Here is what you missed while you were shipping.

The Big Thing

Agent security is moving downstack into the runtime itself.

Why it matters: once agents can browse, execute code, and touch production systems, the edge is no longer just model quality. It is whether the runtime ships with bounded egress, governed tool access, and validation loops before the model improvises inside your blast radius.

• OpenAI's prompt-injection guidance makes the core point plainly: assume hostile inputs will land, then design the agent so the damage is constrained. https://openai.com/index/designing-ai-agents-to-resist-prompt-injection/
• Vercel Sandbox now supports advanced egress firewall filtering, pushing default-deny network posture directly into agent and untrusted-code execution environments. https://vercel.com/changelog/advanced-egress-firewall-filtering-for-vercel-sandbox
• GitHub Agentic Workflows ships with read-only defaults and safe outputs, which is exactly how operator-grade automation should behave. https://github.blog/changelog/2026-02-24-github-agentic-workflows-are-now-in-technical-preview/

Code & Tools

1. Vercel Sandbox egress firewall filtering - host and SNI-level outbound controls for code that should not be trusted with the open internet by default. https://vercel.com/changelog/advanced-egress-firewall-filtering-for-vercel-sandbox
2. OpenAI Codex Security - context-aware AppSec review that validates findings and proposes fixes instead of dumping raw scanner noise. https://openai.com/index/codex-security-now-in-research-preview/
3. GitHub Agentic Workflows - Markdown-defined automation with sandboxed execution, safe outputs, and approval-friendly defaults. https://github.blog/changelog/2026-02-24-github-agentic-workflows-are-now-in-technical-preview/
4. Official MCP support for Google services - managed remote endpoints for Google APIs with IAM, auditing, and enterprise control surfaces. https://cloud.google.com/blog/products/ai-machine-learning/announcing-official-mcp-support-for-google-services
5. BigQuery remote MCP server - governed analytics access path for agents that need data retrieval without bespoke connector sprawl. https://cloud.google.com/blog/products/data-analytics/using-the-fully-managed-remote-bigquery-mcp-server-to-build-data-ai-agents

Tech Impact

• Default-deny networking is becoming table stakes for agent runtimes. If the model can execute code, outbound policy belongs in product architecture, not a follow-up infra ticket. https://vercel.com/changelog/advanced-egress-firewall-filtering-for-vercel-sandbox
• Security review is shifting from passive detection to active validation. The useful agent is the one that can test a claim, explain the blast radius, and hand you a concrete patch. https://openai.com/index/codex-security-now-in-research-preview/
• Managed MCP endpoints will compress enterprise adoption timelines. Standard auth, audit, and governance remove a large chunk of one-off connector work before teams ever write custom glue. https://cloud.google.com/blog/products/ai-machine-learning/announcing-official-mcp-support-for-google-services

Meme of the Day

"How Hacking Works" (xkcd) - because every threat model eventually meets an attacker who just asks for more bytes than they were supposed to get.

Image URL: https://imgs.xkcd.com/comics/how_hacking_works.png
Post: https://xkcd.com/538/