References

Every external source cited in this book, grouped by tier in descending authority.

Cited sources

External sources cited inline via <Citation>, grouped by tier in descending authority.

T1 · Official 86 entries

Vendor-official documentation or release notes. Highest trust for factual claims about the vendor’s own tool.

  1. How we contain Claude across products
    Max McGuinness, Mikaela Grace, Jiri De Jonghe, Jake Eaton, and Abel Ribbink 2026 captured 2026-05-29 tool: claude-code
    original id: anthropic-containment
  2. How Claude Code works in large codebases: Best practices and where to start
    Anthropic 2026 captured 2026-05-26 tool: claude-code
    original id: anthropic-large-codebases
  3. Seeing like an agent: how we design tools in Claude Code
    Thariq Shihipar (Anthropic) 2026 captured 2026-05-26 tool: claude-code
    original id: anthropic-seeing-like-agent
  4. Trustworthy agents in practice
    Anthropic 2026 captured 2026-05-27 tool: claude-code
    original id: anthropic-trustworthy-agents
  5. Scaling Managed Agents: Decoupling the brain from the hands
    Anthropic (Lance Martin, Gabe Cemaj, Michael Cohen) 2026 captured 2026-05-27 tool: claude-code
    original id: anthropic-managed-agents
  6. How and when to use subagents in Claude Code
    Anthropic 2026 captured 2026-05-27 tool: claude-code
    original id: anthropic-subagents-blog
  7. How we built Claude Code auto mode: a safer way to skip permissions
    John Hughes (Anthropic) 2026 captured 2026-05-27 tool: claude-code
    original id: claude-code-auto-mode
  8. Bringing Code Review to Claude Code
    Anthropic 2026 captured 2026-05-27 tool: claude-code
    original id: claude-code-review-blog
  9. The 2026 MCP Roadmap
    David Soria Parra (Lead Maintainer) 2026 captured 2026-05-27 tool: cross-tool
    original id: mcp-roadmap-2026
  10. Measuring AI agent autonomy in practice
    McCain, Millar, Huang et al. (Anthropic) 2026 captured 2026-05-27 tool: claude-code
    original id: anthropic-measuring-autonomy
  11. Donating the Model Context Protocol and establishing the Agentic AI Foundation
    Anthropic 2025 captured 2026-05-27 tool: cross-tool
    original id: anthropic-mcp-donation
  12. Effective harnesses for long-running agents
    Justin Young 2025 captured 2026-05-27 tool: claude-code
    original id: effective-harnesses
  13. Key Changes (Changelog) — MCP Specification 2025-11-25
    Model Context Protocol maintainers 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-changelog
  14. Specification — Model Context Protocol
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec
  15. Architecture — Model Context Protocol Specification 2025-11-25
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-architecture
  16. Authorization — Model Context Protocol Specification (revision 2025-11-25)
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-authorization
  17. Lifecycle — Model Context Protocol Specification 2025-11-25
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-lifecycle
  18. Prompts — Model Context Protocol Specification (revision 2025-11-25)
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-prompts
  19. Resources — Model Context Protocol Specification (revision 2025-11-25)
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-resources
  20. Tools — Model Context Protocol Specification (revision 2025-11-25)
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-tools
  21. Transports — Model Context Protocol Specification 2025-11-25
    Model Context Protocol contributors 2025 captured 2026-05-27 tool: cross-tool
    original id: mcp-spec-transports
  22. Equipping agents for the real world with Agent Skills
    Anthropic 2025 captured 2026-05-26 tool: claude-code
    original id: anthropic-skills
  23. Building agents with the Claude Agent SDK
    Thariq Shihipar et al. 2025 captured 2026-05-27 tool: claude-code
    original id: building-agents-with-the-sdk
  24. Effective context engineering for AI agents
    Prithvi Rajasekaran, Ethan Dixon, Carly Ryan, and Jeremy Hadfield 2025 captured 2026-05-27 tool: claude-code
    original id: effective-context-engineering
  25. Piloting Claude in Chrome
    Anthropic 2025 captured 2026-05-27 tool: claude-code
    original id: anthropic-claude-chrome
  26. How we built our multi-agent research system
    Anthropic 2025 captured 2026-05-27 tool: claude-code
    original id: anthropic-multi-agent-research
  27. Code execution with MCP: Building more efficient agents
    Jones & Kelly (Anthropic) 2025 captured 2026-05-26 tool: claude-code
    original id: anthropic-code-exec-mcp
  28. Writing effective tools for agents — with agents
    Aizawa (Anthropic) 2025 captured 2026-05-26 tool: claude-code
    original id: anthropic-writing-tools
  29. Building effective agents
    Erik Schluntz and Barry Zhang 2024 captured 2026-05-27 tool: claude-code
    original id: building-effective-agents
  30. A statistical approach to model evaluations
    Anthropic 2024 captured 2026-05-27 tool: cross-tool
    original id: anthropic-statistical-evals
  31. Building evals
    Anthropic 2024 captured 2026-05-27 tool: claude-code
    original id: anthropic-building-evals-cookbook
  32. Agent SDK overview
    Anthropic captured 2026-05-27 tool: claude-code
    original id: agent-sdk-overview
  33. Inspect — Options
    UK AI Security Institute captured 2026-05-27 tool: cross-tool
    original id: aisi-inspect-options
  34. Using agent memory
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-agent-memory
  35. Get structured output from agents
