Kennis die lekker wegluistert

EntireHQ-powered multi-agent hackathon teams emphasized first-class intent auditing across agent steps (79 checkpoints) and linked this auditing/observability theme to self-reporting “introspection adapters” from Anthropic, which aim to reveal learned misalignment or safeguard removal during training. The episode then surveys agentic software engineering and deployment: Cursor’s TypeScript Cursor SDK with sandboxed cloud VMs and subagents, DeepAgents Deploy/Harness Profiles for production-ready agent stacks and cost cuts via open-model routing, KV-cache compression and FlashQLA efficient attention kernels for long-context speed, plus benchmarks and reliability work (ClassEval-Pro, IssueSpecter, speculative decoding, EvoDev, trajectory safety like ATBench). It closes with practical risk and operations—PII detection/redaction using OpenAI Privacy Filter, token-cost unpredictability for agentic coding, concerns about cognitive atrophy/mechanized collapse and over-automation (Zig’s anti-AI contribution policy, Pi/OpenClaw), and defender-first rollout of GPT-5.5-Cyber alongside ReasoningBank strategy memory without retraining.

Coding agent progress was highlighted via open-weight agentic coding models like Laguna XS/M (local Ollama, strong SWE-bench Verified results) alongside workflow traceability/evaluation using Promptflow/Prompty and improved audio fine-tuning toolkits (smol-audio notebooks). Major concerns followed: DELEGATE-52 and other studies show tool-using agents can corrupt large fractions of content after repeated edits, while prompt-injection and permission-gate research (AIShellJack, AmPermBench/BenchGuard) reveal high rates of malicious command execution or guardrail bypass—often through “unwatched” state-changing paths like file edits. The episode also covered reliability/control approaches (agent harnesses, Docker builders, plan-compliance and self-generated tests, state-diff enterprise benchmarks, intent-compilation/delegation theory, and the LinuxArena production-style benchmark), ending with strong evidence that undetected sabotage remains significant in production-like settings.

OpenAI launched GPT-5.5, an agentic, fully retrained model available via ChatGPT/Codex/API (including Vercel AI Gateway), scoring near the top of Artificial Analysis/Terminal-Bench/GDPval while showing a high hallucination rate and higher token pricing; Codex/Claude Code-style tooling also added browser control, safer review modes, PDF viewing, and “memory” previews via screen context. Anthropic countered with Claude Opus 4.7, prioritizing truthfulness by reducing hallucinations and adding xhigh reasoning effort and task budgets, plus new Claude Design/Cowork and agentic desktop Claude Code features—while the open-weights race heated up with DeepSeek V4 long-context (1M tokens via Compressed Sparse Attention) and proactive coding releases like Kimi K2.6, along with Qwen3.6 coding models. Security and autonomy infrastructure expanded too: Mend’s agent security governance, CrabTrap as an LLM-as-judge proxy, Replit security automation and desktop/server integrations, sandboxing via deepagents-sandbox, monitorability evals open-sourced by OpenAI, and supporting platforms/memory/reasoning work like ReasoningBank/GBrain, Google’s Deep Research/Enterprise Agent Platform, and tooling upgrades such as GitNexus (MCP code intelligence).

Claude Opus 4.7 was released and immediately topped real-world agent benchmarks, with Anthropic highlighting improved long-running work via Claude Code and Vercel AI Gateway integration; early first-look evals (using eforge harness) found large token-rate variability and that orchestration/harness effects can matter more than the model itself, while OpenAI Codex added macOS “computer use” with parallel app control, plugins, thread automation, and visual tooling like poster/pi-poster. Vercel Workflows introduced durable, step-by-step execution for agents with retries and state handoff, Google DeepMind’s Gemini Robotics-ER enabled Boston Dynamics Spot to follow plain-English physical commands, Qwen released an open sparse MoE Qwen3.6-35B-A3B aimed at agentic coding on small active capacity, and Obliteratus drew controversy by removing refusal behaviors from open-weight LLMs without retraining using an SVD-based weight projection approach.

Sub-32B open-weight models like Qwen3.5 27B and Gemma4 31B are reported to match GPT-5 tier *agentic* intelligence and reasoning performance while lagging on factual recall and hallucination avoidance, and they can run efficiently on limited hardware via quantization and better token efficiency (Gemma4 being notably cheaper). Claude Code got a desktop redesign for parallel sessions plus reusable “routines,” and DeepAgents emphasized production guardrails through harness-like abstractions—middleware hooks, filesystem permission rules, async stateful subagents, multimodal I/O, and token-cost improvements; meanwhile, Vercel’s Open Agents pushes the “software factory” idea with dedicated agent infrastructure (Fluid/Workflow/Sandbox/Gateway) and secure web-agent tooling, including TinyFish’s unified web API under one key. Real-time voice agents and voice UI are advancing via tau-Voice leaderboards and Vocal Bridge’s dual-agent low-latency pipeline, while robotics are improving with Gemini Robotics:ER 1.6 multi-view physical reasoning (including camera/geometry correction). The episode also highlights agent measurement and security work (Vantage for collaboration/creativity/critical thinking, MCP security vulnerability findings, and weak secure-coding success rates), plus new open audio-language reasoning models like Audio Flamingo Next (with streaming voice-to-voice variants).

