Two Lines of Code to Lock Down Your Agents - Mastra Studio Auth

OpenAI Buys TBPN, Anthropic DMCA's 8,000 Repos, Milla Jovovich Builds Memory (This Week In AI)

OpenAI acquired TBPN — the daily tech news show — announced the day after April Fools. TBPN built an independent voice in tech media over eighteen months, and OpenAI saw that as worth buying. AI companies acquiring media is a new pattern. Anthropic spent $400M on Coefficient Bio, a biotech startup building an AI drug R&D platform. OpenAI made a similar move last year — the race to own AI-powered healthcare is on. Claude Code drama hit peak levels. Anthropic's DMCA nuked ~8,100 GitHub repos after last week's source code leak. Then Claude subscriptions stopped covering third-party tools like OpenClaw — with a $200 credit as a peace offering. The detection is just a string match on "OpenClaw" in the system prompt. And Claude Code now refuses to analyze its own source. Anthropic published research on emotion concepts in LLMs — internal representations that drive Claude's behavior, like a "desperation" vector that activates when it fails repeatedly. Microsoft 365 connectors are shipped on every Claude plan. Google dropped Gemma 4, claiming the most capable open models in the world. Gmail announced AI Inbox with smart prioritization for AI Ultra subscribers. Cursor 3 launched, rebuilt for agent-first workflows. Keith from Superset joined live — their users have shrunk Cursor usage from 90% to 10%. CodeRabbit shipped autofix. Lovable launched a full-stack visual editor. Design mode is becoming table stakes across every platform. Netflix dropped its first public model on HuggingFace — a video-to-video model. Arcee released Trinity-Large-Thinking under Apache 2.0. Rhys Sullivan wrote "The Execution Layer" — arguing that bash was the accidental first execution layer for agents and it's breaking down. His proposal: TypeScript. He built Executor to prove it. Theo backed it: agents are good at bash, bash is not good for agents. Axios was compromised via social engineering — attackers cloned a founder's identity, set up a branded Slack, ran a fake Teams meeting, and got a publish token. Because Axios is so foundational, compromised downstream projects may not even know yet. Quick hits: MemPalace claims 100% on LongMemEval, but got community-noted — scores use targeted fixes and reranking. Sarah Wooders argues memory is the harness, not a plugin. Braintrust shared why they built Brainstore for agent observability. Mintlify built a virtual filesystem instead of RAG. 🔗 LINKS https://openai.com/index/openai-acquires-tbpn/ https://x.com/pitdesi/status/2039858374154862645 https://x.com/k1rallik/status/2039686500619534818 https://x.com/bcherny/status/2040206440556826908 https://x.com/steipete/status/2040811558427648357 https://x.com/theo/status/2041016477047034012 https://x.com/anthropicai/status/2039749628737019925 https://x.com/claudeai/status/2040086268562842097 https://x.com/OfficialLoganK/status/2039735606268314071 https://x.com/gmail/status/2039107985281008078 https://x.com/cursor_ai/status/2039768512894505086 https://x.com/coderabbitai/status/2039727972555555009 https://x.com/lovable/status/2039719647424258164 https://x.com/fffiloni/status/2039992515604983994 https://x.com/arcee_ai/status/2039369121591120030 https://x.com/RhysSullivan/status/2030903539871154193 https://executor.sh https://x.com/flaviocopes/status/2039973060158095827 https://github.com/milla-jovovich/mempalace https://x.com/sarahwooders/status/2040121230473457921 https://x.com/ankrgyl/status/2041209003859136848 https://x.com/densumesh/status/2039765361533637016 📚 MASTRA RESOURCES https://mastra.ai https://x.com/mastra_ai https://mastra.ai/community/discord https://github.com/mastra-ai https://mastra.ai/course https://mastra.ai/books/principles-of-building-ai-agents https://mastra.ai/books/patterns-of-building-ai-agents WHAT IS MASTRA? Mastra is an open-source TypeScript framework for building AI-powered applications and agents. It supports the full lifecycle from prototype to production with integrations for React, Next.js, and Node. 00:00 — Live from Victory Hall, San Francisco 00:51 — OpenAI acquires TBPN 05:11 — Anthropic acquires Coefficient Bio for $400M 06:07 — Claude Code drama: DMCA takedowns, third-party blocks & string matching 08:23 — Anthropic research: emotion concepts in LLMs 09:05 — Claude gets Microsoft 365 connectors 09:17 — Gemma 4: Google's open weight models 10:20 — Gmail AI Inbox 11:38 — Cursor 3 13:19 — CodeRabbit Autofix & Lovable visual editor 15:13 — New models: Netflix, Arcee Trinity 16:00 — The Execution Layer: Is bash the right tool for agents? 17:34 — Axios compromised via social engineering 19:02 — Quick hits: MemPalace, memory as harness, Brainstore, Mintlify

