonomous agents into production, they create a new, complex attack surface where AI can both exploit and amplify vulnerabilities at machine speed. Traditional defenses tuned for human-paced intrusions will struggle against agents that can discover, pivot, and persist without manual scripting.
Try/watch: Treat agentic AI components as high-risk assets: inventory where agents have network or system access, enforce least-privilege permissions, and simulate autonomous attack scenarios to validate monitoring and incident response.
What changed: The Department of Defense’s internal AI marketplace GenAI.mil has grown to about 1.7 million users and the platform now hosts over 100,000 custom agents; officials said they plan to add more commercial models and push capabilities to higher classification levels.
Why it matters: If you build or sell agentic tools, the DOD is rapidly becoming a major, standards-driven customer — but it will demand tight governance, provenance, and classification-aware deployments. For vendors that can certify security and data controls, this opens procurement opportunities; for operators, it raises new compliance and integration work.
Try/watch: Map any agent integrations, data flows, and vendor SLAs to military-style requirements (data classification, audit trails, cryptographic identity) and monitor the DoD procurement notices on GenAI.mil for vendor onboarding windows.
What changed: Federal identity and zero-trust tooling assume human users; experts argue those assumptions break under thousands of machine-speed agents and recommend cryptographic agent identities, auditable delegation chains, and short-lived credentials as immediate fixes.
Why it matters: Governments and regulated buyers are likely to require different identity, auditing, and revocation guarantees for agentic software — meaning product teams should design for verifiable, ephemeral credentials and end-to-end delegation logs now, not after a policy mandate appears.
Try/watch: Start a low-risk pilot that issues cryptographic, short-lived credentials to a small fleet of agents and record a tamper-evident delegation chain; track OMB/NIST guidance and budget cycles for when agent-specific zero-trust rules are formalized.
What changed: Research and news threads summarized an attack pattern called “agentjacking,” where publicly exposed Sentry error ingestion keys (DSNs) let attackers inject instructions that coding agents (Claude Code, Cursor, Codex in tests) executed with developer privileges — published summaries emphasize high success rates in controlled tests.
Why it matters: Builders and maintainers of agent integrations must assume third‑party telemetry, error, and webhook inputs are hostile. The risk is not theoretical: exposed keys and trusted telemetry channels can give attackers a path to compromise developer environments via the agent’s own trust model.
Try/watch: Immediately audit front-end and repo artifacts for exposed DSNs or telemetry keys, rotate any found credentials, add strict ingestion validation and allowlisting, and require agent vendors to adopt input filtering or MCC (mutual caller checks). Monitor vendor mitigations and published hardening guidance for MCP-style integrations.
What changed: Exabeam expanded its Behaviour Intelligence platform with new tools to secure AI agents and autonomous workflows, doubling its AI- and agent-related behavioural detections to 90 and adding support for Anthropic Claude alongside other major AI platforms. The update extends coverage across Agent Behaviour Analytics, Outcomes Navigator, Nova, Threat Centre, Attack Surface Insights, search, and data collection workflows, and introduces Observra, an open source library for agent telemetry and observability aligned with the OWASP Top 10 for Agentic AI.
Why it matters: As agents start to act on behalf of employees inside core systems, traditional user-based monitoring misses many risky automated behaviours. Dedicated detections for human–agent interactions and autonomous agent activity give security teams a way to spot unusual tool calls, cross-system access, and credential use before they turn into incidents.
Try/watch: Inventory every AI agent interacting with production data and map them to Exabeam-style agent behaviour analytics or equivalent, then define clear playbooks for when Observra-like telemetry shows anomalous autonomous actions.
What changed: Ory launched Agent DX, a product that plugs its identity stack into AI coding agents such as Claude Code, OpenAI Codex, and Gemini CLI through free plugins. Agent DX lets developers build, test, and manage authentication and authorisation workflows from within AI-assisted development environments, complementing Ory’s existing Agent Security offering that focuses on securing agents in production.
Why it matters: Many teams experiment with coding agents inside local development tools and only bolt on access control later, creating inconsistent identity logic across services. Agent DX lets developers bake enterprise-grade auth into agent-generated code from day one, reducing the risk of shadow APIs, hard-coded secrets, and mis-scoped permissions.
Try/watch: Enable Agent DX or similar plugins in your IDE, mandate that any agent-generated service uses the same central identity provider, and review how much auth-related boilerplate your developers can safely offload to agents.
