Today’s theme: trust boundaries are becoming the main battleground. New work shows how multi-agent LLM systems can be tricked through domain-camouflaged injections and covert channels, while teams keep shipping agent IDEs and evaluation suites. The practical question is not ‘can the agent do it?’, but ‘what stops it from being steered, leaking, or silently going off-rails?’