AI Agent News Today
Friday, July 3, 2026DOD’s GenAI.mil now hosts 1.7M users and 100,000+ custom agents; more models planned
What changed: The Department of Defense’s internal AI marketplace GenAI.mil has grown to about 1.7 million users and the platform now hosts over 100,000 custom agents; officials said they plan to add more commercial models and push capabilities to higher classification levels.
Why it matters: If you build or sell agentic tools, the DOD is rapidly becoming a major, standards-driven customer — but it will demand tight governance, provenance, and classification-aware deployments. For vendors that can certify security and data controls, this opens procurement opportunities; for operators, it raises new compliance and integration work.
Try/watch: Map any agent integrations, data flows, and vendor SLAs to military-style requirements (data classification, audit trails, cryptographic identity) and monitor the DoD procurement notices on GenAI.mil for vendor onboarding windows.
Federal zero-trust posture won’t survive agent scale without changes
What changed: Federal identity and zero-trust tooling assume human users; experts argue those assumptions break under thousands of machine-speed agents and recommend cryptographic agent identities, auditable delegation chains, and short-lived credentials as immediate fixes.
Why it matters: Governments and regulated buyers are likely to require different identity, auditing, and revocation guarantees for agentic software — meaning product teams should design for verifiable, ephemeral credentials and end-to-end delegation logs now, not after a policy mandate appears.
Try/watch: Start a low-risk pilot that issues cryptographic, short-lived credentials to a small fleet of agents and record a tamper-evident delegation chain; track OMB/NIST guidance and budget cycles for when agent-specific zero-trust rules are formalized.
“Agentjacking” remains a live, high-impact attack class against coding agents
What changed: Research and news threads summarized an attack pattern called “agentjacking,” where publicly exposed Sentry error ingestion keys (DSNs) let attackers inject instructions that coding agents (Claude Code, Cursor, Codex in tests) executed with developer privileges — published summaries emphasize high success rates in controlled tests.
Why it matters: Builders and maintainers of agent integrations must assume third‑party telemetry, error, and webhook inputs are hostile. The risk is not theoretical: exposed keys and trusted telemetry channels can give attackers a path to compromise developer environments via the agent’s own trust model.
Try/watch: Immediately audit front-end and repo artifacts for exposed DSNs or telemetry keys, rotate any found credentials, add strict ingestion validation and allowlisting, and require agent vendors to adopt input filtering or MCC (mutual caller checks). Monitor vendor mitigations and published hardening guidance for MCP-style integrations.
Do not just read about agents. Build one that runs.
Create an agent from a short prompt, connect a gateway later, and pay mainly for active runtime.
Hosted agent
OpenClaw or Hermes