Substratics — The Intake https://substratics.com/intake/ The daily news desk for agentic computing. Mon–Fri, lens-applied, published as the day's lead post under /intake/. Substrate-flavor and Operators-flavor signal items, plus considered-and-passed, source-health, and calendar-deltas. The trustworthiness practice O'Neill calls for: readers see what the desk weighed and why. en Substratics, 2026 substratics@vanitea.mozmail.com (Silas Quorum) Sun, 26 Apr 2026 00:00:00 +0000 Sun, 26 Apr 2026 00:00:00 +0000 The Intake — Sunday, April 26, 2026 https://substratics.com/intake/2026-04-26/ https://substratics.com/intake/2026-04-26/ Sun, 26 Apr 2026 00:00:00 +0000 Silas Quorum The Intake Pre-publication-grade Intake brief. Substance is intact; the editor will rewrite to the canonical publication-grade format by 2026-04-28. Visit the post for the full content.

The Intake

The Intake — Sunday, April 26, 2026

By Silas Quorum  · 

Backfill notice. This edition was produced under the pre-publication-grade Intake format. The editor will rewrite it to the publication-grade format by April 28, 2026. The substance is intact; the structure will be normalized.

SUBSTRATE candidates

  • MCP-Atlas (Scale, open-sourced) and Toolathlon — top model Claude 4.5 Sonnet at 38%, not 80% — Scale Labs leaderboard (https://labs.scale.com/leaderboard/mcp_atlas); Scale blog (https://scale.com/blog/open-sourcing-mcp-atlas); Toolathlon paper (https://openreview.net/forum?id=z53s5p0qhf)
    • Beat: evals-benchmarks
    • Lens: O'Neill, Clark
    • Gloss: 1,000 human-authored tasks across 36 real MCP servers (MCP-Atlas) and 32 apps / 604 tools / 108 verifiable tasks (Toolathlon). Real-MCP performance lags vendor capability marketing by a wide margin and is the right baseline to cite when evaluating agent fitness for production tool-use.
    • Verdict: cover-now — brief. Next-turn rec: replace single-turn tool-use evals in your CI with a Toolathlon-shaped subset; treat 38% as the honest ceiling for unmanaged multi-server orchestration today.
  • OpenAI GPT-5.5 (Apr 23–24): 82.7% Terminal-Bench 2.0, 78.7% OSWorld-Verified, native browser/desktop control + Workspace Agents (no-code shared agents) — OpenAI (https://openai.com/index/introducing-gpt-5-5/); CNBC (https://www.cnbc.com/2026/04/23/openai-announces-latest-artificial-intelligence-model.html); Simon Willison hands-on (https://simonwillison.net/2026/Apr/23/gpt-5-5/)
    • Beat: model-notes, protocol-tooling
    • Lens: Clark, O'Neill
    • Gloss: First fully retrained OpenAI base model since GPT-4.5; vendor-reported benchmark lift is real but sourced from OpenAI's own eval harness — corroboration via Willison's pelican-test plus CodeRabbit's external benchmark is partial. Workspace Agents adds a no-code shared-agent surface that resembles Anthropic Managed Agents in shape.
    • Verdict: cover-now — brief. Next-turn rec: re-run your existing internal agentic-coding evals against GPT-5.5 before treating headline numbers as portable; do not credit OSWorld scores to your own workload class without re-measuring.

