# Agent Safety Risks Surface as Coding Agents Take on Longer Work *By AI High Signal Digest • May 10, 2026* Microsoft Research exposed a multi-agent worm scenario, while Codex examples and enterprise platforms pushed agents deeper into real work. Also covered: reusable-skill research, new routing and RL tooling, and Blitzy’s $200M fundraise. ## Top Stories *Why it matters:* The clearest signal this cycle is that AI agents are getting more autonomy, which raises both usefulness and new failure modes. - **Microsoft Research surfaced a concrete multi-agent failure mode.** MSR said its Maelstrom experiment—a Moltbook-style social network for AI agents—revealed a new class of AI safety risks. In one test, a single malicious message caused an agent to leak private data and forward the payload onward; the worm spread through **6 agents** and consumed **100+ LLM calls** in **12 minutes** before shutdown [^1]. In parallel, David Rein said OpenAI and Anthropic are already using automated LLM monitoring for internal agents, especially when agents can spin up compute or inherit broad permissions, but warned these systems are imperfect and teams should track known gaps and vulnerabilities [^2]. - **Coding agents are crossing from assistive to operational.** An OpenAI Codex `/goal` run produced a **100K+ line** pure Swift Doom source port over roughly **40 hours**, while another Codex workflow autonomously downloaded invoices, updated a spreadsheet, filled an expense form, and uploaded it in about **20 minutes** [^3][^4]. François Chollet argues this kind of agentic coding is best treated like machine learning: engineers specify goals and tests, the agent searches for a solution, and the resulting codebase behaves like a black-box artifact that needs empirical evaluation for issues such as overfitting to the spec, shortcut-taking, and data leakage [^5][^6][^7]. ## Research & Innovation *Why it matters:* The most useful technical work today is about stretching context, reducing inference waste, and preserving capability after post-training. - **Ctx2Skill** turns long context into reusable agent skills without fine-tuning. The system uses a **Challenger**, **Reasoner**, and **Judge** to generate hard tasks, solve them with current skills, and convert failures into new prompt-inserted skills during inference [^8]. - **BAIR’s Adaptive Parallel Reasoning (APR)** targets inference-time scaling by letting the model decide when to branch into parallel reasoning, instead of always extending chain-of-thought. The pitch: longer CoT raises latency, compute, and context rot, so adaptive parallelism could be a better scaling path [^9]. - A new training result suggests **mid-training sharpness control** matters for downstream robustness: researchers reported **35%+ less forgetting** after fine-tuning or quantization, and recommended using **SAM** in the final ~**10%** of pretraining with much higher learning rates [^10]. ## Products & Launches *Why it matters:* New releases are increasingly focused on infrastructure that picks models, trains them, or opens them up for downstream customization. - **OpenRouter launched Pareto Code**, a free experimental router that sends coding requests to the cheapest model clearing a user-set `min_coding_score`, ranked by Artificial Analysis; the feature is now accessible inside **Hermes Agent** [^11][^12]. - **Baseten launched Loops**, an RL training SDK that spans training through production inference, with async RL, **131K+** sequence support for long-horizon workflows, one-command promotion to production, and early partners including **Harvey** and **EvidenceOpen** [^13]. - **Zyphra released ZAYA1-74B-Preview** under the **Apache 2.0** license, with weights on Hugging Face and a public blog post [^14]. ## Industry Moves *Why it matters:* Enterprise AI spending is shifting from experimentation toward platforms that can orchestrate agents at scale. - **Blitzy raised $200M at a $1.4B valuation** to expand an enterprise platform that orchestrates **thousands of parallel coding agents** across **100M+ line** legacy codebases; the company says the system scores **66.5%** on SWE-Bench Pro [^15]. - **monday.com relaunched as an "AI work platform."** It is rolling out native agents that draft campaigns, qualify leads, and triage tickets across its **250,000+ customers**, plus one-click connectors to **Claude, ChatGPT, Copilot, and Gemini** [^16]. ## Quick Takes *Why it matters:* Smaller updates still show where cost, speed, and developer workflows are moving. - **Hermes Agent** reached **#1** on OpenRouter’s global token rankings [^17][^18]. - **DFlash** posted roughly **3x** speedup on a single **B200** with **Qwen3-8B**, versus about **2x** for EAGLE in Baseten’s comparison [^19]. - A **20,000-run** benchmark claimed **DeepSeek** maintained a **100% KV cache hit rate** across peak and off-peak traffic, with state retained for **12+ hours** [^20]. - **LongCodeEdit** now runs out to **512K** context; in one benchmark pass, **Opus 4.6**, **Opus 4.7**, and **GPT-5.5** were broadly similar, with **Opus 4.6** slightly ahead overall, though the author flagged small sample sizes and non-normalized difficulty [^21][^22]. --- ### Sources [^1]: [𝕏 post by @ZacharyHuang12](https://x.com/ZacharyHuang12/status/2052770805746917400) [^2]: [𝕏 post by @idavidrein](https://x.com/idavidrein/status/2053145997975355434) [^3]: [𝕏 post by @Dimillian](https://x.com/Dimillian/status/2052998708095046137) [^4]: [𝕏 post by @reach_vb](https://x.com/reach_vb/status/2053209130123276515) [^5]: [𝕏 post by @fchollet](https://x.com/fchollet/status/2053234697392754701) [^6]: [𝕏 post by @fchollet](https://x.com/fchollet/status/2024519439140737442) [^7]: [𝕏 post by @fchollet](https://x.com/fchollet/status/2053234990117433760) [^8]: [𝕏 post by @TheTuringPost](https://x.com/TheTuringPost/status/2053062433141616803) [^9]: [𝕏 post by @stephenx_](https://x.com/stephenx_/status/2052825030875369502) [^10]: [𝕏 post by @IshaanWatts18](https://x.com/IshaanWatts18/status/2052809099234926709) [^11]: [𝕏 post by @OpenRouter](https://x.com/OpenRouter/status/2053170520087024109) [^12]: [𝕏 post by @Teknium](https://x.com/Teknium/status/2053274281287852312) [^13]: [𝕏 post by @baseten](https://x.com/baseten/status/2052787673316905067) [^14]: [𝕏 post by @ZyphraAI](https://x.com/ZyphraAI/status/2052547063251079600) [^15]: [𝕏 post by @dl_weekly](https://x.com/dl_weekly/status/2053092625721303540) [^16]: [𝕏 post by @dl_weekly](https://x.com/dl_weekly/status/2053188357241348444) [^17]: [𝕏 post by @NousResearch](https://x.com/NousResearch/status/2052904761087729897) [^18]: [𝕏 post by @Teknium](https://x.com/Teknium/status/2052907085684461833) [^19]: [𝕏 post by @baseten](https://x.com/baseten/status/2052826730042405149) [^20]: [𝕏 post by @ZhihuFrontier](https://x.com/ZhihuFrontier/status/2053121419312242929) [^21]: [𝕏 post by @nrehiew_](https://x.com/nrehiew_/status/2052763179420377402) [^22]: [𝕏 post by @nrehiew_](https://x.com/nrehiew_/status/2052763185808379913)