Sponsor: MegaETH — Crypto has new apps, finally.
Tool spotlight:
Take note, as the Lazer team just shipped an agent CLI for mini apps on Base, Farcaster, and World. It's a great resource if you're wanting to use agents to build mini apps for those three ecosystems simultaneously via a single toolkit (as opposed to making three separate deployments with three different stacks). Worth a bookmark!
What else is new...
- 🦾
Coinbase released CDP CLI with built-in MCP server support for setting up agentic operations across trading, payments, and beyond - 🏄 Surf launched Surf Skill, a single installable "brain" that gives AI agents access to +90 crypto data commands
Personal agents were my focus this week.
A thread from Brexton, Cantor's Global Co-Head of AI & Compute Infrastructure, gave the most honest account I've read of what using them actually feels like. Google released a new suite of open-weight models designed to run locally on your own device. And Google researchers published work on just how wide the attack surface for agents has become.
Taken together, they raised a question worth sitting with: what does it actually mean to use agents well?
What Agents Actually Feel Like
Let’s start with Brexton, who spent the past week publicly trying to claw-pill himself.
While initially quite skeptical, by day seven, he’d decided to keep his agents. I highly recommend reading the entire thread as everyone working with agents will likely resonate with his thoughts in one way or another.
For me, the things that stood out were:
1 — How valuable configuring automations can be for clarifying what you actually need. You have to think through every component, and vague intentions get exposed fast. Leave something undefined and you get a tangle of what could be done rather than what needs to get done. I've had the same experience building a midterm congressional tracker a few weeks back. The value came just as much from how it sharpened my thinking about the project as from the output itself.
David Christopher Mar 18, 2026 • 5 min read
2 — The tedium of stitching together platforms through API keys and authentication flows, often costs more time than the task itself. x402 earns its keep here, circumventing this hurdle for a small cost (which I increasingly believe people will be more and more willing to pay). I do think some tasks are better equipped for x402 than others. For example, research (especially now with the native Exa integration) or sales lookups (thanks to the continued launches from AgentCash), particularly, can benefit tremendously from this.
3 — Where agents produce measurable, compounding productivity is in structuring knowledge, not researching it. Andrej Karpathy released his LLM wiki last week: a persistent knowledge base for agents to maintain, cross-reference, and expand. Brexton mentions using it as a portable context and memory you can bring to any agent. Every agent he uses now touches it like a core database. I've settled into the same pattern, and the broader conversation on Twitter reflects it too. Nous Research has already shipped it as a built-in skill in Hermes Agent, adding a self-learning loop that turns completed tasks into reusable skills automatically.
Further, Bunny, the founder of clawpump, showed me a tool called Aristotle this week that formalized years of his amassed notes into structured equations. It's the same pattern: pre-existing knowledge organized into something you can query and build on. This is where agents unlock real "productivity," by building and being durable knowledge systems that get better the more you use them.
Local Arrives
Having a capable model that runs entirely on your own device changes the calculus for personal agents.
Google released Gemma 4 last Friday, a set of four open-weight (not open-source, an important distinction) models, the smallest of which you can run on a phone. The largest runs on a laptop. They arrive under Apache 2.0, so you can modify and commercialize them without asking permission.
Eight months ago, these capabilities would have been considered frontier. Now they run on devices you already own.
I've been writing since January that the shift to local was coming. Always-on, personal agents can't round-trip every action through a data center for latency reasons and economic ones. The latter point is one Limitless, our frontier tech podcast, stresses in their latest episode: you can essentially replace a $20/month subscription with "free-forever" AI thanks to Gemma 4.
A broad concern with personal agents is data exposure. Local models go a long ways toward solving this. A Gemma instance on your device isn't routing your activity through a third party's servers. You still take on risk when hooking external platforms in, but the baseline is better than sending everything through a centralized provider.
Trade-offs remain, obvious in the headline that Gemma’s performance matches eight-month old models, but for privacy-conscious users, local changes the math.
Further, reliable offline AI is quite cool.
The Security Squeeze
Google researchers published work this week showing websites can hijack AI agents through invisible prompts embedded inside images.
The agent loads a visually identical page, reads hidden instructions in the pixels, and executes them. Some attack vectors exceeded 80% success rates. The attack surface for browsing agents is wide open, and the risk scales with the authority you give the agent.
Anthropic's disclosure of Mythos Preview is worth a note on the margin here, just to say that these abilities will get drastically better as it eventually rolls out the the market.
This compounds when agents are spending money. x402 lets agents transact across hundreds of endpoints autonomously. That's the value, but it's also surface area. Kevin Leffew, co-author of the x402 whitepaper, flagged Superagent as a startup to watch this week after they integrated Brin.sh into Grok CLI's x402 implementation. Brin functions as a universal allowlist, scanning URLs for phishing, prompt injections, and other agentic threats before an agent pays or accesses content. A very handy security tool which pairs well with agent control layers like Ampersend, which I wrote about last week, or Guardx402.
It’s good to see the governance layer for agent payments beginning to take shape because, well, it needs to.
Zooming out, a few principles stand out for how to use agents well: let them help you refine a goal into something specific and scoped, rather than leaving you buried in what's possible. Use them to structure knowledge that compounds over time. And make sure the security parameters are in place, especially when they're spending money on your behalf.
Plus, this week's headlines...
🤖 News
- 🔥 Biconomy — unveiled ERC-8211 "Smart Batching," which can help users and agents take more complex actions onchain
- 🔥 Morpho — introduced the beta of Morpho Agents, an infra layer so agents can readily build atop Morpho
- Base — announced its
Base Batches 003 winners, including AI projects 4Mica, Agently, Blockrun, Floe Labs, and Liminal - Exa — the AI web search platform added support for x402 payments
- LI.FI — is hosting a DeFi Mullet Hackathon ft. an AI x Yield track
- Praxis — deployed its AI mesh network atop Arbitrum
- USDAI — is approaching $50M in GPU-backed loans to date
📚 Reads
- 🔥 Sreeram Kannan — Agents Will Become Companies
- Spencer Graham — An Actionable Model of Trust
- B3 — Reliable Rails for Unreliable Agents
We're past "in it for the tech" or "in it for the money." 
MegaETH is bringing you products worth using, powered by USDM.
