AI++ // agent security, MCP efficiency, and much more

The topic of security, specifically around prompt injection, is often raised and then dropped with a bit of a shrug as the path to a solution isn't very clear. Thankfully there are people out there thinking hard about it. In AI++ today, there are articles from Meta and Perplexity on this, with ways to mitigate the issue that we should all read and learn from.

We've also got news of some great AI events coming up, including the online OpenRAG Summit, along with news of introspective AI models, models getting brain rot from social media, and how MCP can be more efficient with just code.

Phil Nash
Developer relations engineer for Langflow

🛠️ Building with AI, Agents & MCP

Agent security

Meta released this article on the Agents Rule of Two. By only allowing agents unsupervised use of tools from two out of the three categories of the lethal trifecta (access to private data, exposure to untrusted content, and a method of external communication), you can avoid this category of problems. This article on assigning colors to tools to help understand the risks is a good follow-up with some actionable takeaways.

Much more in-depth, but with fewer guarantees, was Perplexity's article on mitigating prompt injection in their agentic browser Comet. An AI browser almost immediately fulfills the lethal trifecta, so there is a lot more work to do to ensure the browser can deliver a great AI experience for users without causing security concerns. This field of agent security is really just getting going.

Open-source safeguards

OpenAI released gpt-oss-safeguard, two models fine-tuned from the original gpt-oss models for interpreting safety policies and using them to classify content. The difference here is that you can provide your policies at inference time rather than at training time, so you can be flexible and safe.

MCP registries

While the official MCP registry is working its way towards general availability as part of the November 25th spec release, GitHub's MCP registry is live with 44 servers. And you can use the GitHub registry to find, install, and publish your own MCP servers.

Making MCP more efficient

Also in MCP news, Anthropic released an article on how to perform code execution over MCP as a way to reduce the overhead of MCP servers, like Cloudflare's Code Mode.

What can you do with coding agents?

There are a lot of people out there trying to build the best coding agents, and I like to understand what they can do and whether you can generalize that to other agents. These articles on understanding all the features of Amp and using every Claude Code feature show some of those lesser-known features.

🗞️ Other news

Can AI models introspect on their own thoughts? Anthropic found that mostly they can't, but sometimes they sort of do.
Laurie Voss of Arize suggests that 2026 will be the year of fine-tuned small models.
The Cline team found there was some variance in the quality of providers of inference for open-source models. This seems like OpenAI's discovery that not all providers were running gpt-oss models correctly. Check your inference providers!
In lighter news, researchers found that continual pre-training of LLMs on junk content from X caused the models to degrade. Even for models, doom scrolling on X causes brain rot.
Meanwhile, Apple's Foundation model was spotted refusing to generate a random number, just in case.

🧑‍💻 Code & Libraries

LightMem is an open-source, lightweight memory management framework
This repo takes you through building an agent from scratch
tmcp is an alternative TypeScript implementation of MCP with which you can build your own MCP servers. If you want a drag-and-drop way to build MCP servers, that's something Langflow can help you out with
mcp2py lets you use any MCP server in your Python app, no agents required
mcp_agent_mail gives your agents mail accounts to allow them to interact with one another. Just watch out in case their messages start getting passive aggressive, "As per my last email..."
If you want to make a website's llms.txt into an MCP server, then LLMText is the tool for you.

🔦 Langflow Spotlight

Today in the spotlight I want to talk about inputs. The Chat Input component is ubiquitous, often the entrance to any flow you want to interact with. It gets input text from the user, but you can also: choose whether to store those messages in memory, change the sender ID and name for multiparty conversations, and upload image files that you can use in the rest of your flow.

If you want an example of using these extra fields, check out how I used files in the chat input to build an AI alt text generator with Langflow.

The chat input is for more than just idle chatter.

🗓️ Events

If you're in Portland or NYC, head along to the upcoming Hacking Agents meetups, and if you're anywhere else, make sure you're tuning into the OpenRAG summit online. Details for all the events are below:

November 6th, Portland, Oregon - at the Hacking Agents PDX meetup there will be talks on building agents, making agents enterprise-ready, and a real-world industry case study of agents in action.

November 10th, NYC, New York - meanwhile, at Hacking Agents NYC the talks will cover Langflow, Docling, CUGA, and much more.

November 13th, online - The OpenRAG Summit will dig into how to build the next generation of RAG applications with open technologies.