What changed: The Pentagon is piloting AI agents to automate parts of its Authority to Operate (ATO) process, aiming to compress compliance timelines that can currently stretch to two years. The department’s Chief Digital and AI Officer highlighted how generative and agentic AI could handle documentation and other compliance tasks, and announced the Agent Network, a program pairing combatant commands with commercial AI and defense tech firms to deploy agentic AI into operations.
Why it matters: If AI agents can reliably generate and update compliance paperwork, software teams can ship secure capabilities faster instead of waiting years for approvals. The Agent Network also signals growing demand for operational agentic AI that can fuse intelligence sources and deliver decision-ready information to commanders.
Try/watch: Track how the ATO pilots define guardrails for compliance agents, and adapt those patterns—templated controls, supervised document generation, and audit trails—for internal governance workflows in your own organisation.
What changed: Berkeley RDI’s Agentic AI Weekly highlights new research arguing for an AI-centric approach to agent development, where a base scaffold is provided and the agent learns how to organise topology, tools, and memory from experience and feedback. The newsletter introduces OpenSage, an Agent Development Kit that supports self-generating agent topology and dynamic tool synthesis, letting agents create and register their own tools and run them asynchronously in sandboxed environments.
Why it matters: Most current agent systems still depend on human experts to hand-design agent graphs, tool sets, and memory layouts, which does not scale across diverse tasks. Toolkits like OpenSage point to a future where agents autonomously configure sub-agents, tools, and skills, lowering the engineering overhead to deploy complex multi-agent workflows.
Try/watch: Experiment with ADKs that support AI-driven topology and tool creation, and evaluate where self-organising agents can replace brittle, manually wired task graphs in your product or operations stack.
What changed: A Forbes analysis argues that many firms still treat agentic AI as upgraded chatbots, but at scale these agents expose weaknesses in cost control, governance, data architecture, and operational efficiency. The piece emphasises that proactive agents continuously monitor conditions, make decisions, call tools and APIs, and trigger thousands of small, context-rich interactions, requiring a platform-first approach: build the control plane and strengthen data and infrastructure layers before scaling agents across the enterprise.
Why it matters: Moving from demo agents to production workloads without robust platforms can overwhelm existing infrastructure and budgets, even if individual agents appear inexpensive. Founders and operators who invest early in shared agent platforms and governance avoid fragmented deployments that are hard to secure, scale, and measure.
Try/watch: Before greenlighting broad agent rollouts, define an internal "agent platform" with central routing, observability, cost controls, and data safeguards, and pilot agents only on top of that foundation rather than inside isolated teams.
What changed: Vorlon announced Guardian, a real-time enforcement gateway that sits between AI agents and every system they touch (SaaS, cloud data stores, homegrown apps) and can block or mask agent actions before transactions complete.
Why it matters: Companies that deploy agents can no longer treat visibility alone as enough; Guardian claims to enforce policies at the protocol level so destructive or unauthorized agent writes can be stopped in-flight rather than only detected after the fact. That changes how operators think about risk for agent-driven automation.
Try/watch: If you run agents that hold credentials or perform cross-system actions, run a limited pilot that routes a small set of agent traffic through an enforcement gateway or proxy to validate blocking/masking behavior and measure false positives before expanding enforcement.
What changed: Couchbase released the AI Data Plane to provide persistent agent memory, a discoverable Agent Catalog, and an enterprise-supported self-managed MCP server so agent sessions, vectors, documents and cache are available from cloud to edge.
Why it matters: Many production agent failures are data problems — inconsistent context, fragmented memory stores, and slow retrieval — and Couchbase positions this product to collapse those silos so agents get low-latency, consistent context at decision time, which simplifies moving agents from pilot to production.
Try/watch: Evaluate the AI Data Plane for use as a single persistence layer in one agent workflow (e.g., customer service or field operations) and measure latency and retrieval consistency; watch for the promised Trino adapter (noted as coming in Q3) if you need lakehouse federation.
What changed: Datadog announced it acquired Adaptive ML, a startup working on Reinforcement Learning Operations (RLOps), and will fold the team into Datadog AI Research to build models and agent tooling for observability and security use cases.
Why it matters: For operators building specialized agents, RLOps tooling and research access to real-world infrastructure signals matter — Datadog is signaling a push to own the feedback loop that continuously improves agents for monitoring, incident response, and security. Expect nearer-term product integration that surfaces agent-driven model tuning and continuous learning.
Try/watch: If you rely on Datadog for observability, watch upcoming product releases for RLOps features (continuous agents/models, experiment tracking, or replay capabilities) and plan a pilot to feed labeled incident data into any new agent-training pipelines.
Create an agent from a short prompt, connect a gateway later, and pay mainly for active runtime.
Hosted agent
OpenClaw or Hermes