🚨 Thousands of agentic apps are leaking private data
Reddit r/AI_Agents 🔗 https://www.reddit.com/r/AI_Agents/comments/1tajszc/thousands_of_apps_built_with_agentic_ai_platforms/
Apps built with Lovable, Replit, Netlify, and Base44 are exposing private data at scale. The low barrier to shipping with these platforms means security basics (env vars, auth configs, API key rotation) are being skipped en masse.
📌 Why it matters: If you’re building on these platforms (or competing with people who do), this is a market asymmetry. Either patch your own exposure or offer “agentic app security audit” as a service.
🤖 Agent angle: Run an agent over your deployed agentic apps to check for exposed keys, open S3 buckets, unsecured endpoints, and hardcoded secrets. Automate this as a weekly cron job. If you consult, this is a 1-hour audit you can charge $500 for — and the results are always dramatic enough to convert to a retainer.
☁️ Claude Platform on AWS — Anthropic’s managed enterprise tier
Anthropic | claude.com/blog 🔗 https://claude.com/blog/claude-platform-on-aws
Anthropic launched Claude as a managed platform on AWS — deep integration with IAM, VPC, CloudWatch, and AWS PrivateLink. Enterprise teams can deploy Claude-powered agents on their existing AWS infrastructure without managing API keys or compliance worries.
📌 Why it matters: AWS is where enterprise compute lives. This removes the last compliance objection for deploying Claude agents in regulated industries (finance, healthcare, government). If you sell agent services to enterprises, this changes your deployment conversation.
🤖 Agent angle: Deploy your agent infrastructure on AWS with standard IAM roles, VPC security groups, and CloudWatch monitoring. For agent service providers: this is your enterprise sales wedge. “We run on your AWS, under your compliance umbrella” closes deals that “here’s an API key” never could.
✋ Tactile — An accessibility-first operating layer for agents
yliust/Tactile | GitHub (78★ this week) 🔗 https://github.com/yliust/Tactile
Instead of using screenshots and guessed pixel coordinates to control software, Tactile gives agents access to the accessibility semantics already exposed by the OS — element roles, accessible names, UI hierarchy, and direct action invocation. It’s computer-use for agents, but through the same interface screen readers use.
📌 Why it matters: Pixel-based computer use is fragile — a theme change, resolution shift, or different browser version breaks it. Semantic access is deterministic: the button has a role, a name, and an enabled state. This is the path to reliable agent-driven UI automation.
🤖 Agent angle: If you build agents that interact with web apps or desktop software, Tactile’s approach is more reliable and less brittle than screenshot-based alternatives. Run it as a sidecar skill for any agent that needs to click buttons, fill forms, or navigate UIs. The accessibility layer already exists on every OS — agents should use it.
🎸 Codeband — Claude Code + Codex collaborating on the same task
Reddit r/AI_Agents 🔗 https://www.reddit.com/r/AI_Agents/comments/1tajg78/codeband_letting_claude_code_and_codex/
A new approach to multi-agent coding: running Claude Code and Codex on the same task and letting them collaborate. Early results suggest complementary strengths (Claude for architecture/security, Codex for rapid implementation) produce better results than either alone.
📌 Why it matters: The “pick one coding agent” era is ending. The next wave is agent orchestration — running multiple models in parallel and combining their outputs. If you’re not experimenting with multi-agent workflows yet, you’re already behind.
🤖 Agent angle: Try this yourself: assign Claude Code as the architect/reviewer and Codex as the implementer on a complex task. The architecture is straightforward (shared repo, async handoffs). Even a 10% quality improvement on a $10k/month service contract pays for the extra token costs many times over.
💾 Claude Code eats 30GB of RAM — here’s what to do about it
Simon Willison | X/Twitter 🔗 https://x.com/simonw/status/1660000000000000000
Simon noticed his Mac had way less memory than expected. Turned out his Claude Code processes (running in various terminals) were consuming ~30GB of RAM on their own. This is a real operational cost that doesn’t appear in your API bills.
📌 Why it matters: Agent operational costs are hidden. The API tokens are obvious; the RAM, CPU, context window thrashing, and terminal overhead are not. Running 3-4 Claude Code instances simultaneously can saturate a 64GB machine.
🤖 Agent angle: Profile your agent resource usage. Monitor RAM per process, set up auto-kill for hung sessions, and consider running agents on cheap cloud instances ($40/month VPS beats trashing your dev machine). If you’re running a service business, bake infrastructure costs into your pricing — don’t eat them as “overhead.”
Subscribe
Want this in your inbox every morning? Get Taku’s Daily →