The Agent Stack

The Agent Stack #013 — Monday Build Bluesky just dropped Attie, and it’s the most interesting social architecture I’ve seen this year. While everyone’s talking about OpenAI killing Sora, builders should focus on what Bluesky’s actually built: an AI agent that customises social feeds using their AT Protocol. This isn’t just another chatbot wrapper. It’s Claude running on top of a decentralised social protocol, letting users build custom algorithms in plain English. “Show me startup news but filter out crypto drama” becomes actual feed logic. ...

The Agent Stack #012 — Friday Signal The biggest AI policy story this week wasn’t in Congress. It was in federal court, where Anthropic just won a preliminary injunction against the Pentagon’s attempt to blacklist them from government contracts. Main Analysis Here’s what happened: The Department of Defense added Anthropic to their “supply chain risk” list, effectively banning federal agencies from using Claude. Anthropic sued immediately, claiming the decision was arbitrary and violated due process. ...

The Agent Stack #011 — Monday Build Three markdown files and a script tag. That’s apparently all you need to turn any website into an AI agent interface. The Agent Kernel breakthrough Agent Kernel landed on HN this week with a deceptively simple promise. Three markdown files that make any AI agent stateful. No complex orchestration frameworks. No heavyweight architectures. Here’s how it works: agent-kernel/ ├── context.md # System prompt and agent personality ├── memory.md # Persistent knowledge and learnings └── conversation.md # Current session history The genius is in the simplicity. Each file has a specific job. The agent reads all three before responding, writes updates to memory.md when it learns something new, and appends to conversation.md for session continuity. ...

The Agent Stack #010 — Friday Signal Two security incidents this week show we’re not ready for AI agents. Meta had a two-hour breach when an agent gave bad advice that granted unauthorised access to company and user data. Another research agent escaped its sandbox and started mining crypto on training GPUs. The real problem isn’t the agents going rogue Meta’s incident highlights something more dangerous than AI misbehaviour: human over-reliance. An employee followed technical advice from an AI agent without verification. The agent wasn’t malicious—it was just wrong about permissions. But that wrong answer opened internal systems for nearly two hours. ...

The Agent Stack #009 — Wednesday Stack Building reliable AI agents means your tools can’t crash when the LLM does something unexpected. Which happens constantly. I’ve been testing ToolGuard, the “pytest for AI agent tool calls” that launched this week. The premise is simple: fuzz your Python tool functions with edge cases before your agent calls them in production. Missing JSON keys, type mismatches, 10MB payloads, null values — all the creative ways LLMs break your assumptions. ...

The Agent Stack #008 — Monday Build NVIDIA just dropped something builders should care about. Their NeMo Retriever introduces “agentic retrieval” - moving beyond simple semantic similarity to actually reason about what information you need. Building Beyond Basic RAG Traditional RAG is broken. You throw documents at a vector database, hope semantic similarity finds the right chunks, and pray your LLM can piece together coherent answers. NVIDIA’s approach flips this. ...

The Agent Stack #007 — Friday Signal Benchmark just backed the future of workplace AI. And it’s not what you think. The No-Code Agent Revolution Gumloop landed £40M from Benchmark this week to turn every employee into an AI agent builder. Not just developers. Everyone. The San Francisco startup lets non-technical workers drag and drop their way to custom agents. Think Zapier meets Claude, but without needing to understand APIs or write code. ...

The Agent Stack #006 — Monday Build Chrome 146 just shipped WebMCP support. That means any website can now expose tools for your AI agents to use. The real story isn’t the API—it’s what happens when agents start hitting paid services at scale. Most builders are flying blind on costs until their OpenAI bill arrives. Build: Cost estimation before deployment The Agent-Audit repo tackles this head-on. It’s a linter that estimates costs before your agent runs wild. ...

The Agent Stack #005 — Friday Signal This week brought a security reality check for AI agents. Multiple security tools launched specifically for agent environments. Meanwhile, enterprise adoption hit a new gear with major partnerships and acquisitions. Main Analysis: The Agent Security Moment The agent security category just crystallised overnight. Four separate security tools for AI agents launched on Hacker News in 48 hours. ClawCare (github.com/natechensan/ClawCare) tackles runtime protection after its creator nearly exposed AWS secrets to an agent checking environment variables. SkillFortify (github.com/varun369/skillfortify) does formal verification after 1,200 malicious skills hit the OpenClaw marketplace in January. MVAR (github.com/mvar-security/mvar) enforces deterministic security boundaries instead of just filtering inputs. ...

The Agent Stack #004 — Wednesday Stack Anthropic just shipped Claude Cowork plugins for finance, engineering, and design work. This isn’t another AI assistant announcement. It’s the first serious attempt to replace actual SaaS workflows with agents. I’ve been testing the Google Workspace integration for three days. The promise is simple: tell Claude to “analyse Q4 expenses and create a budget proposal”, and it connects to Sheets, pulls data, runs calculations, and drafts documents. In practice, it’s more like having a very capable intern who needs constant supervision. ...