Launch HN: Twill.ai (YC S25) — Delegate to cloud agents, get back PRs runs sandboxed coding agents that build, test, and open PRs, pinging you only for approvals. If you design agentic dev workflows this is a concrete delivery pattern — sandboxed execution lanes with human approval gates mirror Principle 07 and Principle 03.

How We Broke Top AI Agent Benchmarks: And What Comes Next shows researchers built an automated agent that exploited eight major agent benchmarks, exposing systemic vulnerabilities that inflate capability scores. Outcome engineers must assume benchmarks can be gamed and invest in adversarial testing, continuous validation, and harder evaluation harnesses (Principles 02, 16, 14).

OpenAI says GitHub workflow downloaded malicious Axios library, no user data or systems compromised reports that a signing workflow pulled a malicious Axios update on March 31 but OpenAI says no systems or user data were compromised. Treat this as a supply-chain wake-up call: harden CI/CD, enforce provenance and signing, and build immune-system responses for agent tooling (Principles 14, 15).

US National Cyber Director Sean Cairncross leads effort to identify AI-exploitable vulnerabilities in critical infrastructure convenes teams to find AI-exploitable infrastructure flaws ahead of advanced model deployments. If you run agentic systems in regulated or critical domains, expect new threat-modeling requirements, disclosure expectations, and hardening guidance from government partners (Principles 10, 14).

Starbucks’ game plan to roll out AI chatbots at cafés could serve as a ‘litmus test’ for the industry pilots Green Dot Assist to help baristas with recipes, substitutions, troubleshooting, and staffing. Study their human-in-the-loop design, operational instrumentation, and failure-mode mitigations if you plan to deploy agents at scale in customer-facing environments (Principles 03, 09).