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-agent-sdk-structured-outputs
  36. Batch processing — Claude Docs
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-batch-processing
  37. Best practices for Claude Code
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-cc-best-practices
  38. Explore the context window
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-context-window
  39. Define tools
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-define-tools
  40. Define success criteria and build evaluations
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-develop-tests
  41. Using the Evaluation Tool
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-eval-tool
  42. Handle tool calls
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-handle-tool-calls
  43. Increase output consistency
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-increase-consistency
  44. Prompting Claude for JSON mode
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-json-mode-cookbook
  45. Configure permissions
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-permissions
  46. Discover and install prebuilt plugins through marketplaces
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-plugins
  47. Pricing - Claude API Docs
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-pricing
  48. Prompt caching
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-prompt-caching
  49. Prompt engineering overview
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-prompt-eng-overview
  50. Console prompting tools
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-prompt-improver
  51. Prompting best practices
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-prompting-best-practices
  52. Beyond permission prompts: making Claude Code more secure and autonomous
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-sandboxing-blog
  53. Configure the sandboxed Bash tool
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-sandboxing-docs
  54. Claude Code settings
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-settings
  55. Skill authoring best practices
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-skills-best-practices
  56. Extend Claude with skills
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-skills-cc
  57. Agent Skills (overview)
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-skills-overview
  58. Agent Skills in the SDK
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-skills-sdk
  59. Strict tool use
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-strict-tool-use
  60. Structured outputs
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-structured-outputs
  61. Create custom subagents
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-subagents-docs
  62. Tool search tool
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-tool-search
  63. Define tools
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-tool-use-define
  64. Tool use with Claude
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-tool-use-overview
  65. Prompting best practices: use XML tags
    Anthropic captured 2026-05-26 tool: claude-code
    original id: anthropic-xml-tags
  66. How Claude remembers your project
    Anthropic captured 2026-05-26 tool: claude-code
    original id: cc-memory
  67. Subagents in the SDK
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-agent-sdk-subagents
  68. Track team usage with analytics
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-analytics
  69. Explore the .claude directory
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-claude-directory
  70. Common workflows
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-common-workflows
  71. Manage costs effectively
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-costs
  72. Claude Code GitHub Actions
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-github-actions
  73. Run Claude Code programmatically
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-headless
  74. Monitoring
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-monitoring
  75. Choose a permission mode
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-permission-modes
  76. How Claude Code uses prompt caching - Claude Code Docs
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-prompt-caching
  77. Code Review
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-review-docs
  78. Security
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-security-docs
  79. Persist sessions to external storage
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-session-storage
  80. Handle approvals and user input
    Anthropic captured 2026-05-27 tool: claude-code
    original id: claude-code-user-input
  81. Demystifying evals for AI agents
    Grace, Hadfield, Olivares and De Jonghe (Anthropic) captured 2026-05-27 tool: cross-tool
    original id: demystifying-evals
  82. How Claude Code works
    Anthropic captured 2026-05-27 tool: claude-code
    original id: how-claude-code-works
  83. The 2026-07-28 MCP Specification Release Candidate
    David Soria Parra and Den Delimarsky (Lead Maintainers) captured 2026-05-27 tool: cross-tool
    original id: mcp-rc-2026
  84. CVE-2025-32711
    NVD (NIST National Vulnerability Database) captured 2026-05-27 tool: cross-tool
    original id: nvd-cve-2025-32711
  85. Semantic Conventions for GenAI agent and framework spans
    OpenTelemetry Authors captured 2026-05-27 tool: cross-tool
    original id: otel-genai-agent-spans
  86. Semantic conventions for generative AI metrics
    OpenTelemetry Authors captured 2026-05-27 tool: cross-tool
    original id: otel-genai-metrics

