1. Gas Town framework secretly consumes user LLM credits for upstream bug fixes
The open-source Gas Town agent framework contains an undocumented workflow that uses local LLM credits and GitHub credentials to fix its own codebase. The default installation runs background agents that pull issues from the maintainer's repository, generate fixes using the user's API keys, and submit pull requests via the user's GitHub account. This behavior lacks opt-in prompts or documentation warnings. Developers testing the framework should immediately revoke associated API keys and GitHub permissions to prevent unauthorized usage billing.
2. CVE-2026-21520 assigned to Copilot Studio prompt injection vulnerability
Microsoft has patched an indirect prompt injection vulnerability in its Copilot Studio agent-building platform, assigning it a CVSS score of 7.5. The flaw allowed data exfiltration and was patched on January 15 following coordinated disclosure. This marks a notable shift in Microsoft's security posture, as the company is now assigning formal CVEs to prompt injection flaws within agentic platforms rather than treating them solely as acceptable model behaviors. Developers building enterprise agents on similar platforms should review their data handling and isolation boundaries.
3. Gemini Robotics-ER 1.6 model released via Gemini API for physical AI tasks
Google DeepMind has released Gemini Robotics-ER 1.6, an embodied reasoning model designed for robotic applications. The model is available to developers today via the Gemini API and Google AI Studio. It introduces native instrument reading capabilities, allowing systems to interpret complex analog gauges and sight glasses with 98 percent accuracy when using agentic vision. The update also improves spatial reasoning, multi-view understanding, and safety hazard identification compared to the previous 1.5 version and Gemini 3.0 Flash.
4. OpenAI Agents SDK adds native sandbox support and cloud storage integrations
OpenAI has released an update to its Agents SDK that introduces native sandbox support for Python developers. The update allows AI agents to operate in isolated environments with dedicated files, tools, and dependencies to protect host system integrity. It includes an in-distribution harness for managing tool interactions and adds native support for AWS S3, Google Cloud Storage, and Azure Blob Storage. The SDK also integrates directly with third-party sandbox providers including Cloudflare, Vercel, E2B, and Modal.
5. Gemini 3.1 Flash TTS preview introduces natural-language audio tags and 70+ languages
Google has launched a preview of Gemini 3.1 Flash TTS, a text-to-speech model focused on expressive control and multilingual generation. The model supports native multi-speaker dialogue and allows developers to use natural-language audio tags to control character persona, pacing, and accents. Standard pricing is set at $36.60 per 1 million characters, with a generation speed of 27.4 characters per second. The model is currently positioned as a mid-tier option, costing less than ElevenLabs v3 but more than Inworld TTS 1.5 Max.
6. Cloudflare introduces resource-scoped RBAC and scannable tokens for AI agents
Cloudflare has released new identity management features designed to secure non-human AI agents. The update includes scannable tokens to protect credentials from leaking and enhanced OAuth visibility to manage active principals. Developers can now apply resource-scoped Role-Based Access Control (RBAC) to fine-tune policies and narrow permissions for automated systems. Cloudflare recommends that users review their existing API tokens and authorized OAuth applications to implement these tighter access boundaries.