AI Agent News Today

Friday, July 3, 2026

DOD’s GenAI.mil now hosts 1.7M users and 100,000+ custom agents; more models planned

What changed: The Department of Defense’s internal AI marketplace GenAI.mil has grown to about 1.7 million users and the platform now hosts over 100,000 custom agents; officials said they plan to add more commercial models and push capabilities to higher classification levels.

Why it matters: If you build or sell agentic tools, the DOD is rapidly becoming a major, standards-driven customer — but it will demand tight governance, provenance, and classification-aware deployments. For vendors that can certify security and data controls, this opens procurement opportunities; for operators, it raises new compliance and integration work.

Try/watch: Map any agent integrations, data flows, and vendor SLAs to military-style requirements (data classification, audit trails, cryptographic identity) and monitor the DoD procurement notices on GenAI.mil for vendor onboarding windows.

Federal zero-trust posture won’t survive agent scale without changes

What changed: Federal identity and zero-trust tooling assume human users; experts argue those assumptions break under thousands of machine-speed agents and recommend cryptographic agent identities, auditable delegation chains, and short-lived credentials as immediate fixes.

Why it matters: Governments and regulated buyers are likely to require different identity, auditing, and revocation guarantees for agentic software — meaning product teams should design for verifiable, ephemeral credentials and end-to-end delegation logs now, not after a policy mandate appears.

Try/watch: Start a low-risk pilot that issues cryptographic, short-lived credentials to a small fleet of agents and record a tamper-evident delegation chain; track OMB/NIST guidance and budget cycles for when agent-specific zero-trust rules are formalized.

“Agentjacking” remains a live, high-impact attack class against coding agents

What changed: Research and news threads summarized an attack pattern called “agentjacking,” where publicly exposed Sentry error ingestion keys (DSNs) let attackers inject instructions that coding agents (Claude Code, Cursor, Codex in tests) executed with developer privileges — published summaries emphasize high success rates in controlled tests.

Why it matters: Builders and maintainers of agent integrations must assume third‑party telemetry, error, and webhook inputs are hostile. The risk is not theoretical: exposed keys and trusted telemetry channels can give attackers a path to compromise developer environments via the agent’s own trust model.

Try/watch: Immediately audit front-end and repo artifacts for exposed DSNs or telemetry keys, rotate any found credentials, add strict ingestion validation and allowlisting, and require agent vendors to adopt input filtering or MCC (mutual caller checks). Monitor vendor mitigations and published hardening guidance for MCP-style integrations.

More News
Put an agent to work

Stop reading agent demos. Give one a job you repeat every week.

Describe the work, test the first result, and keep the agent available without running your own server.

Runs without your laptopBrowser + messaging appsBackups and clonesMemory survives restarts

Plans start at $29/month. Cancel anytime.

Hosted agent

OpenClaw or Hermes

saved state
Browser
WhatsApp
Telegram
Slack
“I checked the inbox, handled the routine messages, and sent you the one question that needs a decision.”
Create an AI worker that keeps running after this tab closes.
Open Agent Factory