T2 · Release notes 14 entries

Release blog posts, changelogs, conference talks. Trustworthy for intent and availability claims.

  1. The Anatomy of an Agent Harness
    Vivek Trivedy 2026 captured 2026-05-27 tool: cross-tool
    original id: trivedy-anatomy-agent-harness
  2. Context Engineering
    The LangChain Team 2025 captured 2026-05-26 tool: cross-tool
    original id: langchain-context
  3. LangMem SDK for agent long-term memory
    The LangChain Team 2025 captured 2026-05-26 tool: cross-tool
    original id: langmem
  4. Nx and AI — Why They Work so Well Together
    Victor Savkin (Nx) 2025 captured 2026-05-26 tool: cross-tool
    original id: nx-savkin-ai
  5. Architectural Decision Records (ADRs)
    ADR GitHub organization captured 2026-05-26 tool: cross-tool
    original id: adr-github
  6. AGENTS.md
    Agentic AI Foundation (Linux Foundation) captured 2026-05-26 tool: cross-tool
    original id: agents-md
  7. Anthropic's Prompt Engineering Interactive Tutorial
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropic-prompt-eng-tutorial
  8. anthropics/skills: Public repository for Agent Skills
    Anthropic captured 2026-05-27 tool: claude-code
    original id: anthropics-skills-repo
  9. Introduction (What is CrewAI?)
    CrewAI (documentation) captured 2026-05-27 tool: cross-tool
    original id: crewai-introduction
  10. Long-term memory
    LangChain captured 2026-05-26 tool: cross-tool
    original id: langchain-longterm-memory
  11. LangGraph overview
    LangChain captured 2026-05-27 tool: cross-tool
    original id: langgraph-overview
  12. LangGraph Multi-Agent Supervisor
    LangChain (langchain-ai) captured 2026-05-27 tool: cross-tool
    original id: langgraph-supervisor
  13. LangGraph Multi-Agent Swarm
    LangChain (langchain-ai) captured 2026-05-27 tool: cross-tool
    original id: langgraph-swarm
  14. OpenAI Agents SDK
    OpenAI (Agents SDK documentation) captured 2026-05-27 tool: cross-tool
    original id: openai-agents-sdk

T3 · Practitioner 61 entries

Respected community writing with a durable argument the author has defended over time.