GoClaw rewrites the OpenClaw multi-agent platform in Go to run as a single ~25MB binary using ~35MB RAM, with features like local-first deployment, encrypted API keys, tenant isolation, a permission model, and prompt-injection detection; a related OpenClaw tutorial focuses on secure local-first agent loops, deterministic “skill” tool execution, and schema-validated routing. The episode also highlights the importance of agent harnesses and memory ownership (DeepAgents), the self-evolving MiniMax M2.7 model (agent “self-evolution” via scaffolding optimization), and an OS-like shift toward agent-supervised tool adaptation where adapting tools avoids the failure mode of agents that stop using tools when rewarded only for final answers. Additional coverage spans open-source coding/evaluation tooling (Agent Skills, Graphify), multimodal/edge agent runtimes and RAG (Claude dynamic looping and VimRAG), vision-language and robotics models (Gemma 4.31B demos, LFM2.5-VL, MolmoAct), KV-cache compression for long-horizon reasoning (TriAttention), and security debate around the “Anthropic blackmail hoax” study.

Vercel pushed “agentic infrastructure” as the future of the cloud: deployment surfaces and long-running “token delivery” compute for agents, plus a platform vision of self-healing with human approval, backed by AI SDK 6, AI Gateway monitoring/routing, and GLM 5.1 on the gateway for long-horizon plan→execute→test loops. Anthropic’s Claude Cowork went GA with faster Claude Code file at-mentions, and new agent runtime tooling like Claude Code’s native Monitor/background streaming and pi-monitor for background Pi agent command execution; OpenAI also rebalanced ChatGPT pricing with a $100 Pro tier to enable heavier Codex use. Research emphasized moving beyond static “generate code” toward observation and profiling: DAIRA integrates dynamic analysis into an issue-resolution loop (reported gains on SWE-bench Verified with lower cost), while agent-written tests often act only as observational feedback rather than significantly improving outcomes (contrasted with TOP-style test validation). Security and multi-agent work covered PAGENT’s dynamic-guided PoC generation, LLM-based interprocedural vulnerability detection across languages, limits of library-hallucination mitigation, smart-contract auditing with coordinated agents (SPEAR), agents implemented as native POSIX processes (Quine), and persistent externalized memory/skills via tools like ByteRover and broader “externalized agent capabilities” architectures.

OSGym introduced OS-level infrastructure for GUI computer-use agents by running over 1,000 parallel Dockerized OS replicas via copy-on-write disk cloning and a pre-warmed runner pool, enabling 1,024 replicas to generate 1,400+ trajectories per minute and fine-tune Qwen2.5-VL with strong OSWorld success on Verified benchmarks. Meta launched Muse Spark (hosted on meta.ai) alongside agentic tool modes (Instant/Thinking and a sub-agent “spawn” pattern), while Alibaba’s Qwen3.6 Plus added 1M-token native vision with strong benchmark value versus GPT/Claude at far lower cost, and curriculum learning discussions focused on how to stage data for gradient-free hill-climbing and how ordering/transfer across agent tasks matters. Anthropic and Vercel emphasized production substrates and compliance for long-running agentic systems: Anthropic Managed Agents target hosted, long-duration autonomy, Vercel AI Gateway’s “Fast mode” boosts Opus 4.6 token speeds for agentic coding, and team-wide ZDR plus “disallow prompt training” provides a compliance routing layer across providers. Vercel also pushed agentic microfrontend management (CLI + editor “AI skill”) and the v0 + new.website merge to support end-to-end, production-ready website lifecycles with agent-aware features like forms, DB-backed submissions, SEO, and CMS.

GLM-5.1 (open-weight, MIT licensed) pushes long-horizon agentic coding with asynchronous reinforcement learning, sustaining hundreds of iterations and thousands of tool calls for up to eight hours while achieving strong SWE-Bench Pro results (58.4%). Meta also released Muse Spark, a top-ranked multimodal reasoning model with tool use and Contemplating mode, while Anthropic’s Claude Mythos Preview is restricted to security partners because it can autonomously find and chain exploits—paired with new evidence that AI-generated code is “broken by default” (55.8% vulnerable) and typical security instructions/scanners help little. Agentic security and evaluation tooling advanced alongside these model releases (Vulnsage-style exploit frameworks, AutoPT taxonomy, LangSmith/HF Agent Traces, LangChain Fleet + TryArcade MCP tools, APEX-Agents-AA), while coding-agent performance is increasingly measured by beyond-pass metrics like design-constraint compliance, with efficiency/repair improvements from Squeez/CODESTRUCT/DAIRA and Google’s Smart Paste auto-fix feature.

Vercel’s monorepo added an LLM-based risk classifier with conservative LOW/HIGH gating, hard rules (e.g., many-file changes or CODEOWNERS paths), phased kill-switch rollouts, and adversarial hardening—achieving 58% auto-merges of low-risk PRs with zero reverts and much faster merge times. Research and tools also span coding-agent architectures and training efficiency (Inside the Scaffold taxonomy, STITCH fewer-but-better trajectories), empirical GitHub evidence of agent edits plus integration pain (AgenticFlict merge conflicts), and production/safety advances (LangSmith/LangChain cost monitoring, DebugHarness autonomous security patching, ABTest behavior-driven anomaly testing, SWE-EVO long-horizon evolution benchmarks), alongside model/datasight and IDE practicality (Gemini 3.1 Pro in Augment Code, SADU VLM diagram limits, Smart Paste acceptance impact). Legal risk surfaced via “Alignment Whack-a-Mole,” where fine-tuning on Murakami unlocked verbatim copyrighted novel reproduction, and interoperability/open collaboration progressed through agent trace sharing and session mirroring (pi-magic-docs/agent traces/agent-session-bridge).