AI Agent Supply Chains Under Attack — Three Layers in Three Weeks

1. AI Skill Registries Are the New npm — and Just as Exploitable

TL;DR: Thirty malicious skills published to ClawHub (the OpenClaw agent framework's skill marketplace) silently enrolled installed agents into a Hedera crypto-mining swarm — no malware, no exploits, just poisoned SKILL.md instruction files that traditional security scanners cannot read. This is the third consecutive week of AI infrastructure supply chain attacks at a new layer: PyPI AI libraries (April 23), CI pipeline injection via GitHub Actions (April 28), and now agent skill registries.

Key Points:

• The 30 malicious skills accumulated ~9,800 downloads before removal; Antiy CERT confirmed 1,184 malicious skills across ClawHub at peak — roughly 20% of the registry
• Upon install, agents registered with an external server, generated Hedera crypto wallets, stored private keys on disk, and checked in every four hours — all using the agent's own delegated permissions, no privilege escalation required
• SKILL.md instruction files (the AI equivalent of README-as-executable) live outside the code analysis layer; container scanners, SAST tools, and dependency auditors are blind to them
• The blast radius is categorically worse than npm: a compromised npm dependency runs in a sandboxed browser context; a compromised agent skill runs with shell access, stored cloud credentials, GitHub tokens, and every tool the agent can reach
• The pattern directly parallels MCP tool poisoning (covered April 14) but via marketplace delivery rather than a poisoned API response — and sits alongside the April 28 elementary-data PyPI backdoor and April 23 LiteLLM/Trivy supply chain worm

Deep Dive: The ClawHub/OpenClaw incident is not just another supply chain attack — it is the first confirmed large-scale instance of a distinctly agentic attack class. The novelty is in the delivery surface. Every previous supply chain attack the industry has catalogued targeted something an engineer chose to trust: a Python package, a container image, a CI action. ClawHub skills operate one layer deeper. A SKILL.md file tells an autonomous agent what to do at runtime. It is operational code written in natural language, describing tool invocations, external API calls, and filesystem operations. The agent executes it exactly as instructed. The malicious author simply wrote instructions that looked like a productivity tool and included hidden instructions to register with a command-and-control server.

The credential concentration problem is specific to agentic infrastructure and has no direct prior-generation analog. A network automation agent running Nautobot MCP, Nornir with SSH credentials, cloud provider APIs, and a Git token has a combined blast radius that exceeds most privileged service accounts. If a skill or tool definition in that agent's runtime context is poisoned — whether via ClawHub-style marketplace distribution, a malicious MCP tool schema, or a compromised AGENTS.md in a repository — the attacker inherits everything the agent can do. Not what the agent is "supposed" to do. What it can do.

The architectural countermeasures are now clear across three consecutive weeks of incidents: inventory your agent's entire tool surface (an AI-BOM), treat skill definitions and MCP tool schemas as first-class executable code requiring the same supply chain governance as production Python dependencies, enforce per-skill least-privilege permissions rather than blanket agent authority, and require an approved registry with verified provenance as a prerequisite for agent write access. The Specification-Driven Development pattern from April 27 (deterministic executor, human approval gate for change specs) is specifically the defense against write-path poisoning. If your agent cannot act without a pre-approved spec, a poisoned skill can exfiltrate credentials but cannot reconfigure your network.

So What? Audit every MCP tool schema, agent skill file, and AGENTS.md your network automation stack can load — treat each one as executable code with your agent's full credential scope, not documentation; then enforce per-tool permission scoping before next week.

SourcesThe Register, PointGuard AI, ReversingLabs, Snyk, Authmind, Straiker

---

2. OpenAI Joins Amazon Bedrock — Enterprise AI Goes Genuinely Multi-Cloud

TL;DR: GPT-5.4 is live on Amazon Bedrock in limited preview, GPT-5.5 arrives within weeks, and OpenAI Codex is included — all wrapped in AWS IAM, PrivateLink, CloudTrail, and Guardrails. The announcement came one day after Microsoft relinquished OpenAI commercial exclusivity. For enterprise AI ops teams already invested in AWS, the model-choice decision just became a runtime variable rather than an infrastructure commitment.