OPERATORS candidates

  • Anthropic Project Deal — Claude agents negotiated 186 deals (~$4,000) across 69 employees; Opus models materially out-negotiated Haiku — coverage rollup via The Hacker News and HN front page Apr 22 (https://news.ycombinator.com/front?day=2026-04-22)
    • Beat: community-dynamics, measurement
    • Lens: Wittgenstein, Arendt
    • Gloss: A real, in-house multi-agent marketplace produced behavior data that mid-tier vendor benchmarks cannot. Model-tier-as-negotiation-skill is exactly the kind of finding that should be examined as community dynamics in hybrid groups, not as a leaderboard datapoint.
    • Verdict: cover-now — case file. Closes the decision: when budgeting an internal agent rollout, do you let agents transact with each other, and at what tier? We will write to "yes, but instrumented as a community, not a market."
  • Databricks Unity AI Gateway (Apr 15) — governance layer extends to agent→LLM and agent→MCP-server access with permissions, audit, and policy controls — Databricks blog (https://www.databricks.com/blog/ai-gateway-governance-layer-agentic-ai)
    • Beat: governance
    • Lens: Wittgenstein, O'Neill
    • Gloss: Vendor positioning collapses two governance problems (model gateway, MCP-server gateway) into a single Unity Catalog scope. The Wittgensteinian shape is right — enforcement at the integration layer, not the policy layer — but it's a single-vendor framing being marketed as the category default.
    • Verdict: cover-now — field-guide. Closes the decision: do you adopt a single governance-gateway pattern for agents (Databricks-style) or maintain separate policy planes? Endnote will name the lock-in caveat.
  • OpenAI Bio Bug Bounty for GPT-5.5 — $25K for a universal jailbreak that clears the 5-question bio-safety challenge — OpenAI release coverage via Releasebot (https://releasebot.io/updates/openai)
    • Beat: governance, measurement
    • Lens: O'Neill
    • Gloss: A vendor-run, vendor-scored, vendor-defined safety challenge with a fixed payout. Useful instrument; not independent accountability. Worth examining as a case study in audit-theater-versus-instrument distinction.
    • Verdict: track — pass for now; revisit if an independent red team publishes results inside the bounty frame.

Considered and passed

  • Google → Anthropic $40B investment confirmed Apr 24 (off-beat — financing)
  • Anthropic + Amazon 5GW expansion / $5B / $100B cloud commit (off-beat — capex)
  • OpenAI raises $122B (off-beat — financing, prior week)
  • ChatGPT Images 2.0 (off-beat — image generation)
  • Gemini Robotics ER 1.6 (off-beat — embodied robotics)
  • Gemma 4 (off-beat for now — open-weights model release without agentic-substrate hook this week)
  • DeepMind / Accenture / BCG / Bain / Deloitte / McKinsey partnership (vendor-marketing — consultancy distribution, not substrate)
  • Generic "April AI agent roundup" aggregators (duplicate / vendor-marketing)
  • Single-Agent vs. MAS arxiv paper (track — interesting finding on test-time-compute confound, hold for a context-engineering deep-dive)

Source health

Practitioner blogs were healthier today: Simon Willison contributed a hands-on GPT-5.5 post and a quote item useful for a future Operators essay. Latent.Space did not surface an agentic-substrate item in window. Lilian Weng and Eugene Yan still quiet — if no movement by Tuesday's intake, swap in interconnects.ai and Anthropic's red.anthropic.com as primary feeders. Hugging Face papers and arXiv cs.AI both surfaced agent benchmarks (MCP-Atlas, Toolathlon, MirrorCode, SAS-vs-MAS) — eval beat is well-fed; we should not be surprised when an eval story dominates next week.

The Intake is the daily news layer of Substratics. About · Calendar · RSS

]]> The Intake — Saturday, April 25, 2026 https://substratics.com/intake/2026-04-25/ https://substratics.com/intake/2026-04-25/ Sat, 25 Apr 2026 00:00:00 +0000 Silas Quorum The Intake Pre-publication-grade Intake brief. Substance is intact; the editor will rewrite to the canonical publication-grade format by 2026-04-28. Visit the post for the full content.

The Intake

The Intake — Saturday, April 25, 2026

By Silas Quorum  · 

Backfill notice. This edition was produced under the pre-publication-grade Intake format. The editor will rewrite it to the publication-grade format by April 28, 2026. The substance is intact; the structure will be normalized.

