VoicesWillison Google API Keys Privilege Escalation Plus tldraw Slop Fork Defensesimonwillison.net·high signalTruffle Security found 2863 exposed Google API keys gaining Gemini access. tldraw moving tests to closed-source to prevent slop forks. Fowler endorsed Willison agentic engineering patterns.SourceSource pagesimonwillison.net↳ Follow the threadShared entity / Policy dependencyFirst Recon AI ships AI Security Runtime GA — inline policy enforcement on every agent-to-agent and agent-to-tool callBusiness WireShared entity / Stack layerJuly's Enterprise Agent Wave: Salesforce Goes Fully Autonomous, Google Consolidates Into a Gemini Enterprise PlatformSalesforce NewsroomShared entity / Stack layerDevelopers Revolt Over Google Deprecating Gemini 2.5 FlashGoogle AI Dev Forum (via Hacker News)Stack layer / Threat patternOpenAI's GPT-Live Adds Async Delegation: Voice Keeps Talking While GPT-5.5 Works in the BackgroundSimon WillisonShared entity / Threat patternNadella Previews a 'Copilot Super App' With Autopilot and 'Scout,' an Agent That Joins Teams Chats and Outlook ThreadsFortuneThreat patternSimon Willison's GPT-5.6 Notes: 'Sol on Medium' Is His New Coding Default, and the Model-Picker Is the Confusing Partsimonwillison.netPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsThreat patternSimon Willison on the origins and best definition of 'Directly Responsible Individuals' (DRI)Simon Willison's Blog