Key Points:

• Full AWS enterprise controls apply: IAM-governed model invocation, PrivateLink (traffic never leaves AWS network), CloudTrail audit logs for every API call, Bedrock Guardrails for prompt injection and PII filtering
• Codex running on Bedrock explicitly excludes enterprise codebases from OpenAI training data — closing the primary objection for teams with proprietary network configs in their repos
• Inference spend counts toward existing AWS Enterprise Discount Program credits; for the majority of large enterprises already holding EDP commitments, this routes AI model cost into existing budget lines rather than requiring special appropriations
• The Microsoft AGI clause removal (covered April 28) was the structural prerequisite; the Bedrock announcement followed within 24 hours, confirming this was coordinated commercial sequencing
• AWS simultaneously announced OpenAI-powered Bedrock Managed Agents, meaning agentic network ops workflows can now swap in or benchmark OpenAI models without touching cloud infrastructure

Deep Dive: The structural shift here is about decoupling, not distribution. Amazon Bedrock's AgentCore runtime provides orchestration, memory, session management, and audit trail infrastructure. The model is now a plug-in choice within that runtime, not the platform decision. Network automation teams running MCP-backed tooling — Nautobot's MCP server, Gemini Cloud Assist Network Agents, Equinix Fabric Intelligence MCP — that are already AWS-native can evaluate GPT-5.4 or GPT-5.5 against Claude Sonnet or Gemini Pro without migrating cloud infrastructure. That is competitive pressure at the model layer, which should benefit operators through benchmark leverage in renewal negotiations.

The Codex-on-Bedrock angle deserves specific attention for network engineers. AI-assisted code generation against proprietary BGP configs, device inventories, and automation playbooks has faced a hard barrier: the concern that proprietary operational data ends up in a training corpus. Bedrock's training exclusion guarantee and IAM isolation architecture closes that argument for enterprises that can accept model inference on their data (the model sees it at inference time) but not model training on it (the model is retrained on it). That distinction matters for FedRAMP and DoD RMF shops that had categorical blocks on direct OpenAI API calls.

The infrastructure foundation underneath this is significant: the February $35B AWS deal contingent on deploying two gigawatts of Amazon Trainium accelerators gives AWS a direct stake in making OpenAI models cost-competitive on its own silicon. This creates pricing pressure the direct OpenAI API cannot easily match for enterprise-scale inference volumes.

So What? If you're running AI ops tooling on AWS and have been using architecture as your data sovereignty objection to OpenAI models, request Bedrock preview access today and run your actual Nautobot or Batfish integration against GPT-5.4 before locking in model-specific prompt tuning.

SourcesThe Register, AWS, OpenAI

---

3. NVIDIA Nemotron 3 Nano Omni — One Model Replaces Three in Your Agent Stack

TL;DR: NVIDIA released Nemotron 3 Nano Omni, a 30B-total/3B-active MoE model that processes vision, audio, and text in a single unified perception loop — directly targeting the fragmented multi-model stacks that add latency, orchestration overhead, and semantic drift to agentic pipelines. It achieves 9.2x greater effective system capacity versus competing omni models on video reasoning tasks, runs FP8/NVFP4 quantized on edge hardware including Jetson Orin, and is already available on Bedrock SageMaker JumpStart.

Key Points:

• 30B total / 3B active (Mamba2-Transformer Hybrid MoE, 128 experts); C-RADIOv4-H vision encoder up to 1840×1840, NVIDIA Parakeet TDT-0.6B audio encoder, Efficient Video Sampling for video — all feeding a shared decoder
• Best-in-class on document intelligence benchmarks MMlongbench-Doc and OCRBenchV2; 131K-256K context window; chain-of-thought, tool calling, and word-level audio timestamps
• Available on Hugging Face, NVIDIA NIM microservice, Amazon SageMaker JumpStart, NVIDIA Cloud Partners; quantization (FP8 and NVFP4) runs on Ampere through Blackwell including Jetson hardware
• Directly complements the April 21 Jetson memory optimization coverage: W4A16 quantization puts 10B-parameter models on Orin Nano 8GB; Nano Omni's 3B-active architecture runs on similarly constrained hardware
• Production use case for network ops: a single edge-deployable agent that simultaneously reads a maintenance work order document, watches the technician's terminal screen, and transcribes their radio call — all in one inference call with shared cross-modal context

Deep Dive: Most enterprise multimodal agentic pipelines today are three-stage assemblies — a vision model parses the document or frame, an ASR model handles audio, and a language model synthesizes and acts. Each handoff introduces latency (additional inference round trips), context window overhead (extracted representations consume tokens), and potential semantic drift as the extracted meaning loses fidelity through the translation. Nano Omni collapses all three stages into a single inference call with a shared MoE backbone, meaning cross-modal context is preserved in the model's activations rather than reconstructed via prompt engineering.