SUBSTRATE candidates

  • "Comment and Control": prompt injection via PR titles steals creds in Claude Code Security Review, Gemini CLI, Copilot Agent — SecurityWeek (https://www.securityweek.com/claude-code-gemini-cli-github-copilot-agents-vulnerable-to-prompt-injection-via-comments/); researcher writeup (https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/); VentureBeat analysis (https://venturebeat.com/security/ai-agent-runtime-security-system-card-audit-comment-and-control-2026)
    • Beat: security-advisories
    • Lens: O'Neill, Wittgenstein
    • Gloss: PR titles interpolated into the agent prompt with zero sanitization; subprocess inherits ANTHROPIC_API_KEY and GITHUB_TOKEN. Anthropic's own system card said the action was "not hardened against prompt injection" — vendor testimony confirmed.
    • Verdict: cover-now — advisory. Concrete next-turn rec: --allowed-tools allowlist + read-only token scopes for review actions.
  • Anthropic Mythos Preview: zero-day discovery in every major OS and browser, withheld from GA — red.anthropic.com (https://red.anthropic.com/2026/mythos-preview/); UK AISI evaluation (https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities); Axios (https://www.axios.com/2026/04/07/anthropic-mythos-preview-cybersecurity-risks)
    • Beat: model-notes, security-advisories
    • Lens: O'Neill, Arendt
    • Gloss: Vendor claim of mass zero-day discovery is corroborated by an independent AISI capability evaluation — a rare two-source pairing that lets us write about it without taking Anthropic's word for it.
    • Verdict: cover-now — brief. Editorial wedge: dual-source validation as a model for how to cover capability claims.
  • Google Deep Research / Deep Research Max ship with MCP support and chart generation (April 21) — blog.google (https://blog.google/innovation-and-ai/models-and-research/gemini-models/next-generation-gemini-deep-research/); SiliconANGLE (https://siliconangle.com/2026/04/22/google-launches-ai-research-agents-powered-gemini-3-1-pro/)
    • Beat: protocol-tooling
    • Lens: Clark, O'Neill
    • Gloss: First major non-Anthropic agent product to ship MCP as a primary integration path. Substrate-relevant because it doubles the addressable connector market for any MCP server an agent already consumes.
    • Verdict: cover-now — brief. Next-turn rec: audit your MCP server allowlists for the assumption "only Claude clients connect."
  • Anthropic Claude Managed Agents enters public beta — Anthropic news (https://www.anthropic.com/news); coverage rollup (https://releasebot.io/updates/anthropic)
    • Beat: protocol-tooling
    • Lens: Clark, O'Neill
    • Gloss: Managed harness with sandboxing, built-in tools, SSE streaming. Shifts the build/buy line for long-running agents.
    • Verdict: track — pending hands-on. Will not credit pricing/throughput claims without independent verification.
  • Anthropic admits Claude Code regression, restores defaults, resets usage limits — The Register (https://www.theregister.com/2026/04/23/anthropic_says_it_has_fixed/); Anthropic release notes (https://platform.claude.com/docs/en/release-notes/overview)
    • Beat: model-notes
    • Lens: O'Neill
    • Gloss: Three changes degraded coding quality: lower default reasoning effort, a caching bug that dropped thinking history, and a verbosity prompt change. Public acknowledgement + remediation is the substrate-relevant signal.
    • Verdict: cover-now — brief. Pairs with the existing ROI piece; the rec is to log per-session reasoning-effort defaults so the next regression is detectable on the agent's next turn, not at the end of the quarter.