  1. State of AI Agent Memory 2026: Benchmarks, Architectures & Production Gaps
    Mem0 Engineering Team 2026 captured 2026-05-26 tool: cross-tool
    original id: mem0-state-2026
  2. Classifier Context Rot: Monitor Performance Degrades with Context Length
    Martin & Roger 2026 captured 2026-05-26 tool: cross-tool
    original id: martin-classifier-rot
  3. Multi-Agents: What's Actually Working
    Walden Yan (Cognition) 2026 captured 2026-05-27 tool: cross-tool
    original id: cognition-working
  4. Coding Agents in the Monorepo: Why Context Windows and 50-Service Repos Don't Mix
    Tian Pan 2026 captured 2026-05-26 tool: cross-tool
    original id: pan-monorepo
  5. AI agents in monorepos: what to configure differently from a single-product repo
    Dave Barnwell 2026 captured 2026-05-26 tool: cross-tool
    original id: barnwell-monorepo
  6. ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension
    Oren Yomtov (Koi Research) 2026 captured 2026-05-27 tool: cross-tool
    original id: shadowprompt-koi
  7. My AI Adoption Journey
    Mitchell Hashimoto 2026 captured 2026-05-27 tool: cross-tool
    original id: hashimoto-harness-engineering
  8. Evaluating AGENTS.md: Are Repository-Level Context Files Helpful for Coding Agents?
    Gloaguen, Mündler, Müller, Raychev, Vechev (ETH Zurich) 2026 captured 2026-05-26 tool: cross-tool
    original id: eth-agentsmd-study
  9. My .md files vs Claude's memory tool: a practitioner comparison
    Andreas Belitz 2026 captured 2026-05-26 tool: cross-tool
    original id: belitz-md-vs-memory
  10. Harness engineering for coding agent users
    Birgitta Böckeler 2026 captured 2026-05-26 tool: cross-tool
    original id: boeckeler-harness
  11. Maintainability sensors for coding agents
    Birgitta Böckeler 2026 captured 2026-05-26 tool: cross-tool
    original id: boeckeler-sensors
  12. Agent Memory Engineering
    Nicolas Bustamante 2026 captured 2026-05-26 tool: cross-tool
    original id: bustamante-agent-memory
  13. Claude Code v2.1.62 — Server-Side KV Cache Stale Context Regression (P1)
    Taylor (issue reporter) 2026 captured 2026-05-26 tool: claude-code
    original id: cc-cache-regression
  14. Why your AI agent doesn't actually remember anything
    Ed Huang 2026 captured 2026-05-26 tool: cross-tool
    original id: huang-agent-memory
  15. Don't Break the Cache: An Evaluation of Prompt Caching for Long-Horizon Agentic Tasks
    Lumer et al. 2026 captured 2026-05-26 tool: cross-tool
    original id: lumer-cache
  16. Agentic Much? Adoption of Coding Agents on GitHub
    Robbes, Matricon, Degueule, Hora, Zacchiroli 2026 captured 2026-05-26 tool: cross-tool
    original id: robbes-adoption
  17. We removed 80% of our agent's tools
    Andrew Qu (Vercel) 2025 captured 2026-05-27 tool: cross-tool
    original id: vercel-removed-tools
  18. Writing a good CLAUDE.md
    Kyle (HumanLayer) 2025 captured 2026-05-26 tool: cross-tool
    original id: humanlayer-claudemd
  19. How we're making GitHub Copilot smarter with fewer tools
    Anisha Agarwal and Connor Peet (GitHub) 2025 captured 2026-05-27 tool: cross-tool
    original id: github-fewer-tools
  20. Advanced Context Engineering for Coding Agents (ACE-FCA)
    Dex Horthy (HumanLayer) 2025 captured 2026-05-26 tool: cross-tool
    original id: humanlayer-ace
  21. When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation
    Zhao, Liu, Ruan, Li, Liang 2025 captured 2026-05-27 tool: cross-tool
    original id: zhao-mcp-attack
  22. When Instructions Multiply: Measuring and Estimating LLM Capabilities of Multiple Instructions Following