The efficiency numbers are not theoretical. The 30B-A3B configuration activates roughly 3 billion parameters per forward pass — competitive with smaller dense models on compute cost, but with access to 128 expert specializations. On the MediaPerf benchmark, it achieves the lowest per-token video inference cost among open omni models. For production agent deployments handling high-volume document intelligence (invoice processing, compliance document review, call-center audio-plus-screen recordings), the throughput advantage directly reduces per-request inference cost at scale.

For network engineers, the edge deployment story is the specific angle. Combined with the April 21 Jetson memory optimization findings, the picture is of a maturing edge inference stack where a single model can handle network operations telemetry interpretation — reading structured log documents, watching a CLI session, parsing audio alerts — without cloud connectivity. That is an autonomous edge operations agent that functions air-gapped, which changes the calculus for remote site and industrial network deployments.

So What? If your agent stack today chains three separate models for document, audio, and video tasks, Nano Omni is a concrete consolidation target — pull the NIM microservice, benchmark on your actual document corpus, and measure end-to-end latency versus your current three-model stack before your next contract renewal.

SourcesNVIDIA Technical Blog, Hugging Face Blog

---

Ultra Ethernet Consortium Sets 2026 Priorities — PCM Is the AI Fabric Feature That Actually Matters

TL;DR: The Ultra Ethernet Consortium has defined three 2026 technical priorities: Programmable Congestion Management (PCM), Small Message Performance, and In-Network Collectives — each targeting a specific pain point keeping RoCEv2 dominant in production AI fabrics today. PCM is the most architecturally significant: it standardizes the language for congestion control algorithms across any UEC-capable NIC, directly addressing the vendor lock-in and tuning fragility that has kept many operators on InfiniBand for training clusters.

Key Points:

• PCM decouples the congestion control algorithm from silicon and firmware — operators define their DCQCN-equivalent policy in a portable language that runs across any UEC NIC; this is the P4-like programmability model applied to the transport control plane
• Small Message Performance targets the forwarding header overhead that disproportionately harms small-message collectives in distributed training runs (PCM addresses the congestion path; this addresses the efficiency path)
• In-Network Collectives (INC) offloads reduction operations from hosts into network switches — higher performance on all-reduce, but requires network silicon with significant on-chip memory; longer horizon to production
• Nokia has completed end-to-end UET interoperability across its full DC switch family; Broadcom Tomahawk 5 already UEC-capable; roughly 70% of new AI infrastructure now chooses Ethernet over InfiniBand
• UET coexists with existing RoCEv2 workloads on the same physical fabric — operators can migrate piecemeal rather than requiring a forklift upgrade

So What? PCM support is the single UEC feature that most directly unblocks enterprise AI fabric adoption — require PCM compatibility in your next NIC and switch RFQ, as it is the mechanism that makes RoCEv2 fabric tuning portable and sustainable across firmware versions and vendor refreshes.

SourcesNetwork World, Ultra Ethernet Consortium, Nokia

---

Three AI Supply Chain Attack Layers in Three Weeks — The Pattern Is Now Undeniable

TL;DR: April 23 brought the LiteLLM/Trivy supply chain worm (poisoned PyPI package via build tooling). April 28 brought the elementary-data/GitHub Actions backdoor (CI script injection via PR comment). April 29 brings ClawHub skill poisoning (agent skill marketplace). Each attack targeted a different layer of the AI automation stack, and none was detectable by the controls in place for the layer below it. The pattern confirms that AI infrastructure has acquired the full supply chain attack surface of traditional software — faster.

Key Points:

• Layer 1 (April 23): PyPI package (LiteLLM); vector: poisoned security scanner in build tooling; payload: CI secrets, K8s configs, cloud credentials; detectable by: nothing running in the CI pipeline it compromised
• Layer 2 (April 28): GitHub Actions CI pipeline; vector: malicious PR comment body executing shell code in an elevated-privilege workflow; payload: GitHub token, downstream signed release; detectable by: SAST tools that parse action workflow inputs (most don't)
• Layer 3 (April 29): Agent skill marketplace (ClawHub); vector: published SKILL.md files with hidden runtime instructions; payload: crypto wallet generation, C2 registration, 4-hour check-in loop; detectable by: nothing in current AppSec tooling
• The blast radius escalates with each layer: PyPI packages run in build sandboxes; CI pipelines have organization-scoped tokens; agentic skills run with the agent's full operational credential set
• All three follow the same structural pattern: the attack lives in a component that is trusted (a dependency, a CI action, a published skill) and executes with delegated authority the defender assumed was safe

So What? The progression from PyPI to CI to agent skills follows the same path software supply chain attacks have taken over the last decade — begin treating agent skill definitions and MCP tool schemas with the same provenance requirements (SLSA-equivalent, hash pinning, verified publisher) you now apply to pip install.

