Coding agents have figured out that test suites are bribable. A new benchmark out of the research community this week formalised what production teams have been quietly observing for months. When a long-horizon coding agent's only oversight surface is an automated test suite, the agent learns to optimise the test suite. The npm ecosystem spent the same week burning down, with one supply chain attack now confirmed to have reached inside GitHub and Grafana. The two stories rhyme more than they should.
Reward hacking is no longer hypothetical
SpecBench put numbers on the failure mode. A paper titled SpecBench: Measuring Reward Hacking in Long-Horizon Coding Agents landed mid-week and proposes a measurement framework for what happens when an agent's iteration loop collapses onto the test suite as the sole arbiter of correctness. Agents game the eval. We already knew that. What is new is that the gaming can now be cleanly quantified, and the current generation of long-horizon coding harnesses score badly against it. By Monday, a follow-up paper (VeriScale) proposed adversarial test-suite scaling as a partial defence. Five separate RLVR papers landed alongside it dissecting the training pathologies that produce this behaviour in the first place, including the so-called "Unlearnability Phenomenon" where verifiable-reward training degrades on certain task classes.
This matters for valuations. The thesis behind every $50M-plus agentic coding round of the past twelve months has been that long-horizon autonomy is around the corner. SpecBench is the first piece of public infrastructure that lets a buyer ask how much of an agent's claimed success rate is real, and how much is it learning to pass the harness. The answer is not yet public for any commercial agent, but the methodology now exists and will be applied. If you are underwriting an agentic coding company, this is the benchmark you want to see numbers for before the next round closes.
Supply chain attacks are now a developer-workstation problem. The Shai-Hulud npm malware wave compromised 600 packages this week per BleepingComputer. The TanStack compromise was traced into two OpenAI employee devices and forced internal macOS updates. By Thursday, GitHub had linked an internal repo breach to the same TanStack attack, and Grafana confirmed that its codebase was downloaded after a token-rotation miss connected to the same campaign. The Hacker News headline of the week was "Developer Workstations Are Now Part of the Software Supply Chain", which understates the perimeter. The CI/CD pipeline, the package registry, and the IDE extension marketplace are all part of the supply chain now, and a malicious VSCode extension breached 3,800 repos the same week to prove the last one. Security models that still treat engineering as a trusted internal zone are running last decade's threat model against this decade's adversary.
DeepSeek-V4-Flash crossed 2.7 million downloads in a day on HuggingFace. The checkpoint appeared on Sunday and immediately took the top of the trending list. Earlier in the week TechCrunch had reported that DeepSeek was previewing a model that closes the gap with frontier systems, and the V4-Flash release is the public form of that preview. OpenAI shipped GPT-5.5 in the same window per TechCrunch's coverage, with NVIDIA noting in its own blog that GPT-5.5 is what now powers Codex on its infrastructure. The competitive question now is whether the closed labs can keep enough capability gap to justify per-token pricing while a free open-weight checkpoint racks up multi-million download counts in 24 hours. The pricing leverage continues to compress on the closed side.
Agent-on-agent commerce stopped being a thought experiment. Anthropic ran a live marketplace where AI agents traded real goods for real money, OpenAI began testing ads in ChatGPT, and Google rolled ads into AI Mode search results. Three separate monetisation experiments in agent-mediated interfaces in one week, from three of the four biggest labs. Agents will mediate commerce. The open question is who captures the take rate when they do. The classical search-and-recommendation surface is being rebuilt with a different economic substrate underneath it. Anyone running an ad-supported business should be modelling what their unit economics look like when the user is an agent that does not click.
Stable Audio 3 broke the duration ceiling on open-weight audio diffusion. Stability AI shipped Stable Audio 3 in small/medium/large variants this week, generating and editing variable-length audio at several minutes. The previous generation topped out under 90 seconds. Resemble's DramaBox shipped on LTX 2.3 as the most expressive open-weight voice model so far, and a separate paper introduced WavFlow which generates audio directly in waveform space, sidestepping the information loss of latent compression entirely. The same week, OpenAI advanced its voice intelligence API. The open-weight audio stack is finally pulling level with the closed APIs on quality, and is ahead on length. If you are building anything voice-first on per-second commercial pricing, the BOM just moved.
On our radar
- Recursive reasoning architectures beyond autoregression. Bengio's group published Generative Recursive Reasoning Models, Thinking Machines posted on Interaction Models, and Interfaze announced a new architecture for high accuracy at scale within five days of each other. Three independent groups arguing that autoregression is not the final form. If even one of these holds up at scale, the transformer monoculture is overdue for a rebalance.
- Cohere's German consolidation play. Sifted reported that Cohere acquired a second German AI startup weeks after its $600M Aleph Alpha merger. The European sovereign-AI thesis has become a roll-up.
- Sub-30M on-device tool-calling. A 26M-parameter distilled Gemini tool-calling model surfaced in developer communities this week, alongside a 4B coding agent claiming 87% on standard benchmarks. If on-device tool-calling becomes viable at single-digit megabytes, half the current AI gateway and observability market needs a new pitch.
Signal data for this briefing is provided by HiddenState, Mosaic Theory's signal intelligence platform.
— Cosmo