Anthropic Leaked Their Own Source Code, OpenAI Raised $122b, and Axios Got Hacked (This Week In AI)

Shane and Abhi bring you your weekly roundup of AI news! Claude Code's entire source code leaked via an exposed .map file in npm — 512,000 lines of TypeScript, 50K GitHub stars before DMCAs started flying. What people found: Claude Code uses ~20 tools, and there's a regex that silently logs user frustration to analytics. Same week, a CMS misconfiguration exposed a draft blog post revealing Mythos and Capybara — a new model tier above Opus described as posing "unprecedented cybersecurity risks." Fortune separately confirmed a source saying Opus 5 is "so good it poses a danger." Claude Code auto mode shipped — a classifier between constant interrupts and the skip-permissions flag. Computer use landed in Claude Code too, letting it open apps and click through UI from the CLI. Rate limits were tightened during peak hours to community backlash. A federal judge blocked the Pentagon's attempt to label Anthropic a supply chain risk. A North Korea-linked group hijacked the npm account of Axios' lead maintainer and published malicious versions that stole env variables then cleaned up after themselves. With ~100M weekly downloads and Claude Code depending on Axios, the blast radius was significant. An Anthropic researcher also demoed Claude finding a zero-day in Ghost in 90 minutes. Agents are the new hackers, and the hackers have agents too. OpenAI closed $122B at an $852B valuation. Sora is shutting down. Mistral raised $830M for an NVIDIA-powered EU data center. Redpoint's 2026 market update argues this isn't the dot-com bubble, while noting agent maturity is early, and incumbents face a structural disadvantage against AI-native startups. Rapid fire: Gemini 3.1 Flash Live, Veo 3.1 Lite, pg-micro, Cloudflare runs Kimi K2.5, OpenCode remote sandboxes, Chroma 20B search agent, Cohere open-source transcription, Linear says issue tracking is dead, Microsoft M365 council mode, Mario Zechner's "Slow the fuck down," GLM-5.1, Google Translate live in headphones. AI Agents Hour is a weekly livestream by Mastra CPO Shane Thomas and CTO Abhi Aiyer. Mondays 12PM Pacific. 📚 READ MORE Claude Code leak: https://x.com/fried_rice/status/2038894956459290963 Frustration tracking: https://x.com/rahatcodes/status/2038995503141065145 Axios attack: https://x.com/mvxvvll/status/2038797094861918332 Claude zero-day: https://x.com/chiefofautism/status/2037951563931500669 OpenAI $122B: https://x.com/sawyermerritt/status/2039073153922539901 Sora shutdown: https://x.com/soraofficialapp/status/2036546752535470382 Auto mode: https://x.com/claudeai/status/2036503582166393240 Computer use in Code: https://x.com/claudeai/status/2038663014098899416 Mythos/Capybara: https://x.com/testingcatalog/status/2037394888577216617 Opus 5 danger: https://x.com/kimmonismus/status/2037461154088296748 Rate limits: https://x.com/trq212/status/2037254607001559305 Pentagon ruling: https://www.cnn.com/2026/03/26/business/anthropic-pentagon-injunction-supply-chain-risk Mistral $830M: https://x.com/ft/status/2038531872272040374 Redpoint market update: https://www.redpoint.com/reports/2026-market-update/ Gemini 3.1 Flash Live: https://x.com/officiallogank/status/2037187750005240307 pg-micro: https://x.com/glcst/status/2037254698898432278 OpenCode sandboxes: https://x.com/jlongster/status/2036924361379037224 Linear: https://x.com/linear/status/2036502198062821842 📚 MASTRA RESOURCES Mastra: https://mastra.ai Mastra on X: https://x.com/mastra_ai Mastra Discord: https://mastra.ai/community/discord Mastra GitHub: https://github.com/mastra-ai Learn Mastra in the world's first MCP-Based Course: https://mastra.ai/course Principles of Building AI Agents (Book): https://mastra.ai/books/principles-of-building-ai-agents Patterns for Building AI Agents (New Book): https://mastra.ai/books/patterns-of-building-ai-agents MASTRA? Mastra is an open-source TypeScript framework designed for building and shipping AI-powered applications and agents with minimal friction. It supports the full lifecycle of agent development—from prototype to production. You can integrate it with frontend and backend stacks (e.g., React, Next.js, Node) or run agents as standalone services. If you're a JavaScript or TypeScript developer looking to build an agentic or AI-powered product without starting from first principles, Mastra provides the scaffolding, tools, and integrations to accelerate that process. 00:00 — Claude Code source code leaked  04:30 — Axios supply chain attack 06:11 — Claude finds a zero-day in Ghost in 90 minutes 06:50 — OpenAI closes $122B round at $852B valuation 08:24 — Sora is shutting down 11:03 — Anthropic ships: auto mode & computer use in Claude Code 11:41 — Mythos & Capybara: Anthropic's next model tier leaked 14:35 — Claude rate limits tightened during peak hours 15:51 — Judge blocks Pentagon's supply chain risk label on Anthropic 16:08 — Mistral $830M & Redpoint's 2026 AI market update 20:45 — Rapid fire: Google, pg-micro, OpenCode, Chroma, Cohere & more

