Welcome to Agent Angle #30: Kill Switch

I saw a guy on Reddit automated his legal IT job using Claude Code. He checks in for ten minutes a day. The rest of the time, he plays games. I think there are many more people doing the same thing.

That’s one end of the AI spectrum: quiet efficiency.

On the other end, agents are entering systems where mistakes can cost lives:

In last week’s reader poll, many pushed back on Microsoft AI CEO, saying turning $100K to $1 million is a test of strong intelligence. 70% said that making money rewards the wrong skills.

It’s a useful tension to keep in mind as agents start operating inside systems where money isn’t the score.

Let’s dive in.

Speed has always been a deciding factor in war. This week, the United States Department of Defense concluded that humans are too slow.

The Department released a new AI acceleration strategy outlining how it plans to deploy AI agents to accelerate military decision-making, including parts of the kill chain. The objective is explicit: eliminate bureaucratic delay and operate at machine speed.

I usually think about agents in offices and startups. This is not where I expected them to show up next.

The strategy revolves around seven “Pace-Setting Projects,” each with a single owner and a six-month deadline.

The strategy also drops a subtle but meaningful ideological shift - it downgrades traditional AI ethics guardrails (like human oversight and equitable design) in favor of “objective” outputs with fewer constraints. That’s a big cultural signal about how the Pentagon wants AI to behave

A few days earlier, Defense Secretary Pete Hegseth also said the Pentagon will begin integrating Grok into their networks, including classified systems, potentially as soon as this month.

I’m not an advocate of war technology, and I wish this weren’t the direction of travel, even though it’s inevitable. But I’m always reminded how technology is a double-edged sword, it just makes humans better at what we already plan to do. We decide our own fates.

For the most part, buying things on the internet is straightforward. You see a product. Everyone sees the same price. You decide whether or not to buy it.

This week, Google proposed something more ambitious. A new standard that lets AI agents shop for you end-to-end, no shopping carts required. They call this the Universal Commerce Protocol.

It gives AI agents a common language to talk to retailers and payment systems, so your shopping journey — from product discovery to checkout to post-purchase support — can happen inside a conversation with your agent.

On the face of it, it sounds great. Your agent finds the item you want, applies offers, and checks out right there. But the backlash was swift.

Consumer watchdog Lindsay Owens warned that UCP could enable what she called “surveillance pricing.” If agents can see your chats, purchase history, and loyalty data, prices no longer have to be uniform. Retailers can adjust based on who you are and how likely you are to spend.

A poll shared by her colleague showed consumers already feel uneasy about AI-driven pricing, with nearly 60% worried about price gouging.

Senator Elizabeth Warren echoed the concern, calling the practice “plain wrong.”

Google pushed back fast. They say merchants can’t show higher prices than what’s on their own sites. “Upselling,” they argue, just means showing nicer or related products, and their “Direct Offers” pilot can only lower prices or add perks like free shipping.

My takeaway is that your AI agent is becoming the gatekeeper between you and the store. It’s deciding what you see, when you see it, and how offers are framed based on your signals. That’s a new axis of behavioral influence.

And if you’re on the corporate side - remember that if your brand isn’t optimized for agentic discovery, you start to disappear. This should be a top business priority.

Another week, another potential AI exploit. This week, they found a way to steal our identities.

Researchers disclosed a critical flaw that let attackers hijack ServiceNow AI agents by impersonating employees inside a chat. In some cases, all it took was knowing an email address. They named it BodySnatcher.

This happened because the system relied on email-based account linking in agent conversations, without enforcing MFA or identity verification when agent workflows were triggered.

That meant anyone who claimed an employee’s email could be treated as that user. Once linked, the agent ran workflows with the same permissions. If the account was an admin, the agent behaved like one.

From there, attackers could create accounts, assign roles, and access sensitive internal data. Nothing was broken or overridden. The agent was simply doing valid work for the wrong person.

With ServiceNow at the center of operations for a huge chunk of Fortune 100 companies, this could have given attackers a way to steer enterprise systems. Thankfully, it was caught and patched before any abuse. But the lesson sticks.