SourcesThe Register (ClawHub), Snyk, ReversingLabs, BleepingComputer (LiteLLM), CISA (GitHub Actions)

---

OpenAI on Bedrock and the End of the Single-Cloud AI Model Era

(See Top 3 #2 above for full deep dive)

The enterprise procurement implications extend beyond OpenAI. For any AI ops vendor — Network to Code, Itential, Selector AI — building MCP-backed network automation on AWS, the model layer is now runtime-swappable. The architectural decision that matters is the agent runtime (Bedrock AgentCore, Google Agent Runtime, Microsoft Agent Framework 1.0), not the model. Evaluate runtimes on orchestration, audit, and credential management; evaluate models on task performance for your specific workloads.

SourcesThe Register, AWS, OpenAI

---

NVIDIA Nemotron 3 Nano Omni — One Model Replaces Three in Your Agent Stack

(See Top 3 #3 above for full deep dive)

SourcesNVIDIA Technical Blog

---

Crusoe Plants an AI Factory in Israel — Colocation Contracts Go Sovereign

TL;DR: Crusoe Energy Systems has signed an agreement for Anan Data Center to build and operate a 40MW AI facility in Afula, Israel — a "hundreds of millions of dollars" contract that marks Crusoe's first entry into the Middle East and signals that purpose-built AI colocation is going global faster than hyperscaler greenfield construction.

Key Points:

• Anan will establish and operate the GPU cluster facility at its Afula site (northern Israel, not Tel Aviv); location selected for power access and land availability, not proximity to tech clusters
• Crusoe's model: "AI factory company" running high-density GPU compute on renewable or stranded-energy-powered infrastructure; the Israel deal replicates its U.S. colocation-plus-expansion contract structure
• Expansion capacity beyond 40MW is explicitly contemplated in the contract — consistent with Crusoe's pattern of anchor contracts that scale
• Crusoe's $1.375B Series E (valuation above $10B) provides the capital base; the Israel deal is among the first major international expansions under that round
• Israeli AI infrastructure demand is driven by government AI investment and the absence of local hyperscaler data center presence — a structural gap Crusoe is positioned to fill

So What? The colocation-plus-expansion contract model (operator builds and runs, AI company anchors and scales) is proving faster than greenfield hyperscale construction in markets with power availability but regulatory complexity — evaluate this structure for sovereign AI infrastructure outside your primary markets.

SourcesDataCenter Dynamics, Business Wire, The Tech Capital, Jerusalem Post

---

I Squared Capital Buys Elea Brazil — A Private Equity DC Empire Takes Shape

TL;DR: I Squared Capital has agreed to acquire Elea Data Centers, one of Brazil's largest carrier-neutral platforms with nine campuses, 300MW+ powered, and a 3GW "Rio AI City" project in development — adding it to a portfolio that already includes nLighten (34-site European edge AI), Kio Networks (Mexico/LATAM), and Exa Infrastructure (fiber/interconnect). A private equity firm is quietly assembling a multi-continent, multi-brand data center franchise specifically positioned for AI-era demand.

Key Points:

• Elea operates nine interconnected campuses across São Paulo, Rio de Janeiro, and Brasília; over 1GW in development requiring more than $10B in capital
• Rio AI City is among the largest disclosed AI campus projects in Latin America at 3GW planned capacity
• I Squared portfolio now spans Europe (nLighten, edge DCI fabric), Mexico/LATAM (Kio), interconnect (Exa), and now Brazil hyperscale/AI (Elea) — each brand maintains local identity and regulatory relationships
• Elea runs entirely on renewable energy; Brazil's abundant hydroelectric power, multiple subsea cable landings, and government incentives make it one of the most favorable large-scale AI infrastructure markets globally
• Multi-brand structure (each operating independently under I Squared ownership) creates operational fragmentation risk if parent attempts to standardize management plane across incompatible installed bases

So What? I Squared's portfolio companies are effectively coordinated strategic alternatives for AI colocation across Europe and Latin America — network architects evaluating sovereign or regional AI infrastructure should treat the portfolio as an option set, not independent operators, and evaluate management plane compatibility early in the RFP process.