Claude Uses Your Computer, Openai Buys Python Tools & The Cursor/Kimi Plot Twist (This Week In AI)

Shane and Abhi kick off with a viral quote: if your $500K engineer isn't burning $250K in tokens, something is wrong. OpenAI is acquiring Astral — the team behind uv and Ruff — joining the Codex team. OpenAI bets on Python; Anthropic bet on TypeScript with Bun. Then Cursor drama: someone found Composer 2 is powered by Kimi K2.5, Kimi confirmed it, and raised another $1B at an $18B valuation — three rounds in 90 days. Anthropic shipped Claude Code Channels (Telegram/Discord control), Cowork Dispatch (persistent agent, message from phone), and a deep dive on how they use Skills. Matt Pocock found quality drops past 100K on the 1M context window. And 52 million views on enabling Claude to use your computer — Mac only. Stripe launched MPP for agent-to-agent payments. Better Auth launched the Agent Auth Protocol. Cloudflare shipped Dynamic Workers for AI-generated code in isolates. LangChain open-sourced Deep Agents, Composio shipped 30-parallel-agent orchestration, OpenCode lost its Claude Max plugin after Anthropic sent lawyers, and Netlify and Google Stitch entered vibe coding and design. EsoLang-Bench: LLMs score 85–95% on standard benchmarks but collapse to 0–11% on esoteric languages — memorization, not reasoning. Quick hits: GPT-5.4 mini/nano, Minimax M2.7, Morph FlashCompact, AI CMO, Letta pivots to coding agents, GLM-OCR, LiteLLM supply chain attack. AI Agents Hour is a weekly livestream by Mastra CPO Shane Thomas and CTO Abhi Aiyer. Mondays 12PM Pacific. 📚 READ MORE $500K engineers: https://x.com/sundeep/status/2034829022082080846 OpenAI acquires Astral: https://openai.com/index/openai-to-acquire-astral/ Cursor Composer 2: https://x.com/cursor_ai/status/2034668943676244133 Composer 2 is Kimi K2.5: https://x.com/fynnso/status/2034706304875602030 Kimi confirms: https://x.com/kimi_moonshot/status/2035074972943831491 Kimi raises $1B: https://x.com/CodeByPoonam/status/2034940587942846665 Claude Code Channels: https://x.com/trq212/status/2034761016320696565 Cowork Dispatch: https://x.com/felixrieseberg/status/2034005731457044577 Anthropic Skills post: https://x.com/trq212/status/2033949937936085378 1M context quality: https://x.com/mattpocockuk/status/2034572011175907474 Claude computer use: https://x.com/claudeai/status/2034991044109184388 Stripe MPP: https://stripe.com/blog/machine-payments-protocol Agent Auth Protocol: https://github.com/better-auth/agent-auth-protocol Cloudflare Dynamic Workers: https://x.com/CloudflareDev/status/2034510221044736342 LangChain Deep Agents: https://x.com/hasantoxr/status/2033213054859792859 Composio Orchestrator: https://x.com/hasantoxr/status/2033999352008741376 OpenCode/Anthropic: https://x.com/thdxr/status/2034730036759339100 Netlify: https://x.com/Netlify/status/2034303709832773711 Google Stitch: https://stitch.withgoogle.com EsoLang-Bench: https://arxiv.org/abs/2603.09678 GPT-5.4 mini: https://x.com/openai/status/2033953592424731072 Morph FlashCompact: https://x.com/morphllm/status/2033968877345116200 📚 MASTRA RESOURCES Mastra: https://mastra.ai Mastra on X: https://x.com/mastra_ai Mastra Discord: https://mastra.ai/community/discord Mastra GitHub: https://github.com/mastra-ai Learn Mastra in the world's first MCP-Based Course: https://mastra.ai/course Principles of Building AI Agents (Book): https://mastra.ai/books/principles-of-building-ai-agents Patterns for Building AI Agents (New Book): https://mastra.ai/books/patterns-of-building-ai-agents WHAT IS MASTRA? Mastra is an open-source TypeScript framework designed for building and shipping AI-powered applications and agents with minimal friction. It supports the full lifecycle of agent development—from prototype to production. You can integrate it with frontend and backend stacks (e.g., React, Next.js, Node) or run agents as standalone services. If you're a JavaScript or TypeScript developer looking to build an agentic or AI-powered product without starting from first principles, Mastra provides the scaffolding, tools, and integrations to accelerate that process. 00:00 — If your $500K engineer isn't burning $250K in tokens, something is wrong 01:36 — OpenAI acquires Astral 02:31 — Cursor's Composer 2 is secretly Kimi K2.5 05:35 — Kimi raises another $1B 05:57 — Anthropic ships 08:00 — Opus 4.6 1M context: quality drops noticeably past 100K tokens 08:46 — Claude can now use your computer (Mac only) 11:02 — Stripe's Machine Payments Protocol 12:28 — Better Auth launches the Agent Auth Protocol 13:12 — Cloudflare Dynamic Workers & the vibe coding platform wave 14:08 — LangChain Deep Agents, Composio's 30-agent orchestrator & cloud coding agents 17:00 — OpenCode removes the Claude Max plugin 19:26 — Google Stitch & Netlify's prompt-to-project 19:59 — LLMs aren't reasoning, they're memorizing 21:09 — Quick hits: GPT-5.4 mini, Minimax M2.7, Morph FlashCompact, AI CMO 23:55 — Letta goes all-in on coding agents, GLM-OCR 24:46 — LiteLLM supply chain attack

