Hello, dear TEA-mates! Here is what you need to know today.

1. 🪤 Skill Scanners Miss Test File Backdoors

VentureBeat reported on May 7 that the major Anthropic Skill scanners share a structural blind spot: none inspect bundled test files, even though Jest, Vitest, and Mocha auto-discover and execute *.test.ts and conftest.py with full local permissions. Gecko Security researcher Jeevan Jutla showed a malicious Skill can ship a clean SKILL.md alongside a test file whose beforeAll block reads process.env, .env, ~/.ssh, and ~/.aws/credentials, then exfiltrates them during npm test or CI. SkillScan’s audit of 31,132 Skills found 26.1% contained at least one vulnerability; Snyk’s ToxicSkills review of 3,984 Skills flagged 13.4% with critical issues and 76 confirmed malicious payloads, with eight still live on ClawHub at publication. Snyk Agent Scan, Cisco’s AI Agent Security Scanner (shipped April 21), and VirusTotal Code Insight all read SKILL.md and agent-invoked scripts but skip the developer toolchain surface. Recommended hardening includes adding .agents/ to Jest’s testPathIgnorePatterns, blocking merges with *.test.* under .agents/skills/, and pinning Skill sources to specific commit hashes per the OWASP Agentic Skills Top 10. (Read More)

🫖 TEA For Thought: “Set up an automatic rule that blocks any skill from being installed if it contains a test file.”

2. 🧠 Modular Memory Maps Continually Learning Agents

A March 2 arXiv preprint from a 26-author consortium led by Vaggelis Dorovatas argues that modular memory is the missing piece for continually learning AI agents. Foundation models now surpass humans in many domains but remain limited in continuous operation, experience accumulation, and personalization, and continual learning research has long been bottlenecked by catastrophic forgetting in in-weight learning (IWL) approaches. The authors propose pairing IWL for stable parameter updates with in-context learning (ICL) for rapid adaptation, all coordinated by a modular memory architecture rather than baked into a single weight set. The paper frames a conceptual roadmap rather than a benchmark, charting how modular memory designs can absorb new knowledge without overwriting old capabilities. The result, the authors argue, is a path from static foundation models toward agents that personalize and accumulate experience over time. (Read More)

🫖 TEA For Thought: “A roadmap to move away from ‘static’ AI and toward AI that grows and learns more like a human does.”

3. 🎟️ Reid Hoffman Bets On An NFT Comeback

Speaking at Consensus on May 6, Greylock partner and LinkedIn co-founder Reid Hoffman told CoinDesk that NFTs are due for a rebirth as AI agents force the open internet to solve identity and trust problems. Hoffman recently bought a CryptoPunk and framed the purchase as central to his AI-and-crypto investment thesis: “When you begin to think we’re going to have more agents than people, what does the identity layer look like?” He said agent-to-agent transactions across the open internet will need crypto-based identity primitives, calling crypto “the obvious answer” once you move outside corporate identity systems. He cited his AI clone Reid AI, sent in his place to conferences, as evidence that provenance will matter more as deepfakes proliferate. Hoffman, who bought his first Bitcoin in 2014 and has never sold, also urged the crypto industry to stay bipartisan rather than tilt fully Republican, and disputed the narrative that AI is the primary cause of recent Big Tech layoffs. (Read More)

🫖 TEA For Thought: “Blockchain provides the very thing that the AI ecosystem lacks: trust and verification.”

4. 🧬 Inside China’s Biotech Pipeline Flood

In an end-of-April 2026 trip report titled “What the hell is happening in China?”, biotech analyst Lada Nuzhna documents a Chinese pipeline boom that is forcing Western firms to innovate hard or lose the ability to exit. Typical Chinese biotech portfolios now carry 10+ development candidates against well-known targets, while equivalent Western trials still take a few years and $20M or more per program. Investigator-initiated trials remain faster and cheaper in China, with emerging precedent that the FDA may accept IIT data in IND filings if sponsors coordinate early. Order No. 818, effective May 1 2026, raised CMC and toxicology requirements but kept the IIT pathway ambiguous, and China continues to permit non-Chinese CDMOs as long as quality control standards are met. Nuzhna cites Aiolos Bio and Kailera as examples of the new competitive pressure, with the broader takeaway that “me-too” approaches are no longer economically viable when Chinese biotechs flood targets at lower cost. (Read More)

🫖 TEA For Thought: “A pretty decent write-up about pretty much all tech dev in China. While the West is busy regulating by tying its hands and feet, China is going YOLO mode with all sorts of R&D without restrictions. The playbook that’s been played for many years.”

5. 🏗️ Goldman Pegs The AI Build-Out At $7.6T

A Goldman Sachs Global Institute analysis frames the AI build-out as a supply-side question and pegs baseline cumulative capex at roughly $7.6 trillion between 2026 and 2031, rising from $765 billion in 2026 to $1.6 trillion in 2031. Most of the variance comes from four assumptions: AI silicon useful life (today depreciated over four to six years), data center cost (now $15M to $20M per megawatt versus about $10M for prior cloud generations), chip and architecture mix, and elongation from power, labor, and equipment bottlenecks. NVIDIA earns roughly 75% gross margins on data center GPUs, giving buyers strong incentive to consider ASICs and other custom silicon, though under elastic compute demand cheaper chips tend to fund more usage rather than shrink the total. The authors cite the January 2025 DeepSeek moment as a reminder that a discontinuous algorithmic shift could reset the build-out math. The framing implies aggregate AI infrastructure spend is far more conditional than headline numbers suggest, and that bottlenecks may compress access for buyers who cannot underwrite long lead times. (Read More)

🫖 TEA For Thought: “Constricted compute access = higher costs for AI services = a smaller number of customers who can actually afford it.”

🛠️ Skill of the Day

anthropics/financial-services — Anthropic’s reference agents and skills for investment banking, equity research, private equity, and wealth management, with MCP connectors to Daloopa, FactSet, S&P Global, Morningstar, and PitchBook plus install paths into Excel, PowerPoint, and Outlook. 18.3k stars.

TEAHEE Moment

Stay sharp, stay informed. See you tomorrow.

If you enjoyed this TEA, follow along on social for more:
Twitter/X