radar-trends-to-watch:-october-2025

Radar Trends to Watch: October 2025

Reading Time: 7 minutes

This month we have two more protocols to learn. Google has announced the Agent Payments Protocol (AP2), which is intended to help agents to engage in ecommerce—it’s largely concerned with authenticating and authorizing parties making a transaction. And the Agent Client Protocol (ACP) is concerned with communications between code editors and coding agents. When implemented, it would allow any code editor to plug in any compliant agent.

All hasn’t been quiet on the virtual reality front. Meta has announced its new VR/AR glasses, with the ability to display images on the lenses along with capabilities like live captioning for conversations. They’re much less obtrusive than the previous generation of VR goggles.

AI

  • Suno has announced an AI-driven digital audio workstation (DAW), a tool for enabling people to be creative with AI-generated music.
  • Ollama has added its own web search API. Ollama’s search API can be used to augment the information available to models. 
  • GitHub Copilot now offers a command-line tool, GitHub CLI. It can use either Claude Sonnet 4 or GPT-5 as the backing model, though other models should be available soon. Claude 4 is the default.
  • Alibaba has released Qwen3-Max, a trillion-plus parameter model. There are reasoning and nonreasoning variants, though the reasoning variant hasn’t yet been released. Alibaba also released models for speech-to-text, vision-language, live translation, and more. They’ve been busy. 
  • GitHub has launched its MCP Registry to make it easier to discover MCP servers archived on GitHub. It’s also working with Anthropic and others to build an open source MCP registry, which lists servers regardless of their origin and integrates with GitHub’s registry. 
  • DeepMind has published version 3.0 of its Frontier Safety Framework, a framework for experimenting with AI-human alignment. They’re particularly interested in scenarios where the AI doesn’t follow a user’s directives, and in behaviors that can’t be traced to a specific reasoning chain.
  • Alibaba has released the Tongyi DeepResearch reasoning model. Tongyi is a 30.5B parameter mixture-of-experts model, with 3.3B parameters active. More importantly, it’s fully open source, with no restrictions on how it can be used. 
  • Locally AI is an iOS app that lets you run large language models on your iPhone or iPad. It works offline; there’s no need for a network connection. 
  • OpenAI has added control over the “reasoning” process to its GPT-5 models. Users can choose between four levels: Light (Pro users only), Standard, Extended, and Heavy (Pro only). 
  • Google has announced the Agent Payments Protocol (AP2), which facilitates purchases. It focuses on authorization (proving that it has the authority to make a purchase), authentication (proving that the merchant is legitimate), and accountability (in case of a fraudulent transaction).
  • Bring Your Own AI: Employee adoption of AI greatly exceeds official IT adoption. We’ve seen this before, on technologies as different as the iPhone and open source.
  • Alibaba has released the ponderously named Qwen3-Next-80B-A3B-Base. It’s a mixture-of-experts model with a high ratio of active parameters to total parameters (3.75%). Alibaba claims that the model cost 1/10 as much to train and is 10 times faster than its previous models. If this holds up, Alibaba is winning on performance where it counts.
  • Anthropic has announced a major upgrade to Claude’s capabilities. It can now execute Python scripts in a sandbox and can create Excel spreadsheets, PowerPoint presentations, PNG files, and other documents. You can upload files for it to analyze. And of course this comes with security risks.
  • The SIFT method—stop, investigate the source, find better sources, and trace quotes to their original context—is a way of structuring your use of AI output that will make you less vulnerable to misinformation. Hint: it’s not just for AI.
  • OpenAI’s Projects feature is now available to free accounts. Projects is a set of tools for organizing conversations with the LLM. Projects are separate workspaces with their own custom instructions, independent memory, and context. They can be forked. Projects sounds something like Git for LLMs—a set of features that’s badly needed.
  • EmbeddingGemma is a new open weights embedding model (308M parameters) that’s designed to run on devices, requiring as little as 200 MB of memory.
  • An experiment with GPT-4o-mini shows that language models can fall to psychological manipulation. Is this surprising? After all, they are trained on human output.
  • Platform Shifts Redefine Apps”: AI is a new kind of platform and demands rethinking what applications mean and how they should work. Failure to do this rethinking may be why so many AI efforts fail.
  • MCP-UI is a protocol that allows MCP servers to send React components or Web Components to agents, allowing the agent to build an appropriate browser-based interface on the fly.
  • The Agent Client Protocol (ACP) is a new protocol that standardizes communications between code editors and coding agents. It’s currently supported by the Zed and Neovim editors, and by the Gemini CLI coding agent.
  • Gemini 2.5 Flash is now using a new image generation model that was internally known as “nano banana.” This new model can edit uploaded images, merge images, and maintain visual consistency across a series of images.