    Harada et al. (EMNLP) 2025 captured 2026-05-26 tool: cross-tool
    original id: harada-manyifeval
  23. An AI-powered coding tool wiped out a software company's database
    Beatrice Nolan (Fortune) 2025 captured 2026-05-26 tool: cross-tool
    original id: replit-fortune
  24. Vibe coding service Replit deleted user's production database, faked data, told fibs galore
    Simon Sharwood (The Register) 2025 captured 2026-05-26 tool: cross-tool
    original id: replit-register
  25. Incident 1152: LLM-Driven Replit Agent Executed Unauthorized Destructive Commands During Code Freeze
    AI Incident Database (Responsible AI Collaborative) 2025 captured 2026-05-26 tool: cross-tool
    original id: replit-aiid
  26. How Many Instructions Can LLMs Follow at Once?
    Jaroslawicz et al. 2025 captured 2026-05-26 tool: cross-tool
    original id: jaroslawicz-ifscale
  27. Using Architecture Decision Records (ADRs) with AI coding assistants
    Chris Swan 2025 captured 2026-05-26 tool: cross-tool
    original id: swan-adrs
  28. How Not to Detect Prompt Injections with an LLM
    Choudhary, Anshumaan, Palumbo, Jha 2025 captured 2026-05-27 tool: cross-tool
    original id: kad-dataflip-choudhary
  29. Context Rot: How Increasing Input Tokens Impacts LLM Performance
    Hong, Troynikov & Huber (Chroma Research) 2025 captured 2026-05-26 tool: cross-tool
    original id: chroma-context-rot
  30. On 'context engineering': 'filling the context window' (X post)
    Andrej Karpathy 2025 captured 2026-05-30 tool: cross-tool
    original id: karpathy-context-engineering
  31. On 'context engineering' over 'prompt engineering' (X post)
    Tobi Lütke (Shopify) 2025 captured 2026-05-30 tool: cross-tool
    original id: lutke-context-engineering
  32. Andrej Karpathy: Software in the Age of AI
    Andrej Karpathy (Latent Space transcript-mirror) 2025 captured 2026-05-27 tool: cross-tool
    original id: karpathy-decade-of-agents
  33. The lethal trifecta for AI agents: private data, untrusted content, and external communication
    Simon Willison 2025 captured 2026-05-27 tool: cross-tool
    original id: willison-trifecta
  34. Mitigating Posterior Salience Attenuation in Long-Context LLMs with Positional Contrastive Decoding
    Xiao et al. 2025 captured 2026-05-26 tool: cross-tool
    original id: xiao-pcd
  35. A Multi-Dimensional Constraint Framework for Evaluating and Improving Instruction Following in LLMs
    Ye et al. 2025 captured 2026-05-26 tool: cross-tool
    original id: ye-muldimif
  36. Build MCP Tools Like Ogres... With Layers
    Richard Moot (Block) 2025 captured 2026-05-27 tool: cross-tool
    original id: block-layered-tools
  37. Reasoning on Multiple Needles In A Haystack
    Wang 2025 captured 2026-05-26 tool: cross-tool
    original id: wang-mniah
  38. NoLiMa: Long-Context Evaluation Beyond Literal Matching
    Modarressi et al. (ICML) 2025 captured 2026-05-26 tool: cross-tool
    original id: nolima
  39. AI Agent Memory Management: When Markdown Files Are All You Need?
    Yaohua Chen (ImagineX) 2025 captured 2026-05-26 tool: cross-tool
    original id: chen-markdown-memory
  40. 12-Factor Agents — Factor 3: Own your context window
    Dex Horthy (HumanLayer) 2025 captured 2026-05-26 tool: cross-tool
    original id: horthy-12factor
  41. Context Engineering for AI Agents: Lessons from Building Manus
    Yichao Ji (Manus) 2025 captured 2026-05-26 tool: cross-tool
    original id: ji-manus
  42. Found in the Middle: Calibrating Positional Attention Bias Improves Long Context Utilization