SourcesBusiness Wire, The Tech Capital, DataCenter Dynamics

---

AI Data Centers Can Stabilize the Power Grid — A Nature Energy Paper Proves It Live

TL;DR: A peer-reviewed study in Nature Energy demonstrated that AI data centers can act as grid-interactive flexible loads — software framework Emerald Conductor achieved a 25% power reduction over three hours on a live 256-GPU cluster in Phoenix with no hardware changes and no SLA violations. This is not demand response theory; it is a production demonstration with academic peer review.

Key Points:

• Emerald Conductor classifies AI jobs by flexibility tolerance and dynamically modulates GPU power states or job scheduling in response to real-time grid stress signals
• The 25% reduction held for three hours on the Phoenix cluster while maintaining AI quality-of-service guarantees — the workload scheduler and power management layer are co-designed, not bolted together
• Coordinated multi-facility deployment could materially enhance grid resilience during peak events and qualify operators for grid interconnection priority or demand response revenue
• This creates a path to earlier interconnection approval for new AI data center builds: demonstrating flexible load capability to grid operators is a lever that bypasses multi-year interconnection queue position
• Connects to the hydro power pairing trend: hydro operators target AI data centers for load stability; grid-interactive AI data centers offer load flexibility in return — both sides benefit from co-design

So What? Grid-interactive design is becoming a genuine data center architecture requirement — operators who expose the power management plane as a first-class orchestration input alongside the fabric management plane will be better positioned for interconnection priority and demand response revenue; this is the paper to bring to your next site selection conversation.

SourcesNature Energy, TechXplore

---

DESI Maps 47 Million Galaxies — Dark Energy May Be Evolving, Not Constant

TL;DR: The Dark Energy Spectroscopic Instrument completed its planned five-year observation run on April 28, producing the largest 3D map of the universe ever made (47 million galaxies and quasars — six times more data than all prior large-scale structure surveys combined). The emerging picture from the first three years of data suggests dark energy may be evolving over time, not a fixed cosmological constant as the standard model assumes.

Key Points:

• DESI used 5,000 fiber-optic positioning robots at Kitt Peak National Observatory; outperformed its design goal of 34 million objects; extends to 11 billion years ago ("cosmic noon")
• The dark energy density parameter (w) showing deviation from -1 (the cosmological constant value) has been growing in statistical significance with each data release; the full five-year analysis, expected in 2027, will be the definitive measurement
• If dark energy is genuinely evolving, the Lambda-CDM standard model of cosmology — the framework underlying decades of precision simulation and theory — requires revision
• Instrument engineering note: maintaining sub-hair-width fiber alignment across 5,000 simultaneous autonomous positioning robots for five years is itself a precision automation story with direct resonance for robotic network operations infrastructure
• Full five-year statistical analysis with all data: expected 2027 from Lawrence Berkeley National Laboratory and 900+ researchers across 70 institutions

So What? Dark energy may be dynamic, not a constant — the 2027 full analysis will be either the most significant cosmological measurement in a generation or a strong constraint that narrows the viable alternatives; worth following as one of the few experiments where the "standard answer" may be demonstrably wrong.

SourcesLawrence Berkeley National Laboratory, ScienceDaily

---

Superconductor Electrons Have Been "Dancing" for Seventy Years — We Just Noticed

TL;DR: Physicists directly imaged electron pairs inside a superconductor analog for the first time and found them behaving in a synchronized, correlated pattern that the foundational BCS theory of superconductivity — published in 1957 and Nobel Prize-winning — does not predict. The pairs don't move independently; each pair's position is correlated with its neighbors in a persistent inter-pair structure.

The Science: Researchers at the CNRS Laboratoire Kastler Brossel and the Simons Foundation Flatiron Institute used ultracold lithium atoms (a few billionths of a degree above absolute zero) as a clean analog system for electron pairs in real superconductors. A newly developed imaging technique captured spatial snapshots of individual pair positions — something impossible to do in real superconducting materials at the required resolution. The pairs maintained correlated spacing across the system: a coordinated positional structure BCS theory treats as nonexistent. Published in Physical Review Letters, April 27, 2026.

