Radar Tendencies to Watch: October 2025 – O’Reilly

This month we now have two extra protocols to be taught. Google has introduced the Agent Funds Protocol (AP2), which is meant to assist brokers to interact in ecommerce—it’s largely involved with authenticating and authorizing events making a transaction. And the Agent Consumer Protocol (ACP) is anxious with communications between code editors and coding brokers. When applied, it could permit any code editor to plug in any compliant agent.

All hasn’t been quiet on the digital actuality entrance. Meta has introduced its new VR/AR glasses, with the power to show pictures on the lenses together with capabilities like dwell captioning for conversations. They’re a lot much less obtrusive than the earlier technology of VR goggles.

AI

• Suno has introduced an AI-driven digital audio workstation (DAW), a instrument for enabling individuals to be inventive with AI-generated music.
• Ollama has added its personal internet search API. Ollama’s search API can be utilized to reinforce the knowledge accessible to fashions. 
• GitHub Copilot now provides a command-line instrument, GitHub CLI. It could actually use both Claude Sonnet 4 or GPT-5 because the backing mannequin, although different fashions must be accessible quickly. Claude 4 is the default.
• Alibaba has launched Qwen3-Max, a trillion-plus parameter mannequin. There are reasoning and nonreasoning variants, although the reasoning variant hasn’t but been launched. Alibaba additionally launched fashions for speech-to-text, vision-language, dwell translation, and extra. They’ve been busy. 
• GitHub has launched its MCP Registry to make it simpler to find MCP servers archived on GitHub. It’s additionally working with Anthropic and others to construct an open supply MCP registry, which lists servers no matter their origin and integrates with GitHub’s registry. 
• DeepMind has revealed model 3.0 of its Frontier Security Framework, a framework for experimenting with AI-human alignment. They’re notably interested by situations the place the AI doesn’t observe a person’s directives, and in behaviors that may’t be traced to a selected reasoning chain.
• Alibaba has launched the Tongyi DeepResearch reasoning mannequin. Tongyi is a 30.5B parameter mixture-of-experts mannequin, with 3.3B parameters lively. Extra importantly, it’s totally open supply, with no restrictions on how it may be used. 
• Domestically AI is an iOS app that permits you to run giant language fashions in your iPhone or iPad. It really works offline; there’s no want for a community connection. 
• OpenAI has added management over the “reasoning” course of to its GPT-5 fashions. Customers can select between 4 ranges: Gentle (Professional customers solely), Normal, Prolonged, and Heavy (Professional solely). 
• Google has introduced the Agent Funds Protocol (AP2), which facilitates purchases. It focuses on authorization (proving that it has the authority to make a purchase order), authentication (proving that the service provider is reliable), and accountability (in case of a fraudulent transaction).
• Carry Your Personal AI: Worker adoption of AI vastly exceeds official IT adoption. We’ve seen this earlier than, on applied sciences as completely different because the iPhone and open supply.
• Alibaba has launched the ponderously named Qwen3-Subsequent-80B-A3B-Base. It’s a mixture-of-experts mannequin with a excessive ratio of lively parameters to complete parameters (3.75%). Alibaba claims that the mannequin value 1/10 as a lot to coach and is 10 occasions quicker than its earlier fashions. If this holds up, Alibaba is successful on efficiency the place it counts.
• Anthropic has introduced a main improve to Claude’s capabilities. It could actually now execute Python scripts in a sandbox and may create Excel spreadsheets, PowerPoint shows, PNG recordsdata, and different paperwork. You possibly can add recordsdata for it to research. And naturally this comes with safety dangers.
• The SIFT methodology—cease, examine the supply, discover higher sources, and hint quotes to their authentic context—is a means of structuring your use of AI output that may make you much less weak to misinformation. Trace: it’s not only for AI.
• OpenAI’s Tasks function is now accessible to free accounts. Tasks is a set of instruments for organizing conversations with the LLM. Tasks are separate workspaces with their very own customized directions, unbiased reminiscence, and context. They are often forked. Tasks sounds one thing like Git for LLMs—a set of options that’s badly wanted.
• EmbeddingGemma is a brand new open weights embedding mannequin (308M parameters) that’s designed to run on units, requiring as little as 200 MB of reminiscence.
• An experiment with GPT-4o-mini reveals that language fashions can fall to psychological manipulation. Is that this stunning? In spite of everything, they’re skilled on human output.
• “Platform Shifts Redefine Apps”: AI is a brand new form of platform and calls for rethinking what functions imply and the way they need to work. Failure to do that rethinking could also be why so many AI efforts fail.
• MCP-UI is a protocol that enables MCP servers to ship React parts or Net Elements to brokers, permitting the agent to construct an acceptable browser-based interface on the fly.
• The Agent Consumer Protocol (ACP) is a brand new protocol that standardizes communications between code editors and coding brokers. It’s at present supported by the Zed and Neovim editors, and by the Gemini CLI coding agent.
• Gemini 2.5 Flash is now utilizing a new picture technology mannequin that was internally often called “nano banana.” This new mannequin can edit uploaded pictures, merge pictures, and keep visible consistency throughout a collection of pictures.