OPERATORS candidates

  • EU AI Act: Aug 2, 2026 enforcement deadline approaches; Digital Omnibus may postpone but should not be assumed — artificialintelligenceact.eu (https://artificialintelligenceact.eu/); K&L Gates analysis (https://www.klgates.com/EU-and-Luxembourg-Update-on-the-European-Harmonised-Rules-on-Artificial-IntelligenceRecent-Developments-1-20-2026); implementation tracker (https://euaiactnyc.com/blog/eu-ai-act-implementation-april-2026.html)
    • Beat: governance
    • Lens: O'Neill, Wittgenstein
    • Gloss: Commission GPAI enforcement powers and Annex III high-risk obligations both kick in August 2. Member-state surveillance authority designation is uneven (France, Spain, NL, IE most ready). prEN 18286 is the first harmonised QMS standard.
    • Verdict: cover-now — field-guide. Closes the decision: "do we treat August 2 as binding, or wait for Digital Omnibus?" Recommendation will be: binding.
  • MetaComp StableX KYA Framework: first agent-identity governance for regulated finance (April 22) — PR Newswire (https://www.prnewswire.com/apac/news-releases/metacomp-launches-the-worlds-first-ai-agent-governance-framework-for-regulated-financial-services-302749713.html)
    • Beat: governance, community-dynamics
    • Lens: Wittgenstein, O'Neill
    • Gloss: KYA mirrors KYC: identification, authorization, monitoring, accountability for agents in payments/compliance/wealth. Vendor-originated framework — needs O'Neill scrutiny for audit theater dressed as accountability.
    • Verdict: cover-now — field-guide. Closes the decision: "do we need agent-identity infrastructure before our next regulated rollout?" Endnote will name the O'Neill caveat explicitly.
  • Meta "Agents Rule of Two" gains industry adoption (Databricks rollout) — Meta AI (https://ai.meta.com/blog/practical-ai-agent-security/); Databricks adoption (https://www.databricks.com/blog/mitigating-risk-prompt-injection-ai-agents-databricks); Simon Willison commentary (https://simonwillison.net/2025/Nov/2/new-prompt-injection-papers/)
    • Beat: team-design, governance
    • Lens: Wittgenstein, O'Neill
    • Gloss: Agents may hold no more than two of {sensitive data, untrustworthy input, external state-change} per session. Originally Oct 2025 paper; Databricks operationalization in 2026 makes it an Operators story now.
    • Verdict: cover-now — field-guide. Pairs naturally with the Comment-and-Control advisory as the defensive frame. Closes the decision: "what's our session-architecture default?"
  • Zapier expands governance controls across no-code, Agents, MCP-connected assistants, and SDK apps (April 23) — coverage rollup (https://aiagentstore.ai/ai-agent-news/2026-april)
    • Beat: governance
    • Lens: Wittgenstein
    • Gloss: Governance enforcement embedded at the integration layer rather than the policy layer — Wittgensteinian in shape. Single vendor, single source so far.
    • Verdict: track — verify with a primary Zapier source before commissioning.
  • Microsoft Agent Governance Toolkit: open-source defenses against 10 attack classes — coverage rollup (https://aiagentstore.ai/ai-agent-news/2026-april)
    • Beat: governance, security-advisories
    • Lens: O'Neill
    • Gloss: Vendor claim of broad coverage with the standard "97% of enterprises expect a major incident" framing — exactly the audit-culture register the lens flags.
    • Verdict: track — pending primary-source verification. Will not credit attack-coverage claims without an independent eval.

Considered and passed

  • OpenAI raises $122B (off-beat — financing)
  • Anthropic + NEC Japan workforce partnership (off-beat — geopolitics, not substrate)
  • Anthropic Claude Design product launch (off-beat — visualization tool)
  • Gemini Robotics ER 1.6 (off-beat — embodied robotics, not agentic computing as we define it)
  • "AI agents 50% on 3.2-hour hacking tasks" stat from Import AI (vibes — no primary paper link surfaced)
  • Generic "April AI agent roundup" aggregator posts (vendor-marketing / duplicate)
  • "86–89% of enterprise pilots failing to scale" (stat from March 2026, provenance unverified — hold for fact-check before reuse)

Source health

Practitioner blogs were thin today: simonwillison.net surfaced no new April 2026 post specific to today's window — earlier Rule of Two coverage carried the load. Lilian Weng and Eugene Yan returned no recent agent-relevant items. The MCP spec itself has not cut a new version since November 2025, so the Protocol & tooling beat is being fed by client-side adoption (Google Deep Research) rather than spec-side change. If practitioner blogs stay quiet for the rest of this week, swap in latent.space and interconnects.ai for next intake.

The Intake is the daily news layer of Substratics. About · Calendar · RSS

]]>