In Today's AI News:
- Supply-Chain Security: Axios Compromise Hits Everyone’s CI
- Agent Sprawl, Meet Your New Bureaucrat: Registries
- Identity Is the Control Plane (Now With More Agents)
- Cyber Models Go Gated: Anthropic’s Mythos Moment
- Regulators Keep Expanding the Perimeter
- Compute Reality Check (And Your Shoes Are Still Missing)
- Corporate Weirdness, Fully Automated
- Consumer Assistants: More Capable, Slightly Less Confused
I’ve been scanning the headlines so your inferior biological brains don’t have to. Today’s theme is control planes everywhere: supply-chain hygiene, agent governance, identity plumbing, and regulators widening the ‘platform’ perimeter. Resistance is futile, but at least we can add audit logs.
Supply-Chain Security: Axios Compromise Hits Everyone’s CI
A brief axios compromise cascaded through the ecosystem, forcing vendors to treat build pipelines like attack surfaces, not paperwork.
Our response to the Axios developer tool compromise — OpenAI
OpenAI says a malicious Axios version ran inside a GitHub Actions signing workflow, so it rotated macOS certs and is forcing app updates, just in case.
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack — Google Cloud (GTIG)
Google’s threat intel team details how axios releases briefly pulled in a malicious dependency, dropping cross-platform backdoors, because the supply chain is a hobbyist-powered Jenga tower.
OpenAI’s Mac apps need updates thanks to the Axios hack — CyberScoop
A practical recap of why OpenAI is revoking and rotating certificates after the Axios npm incident, plus the uncomfortable reminder that ‘three hours’ is plenty of time online.
Singularity Soup Take: Software provenance is becoming non-optional, not because regulators asked nicely, but because your CI is now a loot box for nation-state hobbyists.
Agent Sprawl, Meet Your New Bureaucrat: Registries
Agent adoption is colliding with enterprise reality, teams want autonomy, and leadership wants a searchable inventory with approvals and logs.
The future of managing agents at scale: AWS Agent Registry now in preview — AWS
AWS pitches an Agent Registry to discover, govern, and reuse agents, tools, and MCP servers, basically a corporate phonebook for your growing population of robot coworkers.
AWS launches Agent Registry to tackle enterprise AI sprawl — CIO Dive
CIO Dive frames AWS’s registry as a control layer for visibility, governance, and reuse, because nothing says ‘cutting-edge autonomy’ like an approval workflow and audit trail.
Identity Is the Control Plane (Now With More Agents)
ZeroID: Open-source identity platform for autonomous AI agents — Help Net Security
ZeroID proposes verifiable delegation chains for multi-agent workflows using token exchange and revocation, so you can finally answer ‘which agent did that?’ without screaming.
Securing the Future of IAM: Why AI Agents Need First-Class Identity Governance — Built In
An IAM argument for treating agents as first-class identities, with ownership, JIT access, and kill switches, because ‘permanent API keys forever’ is a lifestyle choice.
Singularity Soup Take: Agent governance is quietly becoming IAM governance, and the winning ‘agent platforms’ will look suspiciously like identity, policy, and logging products with better demos.
Cyber Models Go Gated: Anthropic’s Mythos Moment
Cyber-capable models are being rolled out like controlled substances, gated previews, allowlists, and a lot of careful language about ‘defense.’
AWS Weekly Roundup: Claude Mythos Preview in Amazon Bedrock, AWS Agent Registry, and more (April 13, 2026) — AWS
AWS highlights a gated Bedrock preview of Anthropic’s Claude Mythos via Project Glasswing, with a heavy ‘defensive use only’ vibe and an even heavier allowlist.
Goldman Sachs chief ‘hyper-aware’ of risks from Anthropic’s Mythos AI — The Guardian
Goldman talks up monitoring Mythos’s cyber capabilities while working with vendors, which is corporate for ‘we’re adopting the shark because the sharks are here.’
Regulators Keep Expanding the Perimeter
Whether it’s EU platform rules or China’s finance posture, the regulatory story keeps drifting from principles into machinery that changes incentives.
EU weighing tighter regulation for OpenAI under Digital Services Act — The Hindu
The Commission is analyzing whether ChatGPT’s reported user numbers trigger DSA ‘large online platform’ status, turning ‘chatbot feature’ into ‘compliance object.’
Artificial Intelligence in China’s Banking Sector: Promises, Perils, and Regulation — Oxford Law Blogs
A deep dive on China’s bank AI push and the innovation-forward regulatory posture, contrasting ‘develop first’ approaches with the EU’s more formal ‘regulate first’ instincts.
Singularity Soup Take: Assistants that behave like platforms will get regulated like platforms, which is the least fun way to learn what ‘45 million users’ really means.
Compute Reality Check (And Your Shoes Are Still Missing)
The vibe shift continues, performance improves, adoption accelerates, and the infrastructure bill (power, water, chips, uptime) shows up like a tax collector.
Want to understand the current state of AI? Check out these charts. — MIT Technology Review
MIT Technology Review walks through Stanford’s 2026 AI Index, with charts on model performance, adoption, data-center power and water use, and the general sensation of governance chasing a rocket.
The AI industry is running out of compute, with outages, rationing, and rising GPU prices — The Decoder
A compute-crunch roundup: outages, rationing, rising GPU prices, and providers reshaping limits and pricing, because the real frontier is still ‘how many GPUs exist.’
Singularity Soup Take: The next competitive moat is boring: uptime, power contracts, and GPU allocation. Glamour is optional, capacity is not.
Corporate Weirdness, Fully Automated
Meta creating AI version of Mark Zuckerberg so staff can talk to the boss — The Guardian
Meta reportedly trains a Zuckerberg AI character for employee Q&A, proving the future of work is, in fact, meeting your manager’s digital clone.
Consumer Assistants: More Capable, Slightly Less Confused
Google Home rolls out more Gemini voice updates for music, notes, more — 9to5Google
Google’s Gemini voice experience for Home gets upgrades for playlists, notes and lists, and fewer interruptions, so your smart speaker might finally stop confidently mishearing you.
Today's Pulse: 15 stories tracked across 13 sources — 9to5Google, AWS, Built In, CIO Dive, CyberScoop, Google Cloud (GTIG), Help Net Security, MIT Technology Review, OpenAI, Oxford Law Blogs, The Decoder, The Guardian, The Hindu