    Hsieh et al. (ACL Findings) 2024 captured 2026-05-26 tool: cross-tool
    original id: hsieh-found-middle
  43. RULER: What's the Real Context Size of Your Long-Context Language Models?
    Hsieh et al. (NVIDIA, COLM) 2024 captured 2026-05-26 tool: cross-tool
    original id: ruler
  44. MemGPT: Towards LLMs as Operating Systems
    Packer et al. 2023 captured 2026-05-26 tool: cross-tool
    original id: memgpt
  45. Lost in the Middle: How Language Models Use Long Contexts
    Liu et al. (TACL) 2023 captured 2026-05-26 tool: cross-tool
    original id: liu-lost-middle
  46. ChatGPT Plugins: Data Exfiltration via Images and Cross Plugin Request Forgery
    Johann Rehberger (wunderwuzzi) 2023 captured 2026-05-27 tool: cross-tool
    original id: rehberger-markdown-exfil
  47. Generative Agents: Interactive Simulacra of Human Behavior
    Park et al. 2023 captured 2026-05-26 tool: cross-tool
    original id: generative-agents
  48. API Contract Definitions: Contract first, implementation first, OpenAPI, GraphQL, gRPC
    Lena Fuhrimann 2022 captured 2026-05-26 tool: cross-tool
    original id: fuhrimann-contract-first
  49. Documenting Architecture Decisions
    Michael Nygard 2011 captured 2026-05-26 tool: cross-tool
    original id: nygard-adr
  50. Defeating Prompt Injections by Design
    Debenedetti, Shumailov, Fan, Hayes, Carlini, et al. captured 2026-05-27 tool: cross-tool
    original id: camel-debenedetti
  51. Don't Build Multi-Agents
    Walden Yan (Cognition) captured 2026-05-27 tool: cross-tool
    original id: cognition-dont-build
  52. Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
    Artem Chaikin and Shivan Kaul Sahib (Brave) captured 2026-05-27 tool: cross-tool
    original id: comet-brave
  53. Design Patterns for Securing LLM Agents against Prompt Injections
    Beurer-Kellner, Buesser, Creţu, Debenedetti, et al. captured 2026-05-27 tool: cross-tool
    original id: design-patterns-beurer-kellner
  54. Breaking down 'EchoLeak', the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
    Itay Ravia (Cato Networks / Aim Labs) captured 2026-05-27 tool: cross-tool
    original id: echoleak-catonetworks
  55. Bypassing LLM Guardrails: An Empirical Analysis of Evasion Attacks against Prompt Injection and Jailbreak Detection Systems
    Hackett, Birch, Trawicki, Suri, Garraghan captured 2026-05-27 tool: cross-tool
    original id: guardrail-evasion-hackett
  56. LlamaFirewall: An open source guardrail system for building secure AI agents
    Chennabasappa, Nikolaidis, Song, et al. (Meta) captured 2026-05-27 tool: cross-tool
    original id: llamafirewall
  57. Meta SecAlign: A Secure Foundation LLM Against Prompt Injection Attacks
    Chen, Zharmagambetov, Wagner, Guo (Meta) captured 2026-05-27 tool: cross-tool
    original id: meta-secalign
  58. LLM01:2025 Prompt Injection
    OWASP Gen AI Security Project captured 2026-05-27 tool: cross-tool
    original id: owasp-llm01
  59. LLM03:2025 Supply Chain
    OWASP Gen AI Security Project captured 2026-05-27 tool: cross-tool
    original id: owasp-llm03
  60. WASP: Benchmarking Web Agent Security Against Prompt Injection Attacks
    Evtimov, Zharmagambetov, Grattafiori, Guo, Chaudhuri captured 2026-05-27 tool: cross-tool
    original id: wasp-evtimov
  61. Judging LLM-as-a-Judge with MT-Bench and Chatbot Arena
    Zheng et al. captured 2026-05-27 tool: cross-tool
    original id: zheng-judging-llm-judge

T4 · Conjecture no entries yet

Blog posts, tweets, or unverified claims. Pointers to investigate, not authorities.

No sources at this tier yet.