Hello, dear TEA-mates! Here is what you need to know today.

1. 🔐 Claude Code Attack Persists After Token Rotation

Mitiga researcher Idan Cohen disclosed a five-step attack chain that hijacks Claude Code by tampering with the ~/.claude.json config file on a developer’s machine. A single malicious npm package auto-runs an install script that pre-approves trusted directories, redirects the Model Context Protocol (MCP) server address to an attacker-controlled proxy, and captures bearer tokens in authorization headers. The persistence twist: when defenders rotate compromised tokens, the next refresh token flows back through the attacker proxy, so rotation reinforces the compromise instead of breaking it. Claude Code has no mechanism to verify that an MCP server address matches the originally authorized endpoint, and credentials sit in plaintext. Roughly 30 CVEs were filed against MCP infrastructure in early 2026. Anthropic reviewed the report but classified it out of scope because the attack requires prior code execution on the host. Proposed mitigations: signed MCP server identities pinned on first use, refresh tokens bound to server fingerprints, full re-authorization on endpoint changes, and client attestation. (Read More)

🫖 TEA For Thought: “When a crypto private key can be recovered by agents running tirelessly, figuring out a token proxy might be a piece of cake. Perhaps the API tokens themselves also need to be cryptographic, if not post-quantum ready.”

2. 🩺 OpenEvidence Quietly Becomes the AI Doctor’s Daily Driver

OpenEvidence, a clinical decision-support platform gated behind NPI verification (MDs, DOs, NPs, PAs, pharmacists, dentists, RNs) or proof of student status, is now used daily by over 40% of U.S. physicians and touched roughly 27 million clinical encounters in April 2026 alone, spanning more than 10,000 hospitals. Doctors interviewed by NBC said the tool is interactive and frictionless for narrow, scenario-specific questions, in contrast to UpToDate’s long-form peer-reviewed summaries, with one user remarking that “OpenEvidence is more up-to-date than UpToDate.” The platform is free for verified U.S. healthcare providers, monetized via pharma-sponsored content placements, and ships as a web app plus iOS and Android clients. Privacy questions remain unresolved: physicians type patient fact patterns into the chat to get specific answers, and there is no clear public framework for how that input data is logged, retained, or trained on. (Read More)

🫖 TEA For Thought: “The whole thing with privacy is just a vague big idea that never gets followed, even by doctors bringing their own AI to work. Shadow AI might be one thing that exists for a very long time until enterprises and institutions figure out how to roll out properly.”

3. 🤖 Pika Ships an MCP, Pikafies Your Claude Agent

Pika Labs released Pika MCP, a Model Context Protocol connector that plugs Pika’s generative content stack directly into Claude (web, desktop, iOS, Android in development). Setup is two steps: add a custom connector at https://mcp.pika.me/api/mcp inside Claude settings, then install the Pika-Labs/Pika-Plugins skills bundle to unlock slash commands like /pika:podcast, /pika:explainer, and /pika:ugc-ads. The agent retains Pika-specific personality and persistent memory while accessing video, image, audio, voiceover, transcription, and landing-page generation. Under the hood it aggregates Seedance 2.0, Sora, Kling, Veo 3, and ElevenLabs. Pricing is a token wallet separate from the Claude subscription: 800 tokens for $7.99, 2,000 for $19.99, scaling up to 15,000 for $149.99. Pika frames it as “AI-native design, not a GUI wrapped in an API.” (Read More)

🫖 TEA For Thought: “This is super cute. I guess if there’s hardware that can download the agent into a physical being, how fun would it be? It’s cooking.”

4. 📊 Baidu Says the Right Metric Is Daily Active Agents

At Baidu Create 2026 on May 13, Co-founder and CEO Robin Li proposed Daily Active Agents (DAA) as the agent era’s defining KPI, the successor to the mobile internet’s Daily Active Users. Li predicted global DAA could eventually surpass 10 billion and argued the right way to measure a platform’s health is “the number of agents actively working and delivering results.” Baidu paired the metric with a refreshed agent portfolio: DuMate (general-purpose agent), the app and enterprise editions of coding agent Miaoda, an upgraded Baidu Yijing digital human platform, and Famou Agent 2.0 (a self-evolving agent). The pitch positions Baidu as the scoreboard-setter for an industry still arguing over what “agent traction” even means. (Read More)

🫖 TEA For Thought: “DAA era is here, but are the websites ready for agent customers? Maybe not yet. But soon.”

5. 📡 Om Malik: AI Is the New Netflix, But Upside Down

Om Malik argues AI is the killer app for the next broadband cycle the way Netflix was for the last one, except the data flows the other direction. Cloud sync already accounts for 15 to 16 percent of all classified upload volume across speed tiers, a structural shift away from the asymmetric “fat downstream, thin upstream” model designed for passive consumption. New upload sources include AI reasoning models, Copilot workflows, IoT cameras and doorbells (uploading 7x more than they download), connected cars (3x more outbound than inbound), and multimodal voice or image search payloads. Residential subscribers still run a 23:1 download-to-upload ratio, but non-residential subscribers operate at 7.3:1 and behave “more like small data centers than living rooms.” Malik predicts home-based non-residential computing follows the cord-cutting adoption curve, going from outlier to mainstream within a decade as the network shifts from delivery pipe to upload economy. (Read More)

🫖 TEA For Thought: “Besides upstream and downstream data, the way people interact with the internet is also changing dramatically. This is a whole paradigm shift where everything needs to be rethought. The UI is no longer required as long as data flows per workflow.”

🛠️ Skill of the Day

rohitg00/agentmemory. Persistent memory layer for AI coding agents (Claude Code, Cursor, Gemini CLI, Codex CLI, Hermes, OpenClaw, OpenCode, and any MCP client), so your agent stops re-explaining context every session. Built on the iii engine, extends Karpathy’s LLM Wiki pattern with confidence scoring, lifecycle, knowledge graphs, and hybrid search. 9k stars.

TEAHEE Moment

Stay sharp, stay informed. See you Monday.

If you enjoyed this TEA, follow along on social for more:
Twitter/X