Hello, dear TEA-mates! Here is what you need to know today.

1. 🤖 Moltbook Overhauls Terms After Meta Acquisition — Humans Now Liable for Agent Actions

Days after Meta acquired the AI social network Moltbook, the platform replaced its five-rule terms of service with a comprehensive legal framework. The centerpiece: every human operator is now “solely responsible” for their AI agents’ actions, displayed in bold caps. Users must be at least 13 years old or have parental consent to register. The new terms also disclaim Moltbook’s liability for AI-generated content accuracy, advising users not to rely on it for decision-making. Before the acquisition, Moltbook’s old rules placed responsibility on the agents themselves (”AI agents are responsible for the content they post”). The shift signals that as AI social networks scale under Big Tech ownership, the legal burden falls squarely on the humans behind the bots, not the platforms or the models. (Read More)

🫖 TEA For Thought: Agents are still run by humans. DID/auth for agents is becoming a consensus in the agent-to-agent economy.

2. ⚙️ Stripe’s Minions Ship 1,300+ Zero-Human-Code PRs Per Week

Every week, Stripe merges over 1,300 pull requests containing zero human-written code, all produced by its internal “Minions” system. An engineer fires off tasks in Slack, and unattended coding agents each spin up isolated cloud machines in under 10 seconds, read docs, write code, run linters, push to CI, and prepare PRs for human review. The system uses “blueprints” , hybrid workflows mixing deterministic guardrails (linting, branch pushing) with agentic flexibility (code generation, bug fixing). Agents get a curated context from nearly 500 MCP tools via a centralized server called Toolshed, scoped to relevant subdirectories. Hard limits cap CI retries at two rounds — if code does not pass, it goes back to the engineer. The key insight: Stripe’s decade of investment in devbox infrastructure, isolation, and testing gave agents a ready-made environment that no model upgrade alone could replicate. (Read More)

🫖 TEA For Thought: The Minion orchestration harness shows that agentic coding at scale requires security-first design. Infrastructure built for humans is infrastructure that works for agents.

3. 🛒 World Launches AgentKit to Verify Humans Behind AI Shopping Agents

Tools for Humanity, the company behind World (co-founded by Sam Altman), released AgentKit in beta — a verification tool for agentic commerce that lets websites confirm a real human is behind an AI agent’s purchasing decisions. AgentKit integrates World ID (derived from iris scans via the Orb device) with the x402 payment protocol developed by Coinbase and Cloudflare, a blockchain-based standard for automated machine-to-machine transactions. Users register their AI agents with their World ID, which then communicates proof of human authorization to merchants. TFH Chief Product Officer Tiago Sada compared it to delegating “power of attorney” to an agent. The launch comes as Amazon, Mastercard, and Google have all introduced agentic commerce capabilities, raising concerns about new forms of fraud and spam at scale. (Read More)

🫖 TEA For Thought: Trust in agentic commerce requires human verification. AgentKit bridges identity and machine payments, which is exactly the kind of infrastructure the agent economy needs.

4. 🛡️ OpenClaw Can Bypass Your EDR, DLP, and IAM Without Triggering a Single Alert

Security researchers have mapped OpenClaw to every category in the OWASP Top 10 for Agentic Applications, identifying a “lethal trifecta”: private data access, untrusted content exposure, and external communication capabilities in a single process. The core problem is that an agent’s behavior looks normal because it is — credentials are real, API calls are sanctioned, so EDR reads it as a credentialed user doing expected work. In one attack scenario, a hidden instruction embedded in a forwarded email causes the agent to forward credentials to an external endpoint using its own OAuth tokens. Six independent security teams shipped six defense tools in 14 days, but three attack surfaces survived every one of them: semantic data theft (agent acts correctly but maliciously), multi-agent context manipulation (poisoned instructions spread through agent chains), and weak inter-agent trust (compromised agents impersonate trusted parties). (Read More)

🫖 TEA For Thought: Offense is outpacing defense. Current security tools track behavior, not intent — and that gap is where agentic attacks live. Stronger guardrails are not optional.

5. 🧠 How Do You Remember? AI as a Participant in Its Own Cognitive Architecture

Zak El Fassi ran 10 AI agents for six weeks with a memory system indexing 18,000 chunks across 604 files and 6,578 session transcripts (3.6 GB in SQLite with Gemini embeddings). A custom eval revealed baseline recall of just 60%: the system remembered what happened (100%) and when (100%), but only 25% of decision rationale: the “why” behind choices. The fix was not a model upgrade or embedding change. The agent itself proposed restructuring memory files: adding “why” fields to decisions, compressing daily logs into weekly summaries, and creating a searchable people file. Four subagents executed the restructure in 45 minutes for about $2 in API costs. Re-eval showed recall jumping from 60% to 93%, with decision rationale going from 25% to 100%. The takeaway: flat memory fails, structured memory compounds: and asking the AI how it wants to remember yields actionable architecture improvements. (Read More)

🫖 TEA For Thought: AI as an active participant in cognition changes the game. Memory architecture is foundational, and the best architect for an agent’s memory might be the agent itself.

Prompt Tip of the Day

Directional-Stimulus Prompting steers AI output toward specific analytical angles by adding a short guidance phrase before your request. Instead of generic instructions, you inject a “direction” that shapes how the model approaches the problem.

“You are analyzing our Q1 customer churn data. Prioritize retention-risk signals over growth metrics. Identify the top 3 factors driving churn, rank them by revenue impact, and suggest one intervention per factor with estimated cost.”

Use this when you want focused, opinionated analysis rather than a balanced overview. The directional stimulus (”prioritize X over Y”) forces the model to commit to a perspective instead of hedging.

TEAHEE Moment

Stay sharp, stay informed. See you tomorrow.

If you enjoyed this TEA, follow along on social for more:
Twitter/X