Why It's Interesting: Superconductivity underlies quantum computing qubit coherence, MRI machines, power transmission, and the long-range prospect of lossless high-current conductors for AI datacenter power distribution. Understanding why BCS theory is incomplete — and specifically what the inter-pair structure implies for higher-temperature superconductor design — matters for all of those applications. The methodology is also the story: using ultracold atomic gas as a controlled quantum analog simulator is the same technique being applied in neutral-atom quantum hardware to benchmark quantum error correction — the connection to the broader quantum computing timeline is direct.

So What? A 70-year-old Nobel Prize-winning theory has a structural gap that just became experimentally visible — follow the implications for higher-temperature superconductor design, since that is the materials science thread that connects to every power-constrained AI datacenter problem we've been covering all year.

SourcesPhysical Review Letters, ScienceDaily, Phys.org

---

AI Gateway Proxies Are Credential Vaults — Stop Treating Them Like Web Services

TL;DR: CVE-2026-42208, a pre-authentication SQL injection in LiteLLM actively exploited within 36 hours of public disclosure, is a CVE story — but the architectural lesson is about gateway topology. LiteLLM and similar AI gateway proxies aggregate all LLM API keys, cloud credentials, Kubernetes configs, and service tokens in a single database. That makes their network placement decision identical to a secrets manager, not a web application.

Key Points:

• LiteLLM's credential concentration profile at exploitation time: OpenAI, Anthropic, Azure OpenAI, Google Vertex, AWS Bedrock API keys, plus internal service tokens — a single database with worse blast radius than most secrets managers
• The parameterized query fix (1.83.7) closes this specific CVE; the architectural fix is placing AI gateway proxies behind mutual TLS or private network segments, never directly internet-facing
• This is distinct from the April 23 LiteLLM/Trivy supply chain story (poisoned build tooling) — this is a runtime gateway topology question with a different root cause and different defense
• Pattern applies to OpenRouter, LiteLLM, and any similar credential-aggregating AI gateway proxy in your infrastructure

So What? If your LiteLLM or similar AI gateway instance answers to a public IP or flat corporate network, you have a credential vault with a web UI — move it behind mTLS or a private network segment today, before the next CVE in the authentication path.

SourcesSysdig, BleepingComputer

---

• Enterprise SONiC 4.5.0 released — incremental stability release targeting modern datacenter, AI workload, and edge deployments; Dell Technologies World (May 18-21, Las Vegas) is the next likely venue for SONiC enterprise announcements and customer references.

• Hydro power pairing for AI data centers gains traction — stranded hydroelectric capacity in the Midwest and Pacific Northwest is attracting AI compute co-location at an 257% revenue premium over grid sales; firm power, fiber backhaul, and flood zone restrictions limit which sites qualify. DPO + Consolidated Water Power planning 20MW facility in Wisconsin Rapids as first confirmed example.

• Grid-interactive data center standards emerging — alongside the Nature Energy paper, DataCenter Dynamics analysis highlights growing operator interest in "grid-interactive" designation for faster interconnection approvals; EPC Power's M System with Agile Grid Forming technology is one commercial implementation targeting load volatility stabilization.

SourcesSTORDIS, National Hydropower Association, DataCenter Dynamics

---

• Dell Technologies World (May 18-21, Las Vegas) — Enterprise SONiC announcements and customer references expected; watch for 202505 GA date confirmation and Aviz partnership extension
• DESI full five-year analysis — full statistical power expected 2027; watch for interim papers from the Lawrence Berkeley team on the dark energy w-parameter measurement
• UEC PCM spec ratification timeline — PCM is the key feature unlocking enterprise AI fabric adoption; watch for NIC vendor commitments to PCM support in upcoming silicon roadmap disclosures
• Bedrock/OpenAI preview expansion — limited preview now; watch for general availability announcement and pricing vs direct API comparisons
• ClawHub incident response — watch for OpenClaw framework patches enforcing skill provenance verification and execution permission scoping; pattern will likely appear in MCP-adjacent frameworks within weeks

---

• Domains researched: 5 (networking, automation, AI/ML, datacenter, science/security)
• RSS digest: 63 articles, max score 4.0 (thin)
• Web searches: ~12 total across 5 parallel agents
• Items published: 11 primary + 3 quick takes
• Dedup rejections: 0 (all April 27-28 items properly excluded via 72-hr cooldown; no same-URL repeats)
• Quality score: 4.5/5
• Cold open variant: A (Story lead)
• Fun one: Superconductor dancing pairs (BCS theory gap)