AI Security for Apps reached GA, letting Cloudflare block prompt injection and PII leaks at the WAF layer. On the same day, it also launched RFC 9457-compatible error responses that replace HTML with JSON or Markdown when AI agents hit Cloudflare errors.
GitHub releases the layered defense design of the agent execution platform, and OpenAI releases the instruction hierarchy training data IH-Challenge and model. Responses to prompt injection were received from both infrastructure design and training axes.
Anthropic's new multi-agent code review feature for Claude Code, plus the design split between subagents and orchestration. Also covers the major frameworks and where Codex fits in.
Two approaches to achieve local isolated execution of AI coding agents. On macOS, Agent Safehouse uses OS-native sandbox-exec for kernel-level restrictions, and on Windows, Codex uses the VM-based Windows sandbox.
A prompt-injection attack in a GitHub issue title tricked an AI triage bot into stealing npm tokens, which were then used to publish a malicious package in a five-step supply-chain attack chain.
Design and implementation of Kana Chat, a personal AI agent system that wraps official CLIs. Covers the tmux bridge, context isolation, and tool approval gate that make it safe to run in your own environment.
GitHub has released the Copilot SDK in technical preview. It exposes the Copilot CLI agent runtime as a programmable interface and supports custom tools as well as MCP server connections.
A roundup of four topics around AI agent development and operations in February: a study showing AGENTS.md may be counterproductive, Continue.dev's CI-integrated AI checks, AWS Strands Agents' built-in session persistence, and Docker Shell Sandbox for isolated agent execution.
Microsoft released an open-source framework that can optimize almost any AI agent with reinforcement learning, with little to no code changes. It supports arbitrary frameworks such as LangChain, AutoGen, and Claude Agent SDK.
