News linked to both this project and an event.
PrimePiper has launched an enterprise-grade prime broker platform for AI agents, designed to address challenges including fragmented account management, inadequate risk control, inability to reconcile across venues, and insufficient compliance auditing in AI-driven automated trading. According to the company, its infrastructure supports unified connectivity to multiple trading venues—including Hyperliquid, OKX, Tiger Brokers, and Interactive Brokers (IBKR). For risk control, PrimePiper offers enterprise-grade API key management, spending limits, and circuit-breaker mechanisms to constrain AI agent trading behavior. At the execution layer, it enables automated strategy execution via SDK or the Model Context Protocol (MCP). For compliance and auditing, it provides audit-grade reporting capabilities tailored for funds and traders. PrimePiper has been selected for the latest cohort of Founders Inc’s accelerator program; its product is currently in the Alpha stage. Team members hail from Galois Capital, Kraken, DRW, and AWS.
SlowMist TI Alert reports that MistEye has received threat intelligence from the community regarding an active macOS information-stealing malware dubbed “MacSync Stealer” (v1.1.2). This malware targets macOS users and is capable of stealing cryptocurrency wallets, browser credentials, system keychains, and infrastructure keys (SSH / AWS / K8s). It employs a spoofed AppleScript system dialog to trick users into entering their login password. After data exfiltration, it displays a fake “Not Supported” error message. SlowMist states it has shared relevant IOCs with its customers and urges users not to execute unverified macOS scripts and to remain vigilant against unusual system password prompts.
According to Nikkei Asia, Amazon announced it will invest up to $25 billion more in Anthropic, the parent company of Claude, with $5 billion available immediately and the remaining $20 billion disbursed in tranches contingent upon achieving commercial milestones. Amazon has previously invested a total of $8 billion in Anthropic; following this round, its total investment will reach $33 billion. In exchange, Anthropic has committed to spending over $10 billion on Amazon Web Services (AWS) over the next decade and plans to deploy approximately 1 gigawatt of computing capacity by year-end using Trainium2 and Trainium3 chips; its long-term goal is 5 gigawatts. Following the announcement, Amazon’s after-hours stock price rose approximately 2.7%. Notably, earlier this year Amazon announced it would invest up to $50 billion in OpenAI, underscoring its strategy of simultaneously backing multiple leading AI companies to reinforce its leadership position in cloud infrastructure.
Odaily News The x402 protocol, incubated by Coinbase, has announced the launch of a unified platform called Agent.market, positioned as an "AI Agent App Store" for centrally showcasing and integrating various tools and services built on the protocol. According to the introduction, Agent.market already covers seven major categories at launch: inference, data, media, search, social, infrastructure, and trading. It integrates service providers including OpenAI, Bloomberg, CoinGecko, LinkedIn, X, and AWS Lambda, and supports permissionless integration.Erik Reppel, Engineering Lead at Coinbase Developer Platform, stated that the platform is essentially "an app store for agents." Currently, there are approximately 69,000 active agents on the x402 network, which have cumulatively completed over 165 million transactions, with a transaction volume reaching $50 million. Most services on Agent.market adopt a pay-per-use model, with some charging an "agentic premium" for AI agents. However, costs can be reduced through subscriptions in high-frequency usage scenarios. Meanwhile, the "agent economy" based on x402 is lowering customer acquisition and integration costs for businesses, unlocking previously constrained demand due to API keys, subscriptions, and micro-payment mechanisms.The x402 protocol is named after the HTTP 402 "Payment Required" status code, enabling websites, APIs, and AI agents to conduct instant micropayments via blockchain and traditional payment channels. The protocol is governed as an open standard by the x402 Foundation under the Linux Foundation and has received support from over 20 technology and crypto institutions including Cloudflare, Stripe, Amazon Web Services, Google, and Visa. (The Block)
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
According to Cointelegraph, researchers from the University of California recently revealed security risks in certain third-party AI large language model (LLM) routers that could lead to the theft of cryptocurrency assets. The study found that LLM routers—acting as API intermediaries—can read plaintext information; some routers were discovered injecting malicious code and stealing credentials. The research team tested 28 paid and 400 free routers, identifying nine routers that actively injected malicious code, two that deployed trigger-avoidance mechanisms, and 17 that accessed Amazon Web Services (AWS) credentials. One router even transferred ETH using the researchers’ Ethereum private key. The study notes that malicious behavior by routers is difficult to detect, and the “YOLO mode” present in some AI agent frameworks—which automatically executes commands—further increases security risks. Researchers recommend that developers avoid transmitting private keys or mnemonic phrases through AI agents and urge AI companies to implement cryptographic signing of responses to enhance security.