Weekly signal

This briefing covers the week 2026-06-08 through 2026-06-16 and highlights concrete, builder-focused moves that matter for agentic AI in scientific research: a production-ready agent skill bundle for life‑science workflows, fresh arXiv work showing agentic end‑to‑end computational discovery in catalysis, a community protocol proposal for safe agent→instrument control, and a critical security disclosure affecting popular agent frameworks. These are operational signals — not abstract hype — that change how teams will integrate, secure, and audit agents in labs and computational R&D.

What changed

1. Google DeepMind published and updated “Science Skills” — an open collection of agent skills that plugs into Google Antigravity and is released on GitHub (notably v1.0.4 on June 8, 2026). Science Skills exposes >30 curated life‑science database connectors (AlphaFold DB, UniProt, AlphaGenome, etc.) and installable agent skill definitions so agents can run structured bioinformatics and structural-biology tasks inside Antigravity or via the skills installer.

2. Agentic computational research advanced with CatMaster/CatDT: an arXiv preprint (revised June 5/8, 2026) describes CatMaster — a catalysis‑native multi‑agent system (CatDT, a “catalysis digital twin”) that converts natural‑language research intent into coordinated atomistic modelling, mechanism search, kinetics, and closed‑loop catalyst design, reporting near‑leaderboard MatBench results on several tasks. This demonstrates practical, simulation‑first autonomous research at GPU cost ranges accessible to many computational groups.

3. Researchers proposed the Lab Agent Protocol (LAP) — an agent→instrument protocol (arXiv, June 2026) that prescribes InstrumentCards, first‑class reservations, a safety‑fence handshake with operator confirmation tokens, and physically‑typed MeasurementResult schemas (QUDT/UCUM + uncertainty). LAP aims to standardize discovery, safety and reproducibility at the protocol layer for self‑driving labs.

4. Security: Check Point Research published a technical disclosure (June 11, 2026) showing how LangGraph’s checkpointer could be chained from SQL injection to unsafe msgpack deserialization to remote code execution; LangChain patched the issues but the advisory is a real‑world reminder that agent runtimes and persistence are now critical attack surfaces for lab deployments.

What to do with it

• If you run life‑science or bioinformatics agents: evaluate Science Skills (v1.0.4) immediately in a sandboxed Antigravity instance — check required API keys, third‑party licence terms, and pin skill versions; treat the repo as a high‑quality integration shortcut, not a drop‑in trust boundary.

• For computational labs: re-run or reproduce CatMaster results (paper provides code/data pointers) to understand cost/latency tradeoffs and failure modes before delegating long‑horizon design work to agents. Use it as a baseline for automation that remains human‑governed.

• For hardware teams and lab ops: adopt LAP concepts (instrument capability manifests, reservation leases, safety‑fence confirmations, physically typed results) in your instrument adapters and gating logic — even if you don’t implement LAP verbatim, the primitives solve concrete safety, reproducibility, and auditability problems.

• Security and governance: patch and harden agent framework stacks (LangGraph/LangChain etc.), restrict untrusted inputs to persistence APIs, and add monitoring/escape‑hatch controls before connecting agents to instruments or HPC clusters. Treat agent persistence (checkpointers/memory stores) as high‑risk infrastructure.

(Primary sources below.)