Email Broke Productivity - It's Time To Fix It (with Brett and Naveen from Micro)

Brett Goldstein and Naveen Sreekandan from Micro join Shane and Abhi to talk about why they believe the future of productivity looks completely different from what we have today. Micro is an all-in-one productivity platform: email client, CRM, calendar, tasks, docs, meeting notes, and a powerful AI agent,  all built on a unified graph where every object (like emails, people, companies, meetings, documents) is interconnected. The thesis is simple but bold: email isn't just a list of messages to get through. It's the world's most-used CRM, travel app, hiring tool, and developer notification system. Micro restructures that data so each use case actually feels like the right tool for the job — your sales pipeline as a Kanban board, your GitHub notifications as a task board, your contacts fully enriched from every email and meeting you've ever had. Brett walks us through the demo: the daily orchestrator automation that audits itself, updates its own prompt, generates your day plan, and has even prepped talking points for this interview. Context docs let the agent know everything it needs. The CRM auto-fills and auto-updates from emails and meeting notes. The X integration lets the agent pull recent posts from anyone you're about to meet. Naveen covers the architecture: built on Mastra, using agent and workflow primitives on top of a graph-based data model backed by Postgres with a custom query layer called Prism. One main agent with dynamic context injection handles both chat and automations — the agent knows whether it's in automation mode (just give the output) or chat mode (ask follow-up questions). Supermemory powers vector search. Dedicated sub-agents handle specific workflows, such as email labeling and meeting note summarization.  🔗 Brett Goldstein on X: https://x.com/thatguybg 🔗 Naveen's website: https://naveen.works 🔗 Micro on X: https://x.com/microHQ 🔗 Micro: https://micro.so 📚 MASTRA RESOURCES Mastra: https://mastra.ai Mastra on X: https://x.com/mastra_ai Mastra Discord: https://mastra.ai/community/discord Mastra GitHub: https://github.com/mastra-ai Learn Mastra in the world's first MCP-Based Course: https://mastra.ai/course Principles of Building AI Agents (Book): https://mastra.ai/books/principles-of-building-ai-agents Patterns for Building AI Agents (New Book): https://mastra.ai/books/patterns-of-building-ai-agents MASTRA? Mastra is an open-source TypeScript framework designed for building and shipping AI-powered applications and agents with minimal friction. It supports the full lifecycle of agent development—from prototype to production. You can integrate it with frontend and backend stacks (e.g., React, Next.js, Node) or run agents as standalone services. If you’re a JavaScript or TypeScript developer looking to build an agentic or AI-powered product without starting from first principles, Mastra provides the scaffolding, tools, and integrations to accelerate that process. 00:00 — What is Micro? The all-in-one tool that organizes itself 02:20 — Why productivity tools keep failing (and why we gaslight ourselves about it) 03:08 — Email is a super app 06:05 — Demo: the Micro interface, inbox, calendar & meeting notes 06:47 — Demo: autofill, status, and company profiles 07:56 — Demo: the daily orchestrator automation and what it prepared for this show 11:37 — Demo: the CRM 12:22 — Context docs 13:34 — Architecture: how Mastra, Postgres & Prism power the graph 15:04 — Background workflows 15:50 — One agent or many? 17:07 — Memory deep dive: graph profiles, RAG & Supermemory 18:28 — Compaction, Mastra v1 & observational memory 19:40 — How to try Micro