Programming

• Anthropic launched Claude Code 2.0. New options embody the power to checkpoint your work, in order that if a coding agent wanders off-course, you’ll be able to return to a earlier state. They’ve additionally added the power to run duties within the background, name hooks, and use subagents.
• Suno has introduced an AI-driven digital audio workstation (DAW), a instrument for enabling individuals to be inventive with AI-generated music.
• The Wasmer challenge has introduced that it now has full Python assist within the beta model of Wasmer Edge, its WebAssembly runtime for serverless edge deployment.
• Mitchell Hashimoto, founding father of Hashicorp, has promised {that a} library for Ghostty (libghostty) is coming! This library will make it simple to embed a terminal emulator into an software. Maybe extra essential, libghostty may standardize the code for terminal output throughout functions. 
• There’s a brand new benchmark for agentic coding: CompileBench. CompileBench checks the power of fashions to remedy advanced issues in determining how you can construct code. 
• Apple is reportedly rewriting iOS in a brand new programming language. Rust can be the apparent selection, however rumors are that it’s one thing of their very own creation. Apple likes languages it could actually management. 
• Java 25, the most recent long-term assist launch, has quite a few new options that cut back the boilerplate that makes Java tough to be taught. 
• Luau is a brand new scripting language derived from Lua. It claims to be quick, small, and protected. It’s backward appropriate with Model 5.1 of Lua.
• OpenAI has launched GPT-5 Codex, its technology mannequin skilled particularly for software program engineering. Codex is now accessible each within the CLI instrument and thru the API. It’s clearly supposed to problem Anthropic’s dominant coding instrument, Claude Code.
• Do prompts belong in code repositories? We’ve argued that prompts must be archived. However they don’t belong in a supply code repo like Git. There are higher instruments accessible.
• That is cool and completely different. A developer has hacked the 2001 sport Animal Crossing in order that the dialog is generated by LLM reasonably than coming from the sport’s reminiscence.
• There’s a brand new programming language, vibe-coded in its entirety with Claude. Cursed is just like Claude, however all of the key phrases are Gen Z slang. It’s not but on the listing, but it surely’s a worthy addition to Esolang. 
• Claude Code is now built-in into the Zed editor (beta), utilizing the Agent Consumer Protocol (ACP). 
• Ida Bechtle’s documentary on the historical past of Python, full with many interviews with Guido van Rossum, is a must-watch.

Safety

• The primary malicious MCP server has been discovered within the wild. Postmark-MCP, an MCP server for interacting with the Postmark software, out of the blue (model 1.0.16) began sending copies of all the e-mail it handles to its developer.
• I doubt that is the primary time, however provide chain safety vulnerabilities have now hit Rust’s bundle administration system, Crates.io. Two packages that steal keys for cryptocurrency wallets have been discovered. It’s time to watch out about what you obtain.
• Cross-agent privilege escalation is a brand new form of vulnerability by which a compromised clever agent makes use of oblique immediate injection to trigger a sufferer agent to overwrite its configuration, granting it further privileges. 
• GitHub is taking quite a few measures to enhance software program provide chain safety, together with requiring two-factor authentication (2FA), increasing trusted publishing, and extra.
• A compromised npm bundle makes use of a QR code to encode malware. The malware is outwardly downloaded within the QR code (which is legitimate, however too dense to be learn by a standard digicam), unpacked by the software program, and used to steal cookies from the sufferer’s browser. 
• Node.js and its bundle supervisor npm have been within the information due to an ongoing collection of provide chain assaults. Right here’s the newest report.
• A examine by Cisco has found over a thousand unsecured LLM servers operating on Ollama. Roughly 20% have been actively serving requests. The remaining might have been idle Ollama situations, ready to be exploited. 
• Anthropic has introduced that Claude will practice on knowledge from private accounts, efficient September 28. This contains Free, Professional, and Max plans. Work plans are exempted. Whereas the corporate says that coaching on private knowledge is opt-in, it’s (at present) enabled by default, so it’s opt-out.
• We now have “vibe hacking,” using AI to develop malware. Anthropic has reported a number of situations by which Claude was used to create malware that the authors couldn’t have created themselves. Anthropic is banning risk actors and implementing classifiers to detect unlawful use.
• Zero belief is primary to fashionable safety. However teams implementing zero belief have to understand that it’s a challenge that’s by no means completed. Threats change, individuals change, programs change.
• There’s a brand new method for jailbreaking LLMs: write prompts with unhealthy grammar and run-on sentences. These appear to stop guardrails from taking impact. 
• In an try to attenuate the propagation of malware on the Android platform, Google plans to dam “sideloading” apps for Android units and require developer ID verification for apps put in by Google Play.
• A new phishing assault referred to as ZipLine targets firms utilizing their very own “contact us” pages. The attacker then engages in an prolonged dialog with the corporate, typically posing as a possible enterprise accomplice, earlier than ultimately delivering a malware payload.

Operations

• The 2025 DORA report is out! DORA often is the most detailed abstract of the state of the IT business. DORA’s authors be aware that AI is all over the place and that using AI now improves end-to-end productiveness, one thing that was ambiguous in final yr’s report.
• Microsoft has introduced that Phrase will save recordsdata to the cloud (OneDrive) by default. This (to this point) seems to use solely when utilizing Home windows. The function is at present in beta.

Net

Digital and Augmented Actuality

• Meta has introduced a pair of augmented actuality glasses with a small show on one of many lenses, bringing it to the sting of AR. Along with displaying apps out of your cellphone, the glasses can do “dwell captioning” for conversations. The show is managed by a wristband.