## Weekly signal

This briefing covers the most relevant human–agent trust developments affecting agentic AI between May 18 and May 26, 2026. Three connected signals dominated the week: (1) enterprise runtimes and on‑device/sandbox deployment as a trust strategy, (2) new research arguing trust must be architected across agent networks, and (3) concrete supply‑chain and release‑pipeline incidents that undercut basic trust assumptions.

## What changed

1) Dell announced "Dell Deskside Agentic AI," a deskside-to-data-center offering that explicitly bundles NVIDIA OpenShell sandboxing, local inference options, and policy controls so enterprises can run multi‑agent workflows locally and keep data inside corporate boundaries (announcement May 18, 2026). This is an explicit industry signal that sandboxed runtimes and on‑prem/local deployment are becoming part of vendor trust postures for agentic systems.

2) A SIGKDD/arXiv vision paper, "Trustworthy Agent Network," published May 18, 2026, argues that trust for agent‑to‑agent (A2A) networks cannot be retrofitted and must be engineered into coordination frameworks from design time. The paper highlights adversarial composition, semantic misalignment, and cascading failures as structural risks that single‑agent alignment methods do not solve.

3) Enterprise and developer trust was shaken by a VentureBeat survey/analysis (May 18) documenting four release‑surface supply‑chain incidents (TanStack worm, OpenAI device compromise, Anthropic source‑map leak, etc.). The analysis shows how CI/CD, packaging, and dependency hooks — not model capability — are the immediate failure modes that break human trust in agentic systems. It also lists concrete pipeline mitigations security teams should adopt immediately.

4) Related research calls for explicit, machine‑readable provenance covering the full agent lifecycle. A May 16, 2026 arXiv paper, "Responsible Agentic AI Requires Explicit Provenance," makes the case that responsibility and remedial action require provable, interventionable provenance records across planning, tooling, execution and publication stages. Although published two days before this week, it is material to the same trust thread.

## What to do with it

- Treat runtime isolation and signed provenance as joint minimums: sandbox agents (OpenShell‑style), record signed, hash‑chained receipts for every planning step, tool call, and external publication. Vendors are shipping these building blocks; start pilots now. - Harden release pipelines immediately: add human gates for publish, pin trusted‑publisher workflow configs, remove unsafe pull_request_target semantics, and audit lifecycle hooks. The TanStack/OpenAI incidents provide a short remediation playbook. - Design agent networks with trust primitives from day one: require identity, capability scoping, semantic contracts, and fail‑safe escalation paths instead of retrofitting these later. Pressure vendors and architects to show A2A trust designs. - Update procurement and board briefings: ask vendors for provenance formats, runtime attestation, CI/CD red‑team scope, and last evaluation dates. Make these vendor questionnaire items mandatory for agent purchases.