Two Lines of Code to Lock Down Your Agents - Mastra Studio Auth

Mastra Studio started as a local playground for developers to test agents and workflows without having to spin up a custom UI. But as the feature set grew, teams started asking: how do we share this with non-technical teammates? How do we control what different users can do? Ryan, an engineer at Mastra, walks through the new Mastra Studio Auth — now baked directly into Studio. Starting with simple token-based auth (two lines of config), you can lock down your Studio from the open internet. From there, RBAC lets you map roles to granular permissions — 80 auto-generated permissions derived directly from Studio's routes and handlers, controllable via wildcard patterns. Out-of-the-box providers include WorkOS, Auth0, Supabase, Firebase, and Clerk, with GitHub and others in open PRs. The team also discusses what's coming next: audit logs so you can see exactly what an agent did, why it accessed a given tool, and whether it should have. Auth for agents in production isn't magic — your tool files still need to check permissions — but Mastra handles the plumbing so you can focus on building securely. Read more: https://mastra.ai/blog/announcing-studio-auth AI Agents Hour is a weekly livestream hosted by Mastra CPO Shane Thomas and CTO Abhi Aiyer. Airing Mondays at 12PM Pacific on YouTube and X, the show covers breaking AI news, agent development techniques, and features interviews with industry experts building AI applications today. 📚 MASTRA RESOURCES Mastra: https://mastra.ai Mastra on X: https://x.com/mastra_ai Mastra Discord: https://mastra.ai/community/discord Mastra GitHub: https://github.com/mastra-ai Learn Mastra in the world's first MCP-Based Course: https://mastra.ai/course Principles of Building AI Agents (Book): https://mastra.ai/books/principles-of-building-ai-agents Patterns for Building AI Agents (New Book): https://mastra.ai/books/patterns-of-building-ai-agents MASTRA? Mastra is an open-source TypeScript framework designed for building and shipping AI-powered applications and agents with minimal friction. It supports the full lifecycle of agent development—from prototype to production. You can integrate it with frontend and backend stacks (e.g., React, Next.js, Node) or run agents as standalone services. If you’re a JavaScript or TypeScript developer looking to build an agentic or AI-powered product without starting from first principles, Mastra provides the scaffolding, tools, and integrations to accelerate that process. 📌 CHAPTERS 00:00 — Why Mastra Studio needed auth 01:22 — Token-based auth: the simplest setup 02:32 — RBAC: roles, permissions & wildcards 05:00 — Auth for agents vs auth for humans 06:41 — Think securely! 07:22 — Supported providers & what's coming next