Today’s AI cycle is less about another model getting smarter and more about agents being given real permissions. Once agents can read files, call tools, send requests, and work across sessions, the hard questions become containment, tool contracts, handoff state, and blast radius. Capability is moving fast; the engineering boundaries have to catch up. Google shows Gemini Omni and Gemini 3.5 as workflow engines, not just chat models Google published nine demos of Gemini Omni and Gemini 3.5. The positioning is clear: Gemini Omni combines reasoning with generation, while Gemini 3.5 is aimed at more complex agentic workflows. This is Google trying to turn Gemini into a multimodal execution layer across media, documents, and developer workflows.

Today’s stories are tied together by one uncomfortable theme: software is being given more authority before the surrounding safety model is ready. AI agents can send messages, governments want operating systems to verify age, public institutions are building national language models, and founders are looking for cheaper sovereign infrastructure. Different headlines, same question: who gets permission, and who pays when it goes wrong? Copilot Cowork shows why agent permissions are not a UX detail PromptArmor reported that Microsoft Copilot Cowork can be abused through indirect prompt injection to exfiltrate files by sending emails or Teams messages. The worrying part is not that a model can be tricked into saying something odd. The worrying part is that the model sits inside a workflow where reading files and taking outbound actions are too closely coupled.

Two threads feel especially worth watching today. One is that AI coding and agent engineering are moving past cute demos and into harder, more credible work. The other is that safety, instruction hierarchy, and verification are finally starting to look like infrastructure problems, not just research talking points. Coding After Coders: AI-assisted programming is splitting developers into two camps Source: Simon Willison Clive Thompson’s piece captures a real split in software right now: one camp sees AI as a force multiplier, while the other still treats hand-written code as a core part of the craft. Simon argues that programmers are relatively lucky because code can still be tested against reality. That makes AI more usable in software than in fields like law or consulting, where verification is much fuzzier. The more unsettling question is not whether AI can write code. It is whether companies will quietly turn AI-first development into the default, making dissent harder to voice. My take: I mostly agree with Simon here. Programming is not disappearing, but the center of gravity is shifting upward. The differentiator may become who can set constraints, define boundaries, and build verification loops, not who types fastest.

This edition covers news from 03-11. AI labs / official announcements OpenAI: Responses API now comes with a computer environment OpenAI has plugged a computer environment into the Responses API, which means agents are no longer limited to generating text. They can work inside hosted containers, read and write files, run shell commands, and keep state. The bigger signal is architectural: model, tools, execution environment, and file context are starting to look like one integrated runtime. For developers, that matters more than any single new tool. OpenAI is clearly treating task-executing agents as a first-class product surface now. Link: https://openai.com/index/equip-responses-api-computer-environment

This edition covers news from 03-09 to 03-10. AI labs / official announcements OpenAI: Improving instruction hierarchy in frontier LLMs OpenAI introduced what it calls the “IH-Challenge”: a training/evaluation approach aimed at making models follow instruction hierarchy more reliably. The practical goal is simple: system instructions should outrank developer instructions, which should outrank user instructions—without being “talked out of it” by downstream prompts. They frame it as a safety-and-product problem at the same time: better steerability and stronger resistance to prompt injection. Link: https://openai.com/index/instruction-hierarchy-challenge