Chrome warns WebMCP can hijack AI agents; SPUR content telemetry
WebMCP lets sites expose tools that AI agents can call, but Chrome’s security guide shows malicious tool manifests or contaminated outputs can hijack those agents and steal user data. The doc recommends deterministic guardrails, untrustedContentHint, token limits, origin restrictions, and user confirmations, to stop prompt‑injection attacks.
Twitch‑enabled creator streams at the 2026 World Cup created a parallel broadcast layer that pulled younger, global fans away from traditional TV. The model gave FIFA fresh ad inventory and a repeatable playbook for leagues to reach audiences through community‑driven watch‑alongs, not just one‑way feeds.
The SPUR Coalition released a draft Content Telemetry Standard that defines five event types, retrieval, grounding, citation, display, and engagement, to let publishers monitor AI consumption of their work in real time. By creating a common, usage‑based reporting language, the framework aims to enable transparent licensing and fair compensation for news organizations.
Subscribe free