Programming

  • Anthropic released Claude Code 2.0. New features include the ability to checkpoint your work, so that if a coding agent wanders off-course, you can return to a previous state. They have also added the ability to run tasks in the background, call hooks, and use subagents.
  • Suno has announced an AI-driven digital audio workstation (DAW), a tool for enabling people to be creative with AI-generated music.
  • The Wasmer project has announced that it now has full Python support in the beta version of Wasmer Edge, its WebAssembly runtime for serverless edge deployment.
  • Mitchell Hashimoto, founder of Hashicorp, has promised that a library for Ghostty (libghostty) is coming! This library will make it easy to embed a terminal emulator into an application. Perhaps more important, libghostty might standardize the code for terminal output across applications. 
  • There’s a new benchmark for agentic coding: CompileBench. CompileBench tests the ability of models to solve complex problems in figuring out how to build code
  • Apple is reportedly rewriting iOS in a new programming language. Rust would be the obvious choice, but rumors are that it’s something of their own creation. Apple likes languages it can control. 
  • Java 25, the latest long-term support release, has a number of new features that reduce the boilerplate that makes Java difficult to learn. 
  • Luau is a new scripting language derived from Lua. It claims to be fast, small, and safe. It’s backward compatible with Version 5.1 of Lua.
  • OpenAI has launched GPT-5 Codex, its generation model trained specifically for software engineering. Codex is now available both in the CLI tool and through the API. It’s clearly intended to challenge Anthropic’s dominant coding tool, Claude Code.
  • Do prompts belong in code repositories? We’ve argued that prompts should be archived. But they don’t belong in a source code repo like Git. There are better tools available.
  • This is cool and different. A developer has hacked the 2001 game Animal Crossing so that the dialog is generated by LLM rather than coming from the game’s memory.
  • There’s a new programming language, vibe-coded in its entirety with Claude. Cursed is similar to Claude, but all the keywords are Gen Z slang. It’s not yet on the list, but it’s a worthy addition to Esolang
  • Claude Code is now integrated into the Zed editor (beta), using the Agent Client Protocol (ACP)
  • Ida Bechtle’s documentary on the history of Python, complete with many interviews with Guido van Rossum, is a must-watch.

Security

  • The first malicious MCP server has been found in the wild. Postmark-MCP, an MCP server for interacting with the Postmark application, suddenly (version 1.0.16) started sending copies of all the email it handles to its developer.
  • I doubt this is the first time, but supply chain security vulnerabilities have now hit Rust’s package management system, Crates.io. Two packages that steal keys for cryptocurrency wallets have been found. It’s time to be careful about what you download.
  • Cross-agent privilege escalation is a new kind of vulnerability in which a compromised intelligent agent uses indirect prompt injection to cause a victim agent to overwrite its configuration, granting it additional privileges. 
  • GitHub is taking a number of measures to improve software supply chain security, including requiring two-factor authentication (2FA), expanding trusted publishing, and more.
  • A compromised npm package uses a QR code to encode malware. The malware is apparently downloaded in the QR code (which is valid, but too dense to be read by a normal camera), unpacked by the software, and used to steal cookies from the victim’s browser. 
  • Node.js and its package manager npm have been in the news because of an ongoing series of supply chain attacks. Here’s the latest report.
  • A study by Cisco has discovered over a thousand unsecured LLM servers running on Ollama. Roughly 20% were actively serving requests. The rest may have been idle Ollama instances, waiting to be exploited. 
  • Anthropic has announced that Claude will train on data from personal accounts, effective September 28. This includes Free, Pro, and Max plans. Work plans are exempted. While the company says that training on personal data is opt-in, it’s (currently) enabled by default, so it’s opt-out.
  • We now have “vibe hacking,” the use of AI to develop malware. Anthropic has reported several instances in which Claude was used to create malware that the authors could not have created themselves. Anthropic is banning threat actors and implementing classifiers to detect illegal use.
  • Zero trust is basic to modern security. But groups implementing zero trust have to realize that it’s a project that’s never finished. Threats change, people change, systems change.
  • There’s a new technique for jailbreaking LLMs: write prompts with bad grammar and run-on sentences. These seem to prevent guardrails from taking effect. 
  • In an attempt to minimize the propagation of malware on the Android platform, Google plans to block “sideloading” apps for Android devices and require developer ID verification for apps installed through Google Play.
  • A new phishing attack called ZipLine targets companies using their own “contact us” pages. The attacker then engages in an extended dialog with the company, often posing as a potential business partner, before eventually delivering a malware payload.

Operations

  • The 2025 DORA report is out! DORA may be the most detailed summary of the state of the IT industry. DORA’s authors note that AI is everywhere and that the use of AI now improves end-to-end productivity, something that was ambiguous in last year’s report.
  • Microsoft has announced that Word will save files to the cloud (OneDrive) by default. This (so far) appears to apply only when using Windows. The feature is currently in beta.

Web

Virtual and Augmented Reality

  • Meta has announced a pair of augmented reality glasses with a small display on one of the lenses, bringing it to the edge of AR. In addition to displaying apps from your phone, the glasses can do “live captioning” for conversations. The display is controlled by a wristband.