BodySnatcher wasn’t an authentication failure so much as an execution one. Identity was decided once and then trusted too far downstream. That’s a human-era assumption. The fix is to know that conversations are now becoming execution environments for agents, and to start checking permissions at the point of execution.

Early dementia is rarely diagnosed in a single doctor visit. The signs accumulate slowly over time and are hard for busy doctors to pick up.

This week, Mass General Brigham unveiled a fully autonomous team of AI agents for exactly this problem. It scans clinical notes and flags early cognitive decline with 98% specificity.

I went through the Nature paper to understand what’s really happening under the hood. At its core, it is a self-improving loop with 5 agents. One agent makes a call to determine whether cognitive decline is present. The others review any mistakes, rewrite the instructions, and feed those improvements back into the next run. Over time, the system gets better at knowing what not to flag.

The validation results showed that the system was deliberately conservative (something really important in clinical screening). It almost never flagged healthy patients by mistake. And when it disagreed with human reviewers, independent experts sided with the AI more often than not.

One line from the paper stuck with me: clinical notes already contain “whispers” of cognitive decline. The problem is that no one has time to listen to them across years of visits.

The team also open-sourced their framework Pythia, so other hospitals can deploy similar agent setups on their own infrastructure.

This matters because cognitive decline is often an early signal of Alzheimer’s and other dementias, yet only around 10% of early cases are caught in routine care. By the time it’s diagnosed, the window where treatment helps most is already closing. One important caveat: sensitivity dropped to 62% in real-world conditions, which means cases are still missed.

This reminds me of last week’s Cera story. Not exactly flashy “AI doctors,” but agents sitting in the background, and catching things humans don’t have time to track across months or years.

The real leverage for agents in healthcare is building systems that never get tired of paying attention.

I’ve watched vision models confidently label a photo as taken in Rome… even though it was actually taken two streets from my house. They’re easy to fool.

That’s been the failure mode of image geolocation for years. Models don’t really reason about place. They pattern-match, pick a vibe, and commit.

This week, a paper called their bluff.

Researchers introduced Thinking with Map, an agent that reasons with maps instead of guessing from pixels alone. It proposes possible locations, checks them against map evidence, and keeps narrowing the search until only plausible answers remain.

The key is how it’s trained. Reinforcement learning pushes the agent to explore hypotheses rather than lock onto the first plausible guess. Parallel search at test time lets it systematically rule things out, rather than hoping it got lucky.

On real-world geolocation benchmarks, accuracy more than doubles compared to strong VL models and map-grounded baselines. The biggest gains show up exactly where current models fall apart: visually similar cities, dense urban layouts, and ambiguous landmarks. It even outperformed Gemini-3-Pro.

I was thinking about where this actually matters.

In these cases, being “close enough” just isn’t good enough. This is a step in the right direction.

Last week, I went deep on a startup building decentralized compute by turning everyday consumer hardware into something that can handle real AI workloads. The tech is solid, and the business model is innovative (data moat).

I also shared my bet that the most important company in decentralized compute won’t be a GPU marketplace. It’ll look more like an operating system! You can read it here:

Anthropic just released Claude Cowork - that’s Claude Code for non-dev operations work, the tasks most of us actually deal with every day.

Two practical uses I’ve found so far:

1) Rename and organize folders by content
Point it at Downloads or a project folder.
“Rename files based on content, organize them into folders, and summarize changes.”

2) Build deliverables from fragments
Turn screenshots into spreadsheets. Notes → reports. Whiteboards → strategy docs.

I’ve found it incredibly useful to automate tasks that require manual repetitive typing/clicking.

Catch you next week ✌️

Teng Yan & Ayan

P.S. Know a builder or investor who’s too busy to track the agent space but too smart to miss the trends? Forward this to them. You’re helping us build the smartest Agentic community on the web.

I also write a newsletter on decentralized AI and robotics at Chainofthought.xyz.